Policy Analyst

Description

The Policy Analyst advises, assists, leads, manages, and works all policy development, review, coordination, adjudication, promulgation, communication, and compliance in accordance with NGA’s Policy Life Cycle Management (PLCM) process. This role supports Subject Matter Expert (SME) development, coordination, and maintenance of all assigned policies, self-inspection checklists, and gap analyses.

Work will be performed at the customer site in St. Louis, MO.

The hiring of this position is contingent upon contract award. Anticipated award is fall of 2026.

Duties May Include:

• Lead, manage, and/or support policy development, review, coordination, and compliance for corporate policies, IT services policies, and cybersecurity/information assurance policies.
• Lead and support the development of SME self-inspection compliance checklists to ensure policy implementation, monitoring, and tracking.
• Lead and support SME analysis for gap analysis and policy revisions.
• Conduct independent verification and validation to ensure policies are clear, fact-based, accurate, and consistent with external guidance and strategic planning.
• Identify policy gaps and propose appropriate solutions and resolutions to the policy lead.
• Support the implementation of policy business process improvements.
• Support the tracking and reporting of policy business analytics, metrics, and performance measures.
• Support the organization’s Cybersecurity Strategy.
• Analyze internal documents and external issuances (e.g., IC/DoW policy, Executive Orders) to identify policy impacts, conflicts, or gaps.

Qualifications

Required Skills:

• Active TS/SCI is required.
• Willing and able to obtain a Polygraph.
• Education: A minimum of a Bachelor’s Degree in Computer Science, Systems Engineering, Cybersecurity, International Affairs, Policy, or a related field.
• Experience: A minimum of 7+ years of demonstrated experience leading, managing, and working policies in accordance with a Policy Life Cycle Management (PLCM) process. 10+ years of experience in lieu of a degree.
• Demonstrated understanding of NIST 800-53 controls, cybersecurity frameworks, and high-level cybersecurity policy.
• At least 24 months of demonstrated experience reviewing and analyzing high-level governance documents (e.g., agency directives, statutes, Executive Orders).
• Demonstrated experience with extensive knowledge of, and in-depth experience, skill, and expertise in leading, managing, and working policy compendiums, frameworks, strategic planning agendas, rescissions, and gaps.
• At least 24 months of demonstrated experience tracking and managing formal taskers.
• At least 24 months of demonstrated experience in coordinating and collaborating on agency-level support agreements.