ZipRecruiter

Log In

1

Cybersecurity Policy Analyst Jobs (NOW HIRING)

Tulk LLC

Policy Analyst Mid

Fort Belvoir, VA · On-site

$124K - $148K/yr

Support the organization's Cybersecurity Strategy. * Analyze internal documents and external issuances (e.g., IC/DoW policy, Executive Orders) to identify policy impacts, conflicts, or gaps. Required ...

Tulk LLC

Policy Analyst Mid

Saint Louis, MO · On-site

$124K - $148K/yr

Support the organization's Cybersecurity Strategy. * Analyze internal documents and external issuances (e.g., IC/DoW policy, Executive Orders) to identify policy impacts, conflicts, or gaps. Required ...

Everwatch

Policy Analyst, Mid

Springfield, VA · On-site

$62.50 - $72.12/hr

Support the organization's Cybersecurity Strategy. * Analyze internal documents and external issuances, such as IC and DoW policy and Executive Orders, to identify policy impacts, conflicts, or gaps.

SAIC

Policy Analyst

Saint Louis, MO · On-site

Support the organization's Cybersecurity Strategy. * Analyze internal documents and external issuances (e.g., IC/DoW policy, Executive Orders) to identify policy impacts, conflicts, or gaps.

Concept Plus

Cybersecurity Policy & RMF Analyst

About the role Concept Plus is seeking a Cybersecurity Policy and RMF Analyst to provide Risk Management Support to identify shortfalls in the assessment and authorization process, track and manage ...

next page

Showing results 1-20

All JobsCybersecurity Policy Analyst Jobs

Cybersecurity Policy Analyst information

See salary details

$43K

$99.4K

$150K

How much do cybersecurity policy analyst jobs pay per year?

As of Jun 10, 2026, the average yearly pay for cybersecurity policy analyst in the United States is $99,400.00, according to ZipRecruiter salary data. Most workers in this role earn between $79,500.00 and $115,500.00 per year, depending on experience, location, and employer.

What are Cybersecurity Policy Analysts?

Cybersecurity Policy Analysts are professionals who develop, implement, and evaluate policies and regulations to protect an organization’s digital assets and information systems. They analyze current security measures, assess risks, and ensure compliance with laws and industry standards. Their work helps organizations respond to evolving cyber threats and maintain robust security protocols. Cybersecurity Policy Analysts often collaborate with IT teams, legal advisors, and management to create effective security policies and incident response plans.

What is the difference between Cybersecurity Policy Analyst vs Cybersecurity Analyst?

AspectCybersecurity Policy AnalystCybersecurity Analyst
Required CredentialsBachelor's in cybersecurity, IT, or related field; certifications like CISSP, CISABachelor's in cybersecurity, IT, or related field; certifications like CompTIA Security+ or CISSP
Work EnvironmentPolicy development, compliance, and strategic planning in office settingsTechnical security monitoring, incident response, and system analysis
Employer & Industry UsageGovernment agencies, corporations, consulting firms focusing on security policiesIT departments, security firms, and organizations managing technical security

The main difference is that a Cybersecurity Policy Analyst focuses on creating and managing security policies and ensuring compliance, while a Cybersecurity Analyst handles technical security measures and threat mitigation. Both roles require similar credentials but serve different functions within cybersecurity teams.

How does a Cybersecurity Policy Analyst typically collaborate with technical and non-technical teams within an organization?

A Cybersecurity Policy Analyst often acts as a bridge between technical security teams and non-technical stakeholders such as legal, compliance, and executive leadership. They interpret complex cybersecurity regulations and translate them into actionable policies that align with organizational goals. Regular collaboration involves attending cross-functional meetings, providing policy guidance during security incidents, and ensuring everyone understands their roles in maintaining compliance. This collaborative environment helps ensure that security policies are both technically sound and practically applicable across the organization.

What are the key skills and qualifications needed to thrive as a Cybersecurity Policy Analyst, and why are they important?

