Description:
Primary responsibilities include:
· Develop and revise information security policies
· Develop technical standards supporting approved security policies.
· Develop operational procedures and implementation of guidance.
· Create security baselines and configuration documentation.
· Develop compliance documentation for technical accuracy, consistency, completeness, and enforceability.
· Recommend improvements to governance documentation structure and organization.
· Produce clear documentation suitable for technical staff, management, auditors, and external reviewers.
· Work with subject matter experts to accurately document existing processes and required controls.
· Maintain document version control and support periodic review.
Required Skills/ Experience:
Technical writing experience involving cybersecurity or IT governance.
Demonstrated experience with several of the following:
· NIST Cybersecurity Framework
· NIST SP 800-53
· CIS Critical Security Controls
· Security governance and risk management
· Identity and Access Management
· Disaster Recovery and Business Continuity
· Security Awareness and Training
· Policy Lifecycle Management
Preferred /Not Required:
· Experience writing documentation aligned with NIST Cybersecurity Framework, NIST SP 800-53, and IRS Publication 1075
· CISSP, CISA, CGRC, Security+, or equivelant certifications.
—
—