1

Cyber Security Policy Analyst Jobs (NOW HIRING)

Policy Analyst Mid

Saint Louis, MO · On-site

$124K - $148K/yr

Support the organization's Cybersecurity Strategy. * Analyze internal documents and external issuances (e.g., IC/DoW policy, Executive Orders) to identify policy impacts, conflicts, or gaps. Required ...

Apply Early

The Policy Analyst advises, assists, leads, manages, and works all policy development, review ... Lead the development, review, and coordination of corporate, IT service, and cybersecurity ...

Policy Analyst, Mid

Springfield, VA · On-site

$62.50 - $72.12/hr

Support the organization's Cybersecurity Strategy. * Analyze internal documents and external issuances, such as IC and DoW policy and Executive Orders, to identify policy impacts, conflicts, or gaps.

Support the organization's Cybersecurity Strategy. * Analyze internal documents and external issuances (e.g., IC/DoW policy, Executive Orders) to identify policy impacts, conflicts, or gaps.

The Policy Analyst advises, assists, leads, manages, and works all policy development, review ... Lead the development, review, and coordination of corporate, IT service, and cybersecurity ...

The Policy Analyst advises, assists, leads, manages, and works all policy development, review ... Lead the development, review, and coordination of corporate, IT service, and cybersecurity ...

Support the organization's Cybersecurity Strategy. * Analyze internal documents and external issuances, such as IC and DoW policy and Executive Orders, to identify policy impacts, conflicts, or gaps.

next page

Showing results 1-20

Cyber Security Policy Analyst information

See salary details

$43K

$99.4K

$150K

How much do cyber security policy analyst jobs pay per year?

As of Jul 5, 2026, the average yearly pay for cyber security policy analyst in the United States is $99,400.00, according to ZipRecruiter salary data. Most workers in this role earn between $79,500.00 and $115,500.00 per year, depending on experience, location, and employer.

What does a Cyber Security Policy Analyst do?

A Cyber Security Policy Analyst develops, implements, and reviews policies and procedures to protect an organization's information systems from cyber threats. They analyze current security measures, stay updated on regulations and emerging threats, and ensure that the organization’s security policies comply with legal and regulatory requirements. Additionally, they may provide recommendations for policy improvements, conduct risk assessments, and educate staff on security best practices.

What is the difference between Cyber Security Policy Analyst vs Cyber Security Analyst?

AspectCyber Security Policy AnalystCyber Security Analyst
CredentialsBachelor's degree in cybersecurity, IT, or related field; certifications like CISSP, CISABachelor's degree in cybersecurity, IT, or related field; certifications like CompTIA Security+, CEH
Work EnvironmentPolicy development, compliance, risk assessment, often in office settingsSecurity monitoring, incident response, vulnerability assessment, often in security operations centers
Employer & IndustryGovernment agencies, corporations, consulting firms focusing on policy and complianceIT departments, security firms, organizations with active cybersecurity operations

The main difference is that a Cyber Security Policy Analyst focuses on creating and managing security policies, ensuring compliance, and assessing risks, while a Cyber Security Analyst primarily monitors systems, responds to threats, and handles technical security issues. Both roles require cybersecurity knowledge but serve different functions within an organization.

What are some common challenges faced by Cyber Security Policy Analysts when translating technical risks into actionable policies?

Cyber Security Policy Analysts often face the challenge of bridging the gap between highly technical security risks and practical, understandable policies for non-technical stakeholders. They must ensure that policies are comprehensive yet accessible, balancing security needs with business operations. Additionally, keeping policies current with evolving threats and regulatory requirements can be demanding. Effective communication and collaboration with IT, legal, and executive teams are essential to address these challenges and ensure successful policy implementation.

What are the key skills and qualifications needed to thrive as a Cyber Security Policy Analyst, and why are they important?

