✦ Luna Orbit — Cybersecurity

Senior Information Security Policy Analyst

at TISTA Science and Technology Corporation

📍 Remote, US Remote 💰 $85K – $95K USD / year Posted April 14, 2026
Apply Now → ← Browse All Jobs

Position Details

Salary $85K – $95K USD / year
Type Full-Time
Experience senior
Exp. Years 5-7 years
Education Not specified
Category Cybersecurity

About this role

Senior Information Security Policy Analyst role focused on developing, updating, and implementing security policies and directives to support Authority to Operate (ATO) and cloud-related security requirements. You will perform gap analysis, support BIAs and DR/BC/COOP documentation, and apply NIST RMF guidance to mitigate risks.

Key Responsibilities

  • Develop and implement DISC security directives, policies, procedures, and plans to support DISC Authority to Operate (ATO)
  • Perform gap analysis of existing policies and procedures
  • Support cloud migration and cloud working group security directives and procedures
  • Coordinate BIAs with system owners and assist with DR/BC/COOP documentation
  • Apply NIST RMF (including 800-53 rev. 4/rev. 5) and support A&A/ATO packages

Technical Overview

The work centers on cybersecurity policy and privacy compliance aligned to NIST Special Publications, including NIST 800-53 rev. 4/rev. 5 and the NIST Risk Management Framework. Responsibilities include supporting A&A/ATO packages, performing risk impact assessments, and ensuring secure cloud migration documentation and controls for High Value Assets (HVAs).

Ideal Candidate

The ideal candidate is a senior information security policy professional with 5+ years of experience in cybersecurity policy and privacy, including strong technical writing for security policies, directives, and procedures. They have hands-on experience supporting Authority to Operate (ATO) processes using NIST standards (including NIST 800-53 rev. 4/rev. 5) and are comfortable performing RMF-focused gap analysis, risk assessments, and cloud migration security support.

Must-Have Skills

technical writingDISC Authority to Operate (ATO)gap analysis of existing policies and proceduresAuthorization and Assessment (A&A) and Authority to Operate (ATO) packagesNIST Special PublicationsNIST 800-53 rev. 4NIST 800-53 rev. 5NIST Risk Management Frameworkrisk impact assessmentsrisk mitigation strategiesproject management (AgileScrum)

Nice-to-Have Skills

experience with Privacy related policy and compliance

Tools & Platforms

NIST Special PublicationsNIST 800-53NIST Risk Management FrameworkAgileScrumMicrosoft Office suite

Required Skills

technical writingsecurity-related documentspolicies and proceduresDISC security directivesAuthority to Operate (ATO)gap analysiscloud migrationsDepartmental RegulationsCPOCBusiness Impact Analysis (BIAs)Disaster Recovery (DR)Business Continuity (BC)Continuity of Operations (COOP)cloud securityHigh Value Assets (HVA)privacy policy and compliancerisk impact assessmentsrisk mitigation strategiesAgileScrumNIST Special Publications800-53 rev. 4800-53 rev. 5NIST Risk Management FrameworkAuthorization and Assessment (A&A)Risk Management Framework (RMF)

Hard Skills

technical writingsecurity-related documentspolicies and proceduresDISC security directivesDISC Authority to Operate (ATO)gap analysis of existing policies and procedurescloud working groupcloud migrationsDepartmental RegulationsCPOCBusiness Impact Analysis (BIAs)Disaster Recovery (DR) documentationBusiness Continuity (BC) documentationContinuity of Operations (COOP) documentationmigrating and securing IT systems in the cloudHigh Value Assets (HVA) systemssecurity controls for High Value Assets (HVA)privacy related policy and compliancerisk impact assessmentsrisk mitigation strategiesproject managementAgileScrumNIST Special PublicationsNIST 800-53 rev. 4NIST 800-53 rev. 5NIST Risk Management FrameworkAuthorization and Assessment (A&A) packagesAuthority to Operate (ATO) packagesrisk management framework (RMF)cloud security concepts

Soft Skills

strong problem solving and analysis skillsself-motivatedleaderwork and communicate in a team environmentcomfortable leading meetingsstrong project management skillsstrong communication

Industry & Role

Industry Government/Public Sector
Job Function Develop and maintain information security policy and documentation aligned to NIST RMF to support ATO and secure cloud migrations.
Role Subtype GRC Analyst
Tech Domains Cybersecurity

Keywords for Your Resume

Senior Information Security Policy AnalystInformation Security Policy AnalystInformation AssuranceCybersecuritytechnical writingsecurity-related documentsDISC security directivesDISC Authority to Operate (ATO)gap analysiscloud migrationsBusiness Impact Analysis (BIAs)Disaster Recovery (DR)Business Continuity (BC)Continuity of Operations (COOP)High Value Assets (HVA)privacy related policy and compliancerisk impact assessmentsrisk mitigation strategiesAgileScrumNIST Special Publications800-53 rev. 4800-53 rev. 5NIST Risk Management FrameworkAuthorization and Assessment (A&A)Authority to Operate (ATO)Risk Management Framework (RMF)NIST 800-53 rev. 4NIST 800-53 rev. 5

Deal Breakers

Minimum of 5-7 years of experience in the Information Security (Cybersecurity or Information Assurance) field, Demonstrated proficiency with developing, maintaining and managing Authorizations and Assessments (A&A) and Authority to Operate (ATO) packages, Strong familiarity with NIST Special Publications, specifically 800-53 rev. 4/rev. 5 and the NIST Risk Management Framework

Apply for this Position →

Get matched to jobs like this

Luna finds roles that fit your skills and career goals — no endless scrolling required.

Create a Free Profile