To thrive as a Cybersecurity Policy Analyst, you need a strong understanding of cybersecurity principles, risk management, regulatory frameworks, and typically a degree in cybersecurity, information technology, or a related field. Familiarity with policy development tools, compliance management systems, and certifications like CISSP or CISM are often required. Excellent analytical thinking, communication, and stakeholder engagement skills will help you translate technical risks into actionable policy recommendations. These skills ensure organizations develop effective security policies that comply with regulations and mitigate cyber threats.
More about Cybersecurity Policy Analyst jobs
What cities are hiring for Cybersecurity Policy Analyst jobs? Cities with the most Cybersecurity Policy Analyst job openings:
What are the most commonly searched types of Cybersecurity Policy Analyst jobs? The most popular types of Cybersecurity Policy Analyst jobs are:
What states have the most Cybersecurity Policy Analyst jobs? States with the most job openings for Cybersecurity Policy Analyst jobs include:
What job categories do people searching Cybersecurity Policy Analyst jobs look for? The top searched job categories for Cybersecurity Policy Analyst jobs are:
Cybersecurity Policy Analyst jobs near you

Policy Analyst Mid

Tulk LLC

Fort Belvoir, VA • On-site

$124K - $148K/yr

Full-time

Medical, Dental, Vision, Retirement

Posted 22 days ago

Job description

Policy Analyst Mid

TULK is a boutique strategic technology and management consulting firm supporting U.S. Federal Government, Defense, Intelligence Community, and National Security customers. Our cleared teams help mission organizations operate, communicate, analyze, plan, and execute in dynamic environments.

TULK offers a tailored benefits package that may include medical, dental, and vision insurance, short- and long-term disability, flexible work schedules where permitted by the customer, performance and referral bonuses, technology support, tuition reimbursement, 401(k), and professional development support.

About the Work

The Policy Analyst - Mid, advises, assists, leads, manages, and works all policy development, review, coordination, adjudication, promulgation, communication, and compliance in accordance with NGAĂ•s Policy Life Cycle Management (PLCM) process. This role supports Subject Matter Expert (SME) development, coordination, and maintenance of all assigned policies, self-inspection checklists, and gap analyses.

Your Duties

  • Lead, manage, and/or support policy development, review, coordination, and compliance for corporate policies, IT services policies, and cybersecurity/information assurance policies.
  • Lead and support the development of SME self-inspection compliance checklists to ensure policy implementation, monitoring, and tracking.
  • Lead and support SME analysis for gap analysis and policy revisions.
  • Conduct independent verification and validation to ensure policies are clear, fact-based, accurate, and consistent with external guidance and strategic planning.
  • Identify policy gaps and propose appropriate solutions and resolutions to the policy lead.
  • Support the implementation of policy business process improvements.
  • Support the tracking and reporting of policy business analytics, metrics, and performance measures.
  • Support the organization's Cybersecurity Strategy.
  • Analyze internal documents and external issuances (e.g., IC/DoW policy, Executive Orders) to identify policy impacts, conflicts, or gaps.

Required Skills and Experience

  • U.S. citizenship is required.
  • An active TS/SCI security clearance is required. Some positions may require additional accesses, SCI eligibility, or successful completion of a Counterintelligence-scope polygraph process as directed by the customer.
  • Education: A minimum of a Bachelor's Degree in Computer Science, Systems Engineering, Cybersecurity, International Affairs, Policy, or a related field.
  • Experience: A minimum of 7+ years of demonstrated experience leading, managing, and working policies in accordance with a Policy Life Cycle Management (PLCM) process. In lieu of a degree, 10+ years.
  • Demonstrated understanding of NIST 800-53 controls, cybersecurity frameworks, and high-level cybersecurity policy.
  • At least 24 months of demonstrated experience reviewing and analyzing high-level governance documents (e.g., agency directives, statutes, Executive Orders).
  • Demonstrated experience with extensive knowledge of, and in-depth experience, skill, and expertise in leading, managing, and working policy compendiums, frameworks, strategic planning agendas, rescissions, and gaps.
  • At least 24 months of demonstrated experience tracking and managing formal taskers.
  • At least 24 months of demonstrated experience in coordinating and collaborating on agency-level support agreements.

What We Value

  • Sound judgment, professionalism, and discretion in support of national security missions.
  • Strong communication, organization, and follow-through.
  • Ability to work independently and collaboratively with government, contractor, and mission partners.
  • A practical, mission-focused approach to solving problems and improving outcomes.