Computer Security, Disaster Recovery, Documentation, External Audit, IT Governance, Identity Data Management, Incident Response, Information Technology Consulting, Information/Data Security (InfoSec), Internet Security, Operations Planning, Operations Processes, People Management, Procedure Development, Publications, Risk Management, Source Code/Configuration Management (SCM), Standards Development, Technical Leadership, Technical Support, Technical Writing, U.S. National Institute of Standards and Technology (NIST), Writing Skills
Description of the job functions the contractor will be expected to perform.The contractor will develop, revise, and maintain information security governance documentation. The work includes creating technically accurate, enforceable documentation aligned with cybersecurity frameworks and organizational objectives.
Primary responsibilities include:
- Develop and revise information security policies
- Develop technical standards supporting approved security policies.
- Develop operational procedures and implementation of guidance.
- Create security baselines and configuration documentation.
- Develop compliance documentation for technical accuracy, consistency, completeness, and enforceability.
- Recommend improvements to governance documentation structure and organization.
- Produce clear documentation suitable for technical staff, management, auditors, and external reviewers.
- Work with subject matter experts to accurately document existing processes and required controls.
- Maintain document version control and support periodic review.
Required Skills/Experience Technical writing experience involving cybersecurity or IT governance.
Demonstrated experience with several of the following:
- NIST Cybersecurity Framework
- NIST SP 800-53
- IRS Publication 1075
- CIS Critical Security Controls
- Security governance and risk management
- Identity and Access Management
- Incident Response
- Vulnerability Management
- Disaster Recovery and Business Continuity
- Vendor Risk Management
- Security Awareness and Training
- Policy Lifecycle Management
Preferred/Not Required - Experience writing documentation aligned with NIST Cybersecurity Framework, NIST SP 800-53, and IRS Publication 1075
- CISSP, CISA, CGRC, Security+, or equivelant certifications.