GPS - Cyber Security Policy Analyst - Supervising Associate

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help build a better working world. The opportunity The Cyber Security Policy Analyst is a core member of the EY Government and Public Sector (GPS) Information Security Team, contributing to the strategic direction and execution of the GPS information security program. The role focuses on strengthening the overall security posture of GPS by helping to protect organizational data, systems, and operations while supporting mission and business objectives in a highly regulated environment. The role supports enterprise risk management and compliance by aligning GPS information security practices with EY internal standards and frameworks, and by applying the NIST Risk Management Framework (SP 800‑37) along with security controls and maturity models from NIST SP 800‑53, NIST SP 800‑171, and the Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC). Responsibilities include security governance activities such as policy and standards documentation, compliance oversight, and security awareness across GPS personnel, systems, and programs. Your Key Responsibilities Work with executive leadership to develop, maintain, and govern information security PSGs supporting the GPS Information Security Program Translate recommendations from domain professionals, vendor and industry standards, guidelines and leading practices into high-quality, coherent information security PSGs Harmonize GPS information security documentation with EY enterprise policies and standards, NIST security requirements, the DoD Cloud Computing Security Requirements Guide, and applicable regulatory obligations Collaborate with Information Security, Information Technology, Data Protection, Legal, and other internal stakeholders to support consistent implementation of information security requirements. Identify and monitor appropriate information security training for all GPS personnel. While some training may be obtained, custom training will need to be developed. Stay up to date with the latest best practices, industry trends, and government security regulations to proactively maintain compliance Collaborate with external assessors and auditors and government officials during security audits and assessments Analytical And Decision-making Responsibilities Organize, structure, and prioritize information from multiple technical, regulatory, and business sources Balance information security requirements with business objectives, technical risk, and operational impact Apply sound judgment and creative thinking while considering multiple perspectives and constraints Adapt to shifting priorities, ambiguity, and evolving regulatory or security requirements Work independently with minimal direct supervision while maintaining accountability for outcomes Focus on conveying complex information clearly, concisely, and effectively Skills And Attributes For Success Experience working in information security and understanding of information security concepts Knowledge of information security policies/principles of handling and protecting information In-depth understanding of NIST security documentation and CMMC framework such as FIPS and NIST-171 and 800 Series publications and their application. In-depth understanding of DFARS related security requirements and their application. General technical knowledge of operating systems, databases, networks, mobile technologies and cloud services Strong English language skills are required – written and verbal Good writing, presentation, interpersonal, and collaborative skills Ability to collaborate with others to facilitate and enhance compliance with policies Maintain awareness of the current security threat landscape Experience with coordinating tasks, allocating resources, and following tasks and projects through completion Experience with Microsoft Office (Word, Excel, PowerPoint, Visio, and Copilot) To qualify for the role, you must have Bachelor’s degree in information security/assurance, computer science, or a similar technical field. A minimum of 3+ years of experience in information security, with a preferred focus on US government security requirements and compliance Experience developing and implementing security policies, standards, and procedures in alignment with government security requirements Excellent communication skills, with the ability to effectively articulate complex security concepts to both technical and non-technical stakeholders Ideally, you will also have Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or Certified CMMC Assessor (CCA) are highly desirable Ability to obtain and maintain a Top-Secret Security Clearance What We Offer You We offer a comprehensive compensation and benefits package where you’ll be rewarded based on your performance and recognized for the value you bring to the business. The base salary range for this job in all geographic locations in the US is $91,100 to $170,400. The base salary range for New York City Metro Area, Washington State and California (excluding Sacramento) is $109,300 to $193,600. Individual salaries within those ranges are determined through a wide variety of factors including but not limited to education, experience, knowledge, skills and geography. In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options. Join us in our team-led and leader-enabled hybrid model. Our expectation is for most people in external, client serving roles to work together in person 40-60% of the time over the course of an engagement, project or year. Under our flexible vacation policy, you’ll decide how much vacation time you need based on your own personal circumstances. You’ll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being. EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status, or any other legally protected basis, including arrest and conviction records, in accordance with applicable law. EY is committed to providing reasonable accommodation to qualified individuals with disabilities, including veterans with disabilities. If you have a disability and either need assistance applying online or need to request an accommodation during any part of the application process, please call 1-800-EY-HELP3, select Option 2 for candidate related inquiries, then select Option 1 for candidate queries and finally select Option 2 for candidates with an inquiry which will route you to EY’s Talent Shared Services Team (TSS) or email the TSS at View email address on click.appcast.io. #J-18808-Ljbffr EY