Policy Drafting and Updates
Role Description Supports federal client s Policy Drafting and Updates work activity by researching, analysing, drafting, and revising cybersecurity policy and supplemental documentation to ensure alignment with NIST 800-53 and other related federal security standards, mandates, and agency requirements, while helping maintain the broader security policy ecosystem.
Key Responsibilities:
Research, analyze, draft, and update cybersecurity policy language for the ISP, POMS, AIMS, CUI, and related supplemental documents.
Evaluate the impact of policy changes on related ecosystem documents and recommend updates needed to maintain consistency across the security policy environment.
Maintain and update mappings between Client policy artifacts, the NIST Cybersecurity Framework, and NIST control families.
Conduct policy gap assessments and identify discrepancies, redundancies, and missing requirements tied to federal cybersecurity and privacy mandates.
Support annual and ongoing reviews of POMS, CUI, and other policy ecosystem documentation, including document ownership, retirement, replacement, and change tracking.
Prepare draft responses, impact briefs, research summaries, and supporting materials for audit requests, policy inquiries, acquisition support, and executive-level discussions.
Assist with policy waiver lifecycle support, SRB-related coordination, meeting notes, and action item tracking.
Support development of planning documentation, templates, training resources, and communication materials related to cybersecurity policy changes.
Help maintain and enhance the security policy ecosystem through collaboration tools, inventories, and change management practices.
Required Qualification:
Bachelor s degree in cybersecurity, information systems, public policy, law, technical writing, business, or a related discipline.
Experience drafting, reviewing, updating, and validating written cybersecurity policy, standards, procedures, or governance documentation in a federal or similarly regulated environment.
Working knowledge of NIST SP 800-53 and other related security standards and mandates applicable to federal cybersecurity policy work, including: o FISMA o OMB Circular A-130 o FIPS 199 and FIPS 200 o NIST Cybersecurity Framework (CSF) 2.0 o NIST SP 800-37 Risk Management Framework (RMF) o FedRAMP o Other applicable OMB memoranda, federal mandates, and agency-level cybersecurity policy drivers.
Demonstrated ability to use policy knowledge to validate and review existing written policy for completeness, consistency, compliance impact, and alignment with current federal requirements.
Strong analytical skills, including the ability to interpret new publications and mandates and translate them into actionable policy revisions.
Strong written and verbal communication skills, including the ability to prepare draft policy language, briefings, correspondence, and audit support materials.
Experience using Jira, Confluence, ServiceNow, and the Microsoft 365 Office Suite, including Teams, Word, Excel, PowerPoint, and SharePoint.
Ability to work independently and collaboratively across policy, compliance, audit, and technical stakeholder groups.
Ability to hold a position in Public Trust
Preferred Qualification:
Experience supporting federal information security policy programs, policy modernization, or enterprise policy ecosystem management.
Familiarity with acquisition security language, supply chain risk policy support, CUI documentation, and audit artifact development.
Experience tracking policy changes, maintaining document inventories, and supporting publication workflows.
Knowledge of Section 508 formatting, document lifecycle governance, and change management practices.
Relevant certifications such as Security+, CGRC, CISSP, or policy/governance-related training.
Never miss an opportunity! Create an alert based on the job you applied for.
