Duties and Responsibilities:
The Consultant will provide expertise and proactive project management for the following:
Policy Gap Analysis: Conduct a formal review of the March 2024 ISP against currentregulatory requirements (CCPA/CPRA updates) and industry best practices.
Stakeholder Engagement & Discovery: Proactively schedule and lead "PolicyDiscovery" sessions with City departments to identify operational hurdles in currentsecurity mandates.
Drafting & Alignment: Author high-level policies, granular technical standards (e.g.,Password/MFA standards), and non-technical guidelines. Ensure all documents arecross-referenced and consistent.
Emerging Tech Governance: Develop specific "Acceptable Use" standards for Artificial Intelligence (AI), automated tools, and remote work infrastructure.
Approval Pipeline Management: Navigate the City s administrative approval process, incorporating feedback from the City Attorney, Labor Relations, and ITA Leadership without project stagnation.
Continuous Support: In periods of administrative delay, the Consultant shall assist the security team with policy-related research, internal audits, or creating "Policy-to-Practice" training decks.
Proactive "Downtime" Management: In the event of administrative delays or pending approvals, the Consultant is contractually expected to pivot to high-value support tasks, including authoring training decks, assisting with internal security audits, or drafting technical "How-To" guides for the team.
Deliverables:
The Consultant is expected to contribute to the following within the contract period:
1. 2. 3. 4. 5. Policy Gap Analysis Report: A formal assessment of current policy deficiencies compared to NIST CSF 2.0.
Modernized Citywide Information Security Policy: A finalized, ready-for-adoption Information Security Policy.
Policy Interpretation Guide: A simplified "FAQ" or handbook for Departmental ISOs to help them implement the new policies.
Governance Desk Manual: A guide for ITA staff on how to maintain, review, and update these policies in the future.
Monthly Progress & Engagement Logs: Documentation of all stakeholder interviews and follow-ups conducted to prove active project advancement.
Qualifications:
Bachelor's degree in cybersecurity, information technology, computer science, or related field; students within six months of graduation may apply. Equivalent combination of education and relevant experience will be considered.
Bachelor's degree in a related field; professional certifications such as CISM or CISA are highly preferred. Also entry-level cybersecurity certifications are valued, such as:
ISC Certified in Cybersecurity (CC)
CompTIA Security+
CompTIA Cybersecurity Analyst+ (CySA+)
Minimum 5 years of direct experience in Cybersecurity Policy Development and Authoring. (Incumbent must be able to contribute immediately with zero training).
Deep, practical knowledge of NIST 800-53, NIST CSF, and ISO/IEC 27001 is preferred.
Advanced Communication & Negotiation Skills: Proven ability to lead meetings with high-level executives, explain technical risks to non-technical audiences, and negotiate policy language with legal/labor stakeholders.
Strong analytical thinking, problem-solving abilities, and attention to detail.
Proven "self-starter" with the ability to manage the policy lifecycle from research to final approval without daily supervision.
Never miss an opportunity! Create an alert based on the job you applied for.
