Description:
The contractor will develop, revise, and maintain information security governance documentation. The work includes creating technically accurate, enforceable documentation aligned with cybersecurity frameworks and organizational objectives.
Primary responsibilities include:
· Develop and revise information security policies
· Develop technical standards supporting approved security policies.
· Develop operational procedures and implementation of guidance.
· Create security baselines and configuration documentation.
· Develop compliance documentation for technical accuracy, consistency, completeness, and enforceability.
· Recommend improvements to governance documentation structure and organization.
· Produce clear documentation suitable for technical staff, management, auditors, and external reviewers.
· Work with subject matter experts to accurately document existing processes and required controls.
· Maintain document version control and support periodic review.
Required Skills/ Experience:
Technical writing experience involving cybersecurity or IT governance.
Demonstrated experience with several of the following:
· NIST Cybersecurity Framework
· NIST SP 800-53
· IRS Publication 1075
· CIS Critical Security Controls
· Security governance and risk management
· Identity and Access Management
· Incident Response
· Vulnerability Management
· Disaster Recovery and Business Continuity
· Vendor Risk Management
· Security Awareness and Training
· Policy Lifecycle Management
Preferred /Not Required:
· Experience writing documentation aligned with NIST Cybersecurity Framework, NIST SP 800-53, and IRS Publication 1075
· CISSP, CISA, CGRC, Security+, or equivelant certifications.
—