To thrive as a Cyber Security Policy Analyst, you need a deep understanding of cyber security frameworks, risk assessment, and policy development, usually supported by a bachelor's degree in cyber security, information technology, or a related field. Familiarity with regulatory standards (such as NIST, ISO 27001), governance tools, and, sometimes, certifications like CISSP or CISM is important. Excellent analytical thinking, written communication, and stakeholder collaboration skills help you translate technical risks into effective policies. These skills ensure that organizations remain compliant, minimize cyber risks, and build resilient security postures.
More about Cyber Security Policy Analyst jobs
What cities are hiring for Cyber Security Policy Analyst jobs? Cities with the most Cyber Security Policy Analyst job openings:
What states have the most Cyber Security Policy Analyst jobs? States with the most job openings for Cyber Security Policy Analyst jobs include:
Infographic showing various Cyber Security Policy Analyst job openings in the United States as of June 2026, with employment types broken down into 100% Full Time. Highlights an 100% In-person job distribution, with an average salary of $99,400 per year, or $47.8 per hour.

Policy Analyst Mid

Tulk LLC

Saint Louis, MO • On-site

$124K - $148K/yr

Full-time

Medical, Dental, Vision, Retirement

Posted 17 days ago

Be an early applicant


Job description

Policy Analyst Mid

TULK is a boutique strategic technology and management consulting firm supporting U.S. Federal Government, Defense, Intelligence Community, and National Security customers. Our cleared teams help mission organizations operate, communicate, analyze, plan, and execute in dynamic environments.

TULK offers a tailored benefits package that may include medical, dental, and vision insurance, short- and long-term disability, flexible work schedules where permitted by the customer, performance and referral bonuses, technology support, tuition reimbursement, 401(k), and professional development support.

About the Work

The Policy Analyst - Mid, advises, assists, leads, manages, and works all policy development, review, coordination, adjudication, promulgation, communication, and compliance in accordance with NGAÕs Policy Life Cycle Management (PLCM) process. This role supports Subject Matter Expert (SME) development, coordination, and maintenance of all assigned policies, self-inspection checklists, and gap analyses.

Your Duties

  • Lead, manage, and/or support policy development, review, coordination, and compliance for corporate policies, IT services policies, and cybersecurity/information assurance policies.
  • Lead and support the development of SME self-inspection compliance checklists to ensure policy implementation, monitoring, and tracking.
  • Lead and support SME analysis for gap analysis and policy revisions.
  • Conduct independent verification and validation to ensure policies are clear, fact-based, accurate, and consistent with external guidance and strategic planning.
  • Identify policy gaps and propose appropriate solutions and resolutions to the policy lead.
  • Support the implementation of policy business process improvements.
  • Support the tracking and reporting of policy business analytics, metrics, and performance measures.
  • Support the organization's Cybersecurity Strategy.
  • Analyze internal documents and external issuances (e.g., IC/DoW policy, Executive Orders) to identify policy impacts, conflicts, or gaps.

Required Skills and Experience

  • U.S. citizenship is required.
  • An active TS/SCI security clearance is required. Some positions may require additional accesses, SCI eligibility, or successful completion of a Counterintelligence-scope polygraph process as directed by the customer.
  • Education: A minimum of a Bachelor's Degree in Computer Science, Systems Engineering, Cybersecurity, International Affairs, Policy, or a related field.
  • Experience: A minimum of 7+ years of demonstrated experience leading, managing, and working policies in accordance with a Policy Life Cycle Management (PLCM) process. In lieu of a degree, 10+ years.
  • Demonstrated understanding of NIST 800-53 controls, cybersecurity frameworks, and high-level cybersecurity policy.
  • At least 24 months of demonstrated experience reviewing and analyzing high-level governance documents (e.g., agency directives, statutes, Executive Orders).
  • Demonstrated experience with extensive knowledge of, and in-depth experience, skill, and expertise in leading, managing, and working policy compendiums, frameworks, strategic planning agendas, rescissions, and gaps.
  • At least 24 months of demonstrated experience tracking and managing formal taskers.
  • At least 24 months of demonstrated experience in coordinating and collaborating on agency-level support agreements.

What We Value

  • Sound judgment, professionalism, and discretion in support of national security missions.
  • Strong communication, organization, and follow-through.
  • Ability to work independently and collaboratively with government, contractor, and mission partners.
  • A practical, mission-focused approach to solving problems and improving outcomes.