Information Security Policy Consultant
LOCAL CANDIDTES ONLY W2 eligible ONLY
Location: Downtown Los Angeles, CA
Duration: 6-Month Contract
Contract on W2
Position Overview
This role will oversee the full policy lifecycle, including policy assessment, stakeholder engagement, standards development, approval management, and implementation support. The consultant will serve as an integrated member of the Governance team and will be expected to operate independently, maintain project momentum, and proactively identify opportunities to advance governance initiatives.
The ideal candidate has extensive experience developing cybersecurity policies and standards, strong knowledge of industry frameworks, and the ability to collaborate effectively with technical, legal, and executive stakeholders.
Key Responsibilities
Policy Review & Gap Analysis
- Conduct a comprehensive review of the current Information Security Policy and supporting documentation.
- Assess alignment with current regulatory requirements, including CCPA/CPRA updates, and industry frameworks such as NIST CSF 2.0, NIST 800-53, and ISO/IEC 27001.
- Produce a formal gap analysis identifying policy deficiencies, risks, and recommendations.
Policy & Standards Development
- Author and update information security policies, technical standards, procedures, and guidelines.
- Develop governance documentation covering areas such as:
- Identity and Access Management
- Password and Multi-Factor Authentication Standards
- Artificial Intelligence (AI) Usage
- Zero Trust Architecture
- Cloud Security and Cloud Sovereignty
- Remote Work Security
- Ensure consistency and alignment across all governance documents.
Stakeholder Engagement
- Schedule and facilitate policy discovery sessions with City departments and key stakeholders.
- Gather operational requirements, identify implementation challenges, and incorporate stakeholder feedback into policy updates.
- Present recommendations and policy changes to technical and non-technical audiences.
Approval Process Management
- Manage the policy review and approval process through coordination with ITA leadership, Labor Relations, the City Attorney's Office, and other stakeholders.
- Track feedback, revisions, and approvals to ensure timely project progression.
Governance Support
- Develop supporting materials including implementation guides, training content, and operational procedures.
- Assist with policy-related research, governance initiatives, internal audits, and security awareness efforts as needed.
- Provide ongoing support to the Governance Section and related security programs.
Deliverables
The consultant will be expected to deliver the following during the engagement:
- Policy Gap Analysis Report comparing current policies against NIST CSF 2.0 and other applicable frameworks.
- Updated Information Security Policy ready for formal adoption.
- Technical Standards and Supporting Procedures for key security domains.
- Policy Interpretation Guide to support departmental implementation and compliance.
- Governance Operations Manual outlining policy maintenance, review, and update processes.
- Monthly Status Reports documenting stakeholder engagement, project progress, and key milestones.
Required Qualifications
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Public Policy, or a related field, or an equivalent combination of education and relevant experience.
- Minimum 5 years of direct experience developing, authoring, and maintaining cybersecurity policies, standards, and governance documentation.
- Demonstrated experience managing policy initiatives from assessment through approval and implementation.
- Strong understanding of cybersecurity governance frameworks, including:
- NIST Cybersecurity Framework (CSF)
- NIST 800-53
- ISO/IEC 27001
- Excellent written, verbal, and presentation skills.
- Proven ability to communicate technical concepts to non-technical audiences and executive leadership.
- Strong project management, analytical, and organizational skills.
- Ability to work independently and drive initiatives with minimal supervision.
Preferred Qualifications
- Certified Information Security Manager (CISM)
- Certified Information Systems Auditor (CISA)
- ISC Certified in Cybersecurity (CC)
- CompTIA Security+
- CompTIA CySA+
- Experience working within government, public sector, or highly regulated environments.
Familiarity with policy development related to AI governance, cloud security, and Zero Trust initiatives.
Ayush Sharma Sr. US Technical Recruiter
| Ext:149
| G-talk:
Never miss an opportunity! Create an alert based on the job you applied for.
