Title: IT Cybersecurity Policy Manager
Location: Tallahassee Florida (Hybrid Role)
Duration: 12 Months Contract
Required Duties and Responsibilities of Consultant shall include but are not limited to:
- Conduct an assessment of the organization's current cybersecurity policies and procedures against the NIST CSF framework.
- Identify gaps and areas where policies and procedures need to be developed or revised to align with NIST CSF guidelines.
- Draft clear and concise policies addressing cybersecurity governance, risk management, asset management, access control, incident response, and other relevant areas.
- Ensure that developed policies and procedures align with each of the five core functions of the NIST CSF.
- Map organizational processes and controls to the appropriate categories within the framework.
- Develop detailed procedures that operationalize the cybersecurity policies based on the NIST CSF guidelines.
- Engage with key stakeholders, cybersecurity teams, IT personnel, and department heads to gather insights and information necessary for the development of policies, standards, procedures, work details or other relevant required documentation.
- Collaborate with these stakeholders to ensure that the policies and procedures are practical, feasible, and aligned with organizational goals.
- Maintain accurate documentation of developed policies and procedures.
- Implement a version control system to track changes, updates, and revisions made to the documents over time.
- Prepare reports and presentations detailing the status of cybersecurity compliance and the effectiveness of NIST CSF-based policies and procedures.
- Communicate findings, recommendations, and updates to relevant stakeholders and management.
- Collaborate with IT and security teams, legal, compliance, and other relevant departments to ensure a cohesive and integrated approach to cybersecurity.
- The contractor will address the needs stated above by accomplishing the following:
- Create policies and procedures using the NIST templates to align with each of the five core functions of the NIST CSF.
- Create standards using the NIST templates to align with each of the five core functions of the NIST CSF.
PREFERRED CERTIFICATIONS
- Certified Information Systems Security Professional (CISSP),
- Certified Information Security Manager (CISM),
- or Certified Information Systems Auditor (CISA)
- Information Security Certification(s) E.g. CISSP, CISM, CISA, GIAC, CISA, CISM, CCIE Security, CompTIA, etc.
REQUIRED EXPERIENCE
- 6+ years of experience in IT security related responsibilities
- 2+ years of demonstrated experience producing information security related documentation addressing procedures, standards, and guidelines to ensure information security. This includes proficiency in formulating policies and procedures aligned with the National Institute of Standards and Technology Cybersecurity Framework or analogous sectors.
- Knowledge of and a comprehensive understanding of the NIST Cybersecurity Framework, including its core functions, categories, and subcategories.
- Ability to interpret and apply NIST CSF guidelines to develop tailored cybersecurity policies and procedures suitable for the organization's needs.
- Experience in translating complex technical concepts into easily understandable and implementable policies and procedures, catering to diverse stakeholders.
- Experience in organizing documentation to facilitate easy navigation and understanding.
- Experience in managing versioning and track changes in policy documents.
- Clear and concise communicator capable of articulating complex cybersecurity concepts in both written documentation and verbal presentations.
- Experience in working independently (taking initiative) while working in a team environment (cooperating with team members and supporting team members).
- Knowledge understanding of basic security principles relating to confidentiality, integrity, and availability, risk assessments, administrative controls, technical controls, disaster recovery, etc.
PREFERRED EXPERIENCE
- Track record of successfully creating, reviewing, and updating policies and procedures, specifically in the realm of cybersecurity and in alignment with NIST standards.
- Knowledge of relevant industry-specific regulations, compliance requirements, and standards beyond NIST, such as ISO/IEC 27001, or industry-specific frameworks.
- Strong interpersonal skills to collaborate with cross-functional teams, stakeholders, and management to gather requirements and address cybersecurity concerns effectively.
- Experience with Microsoft Word, Excel, and PowerPoint. (Visio a plus).