Senior Cybersecurity and IT Policy SME

About The Position

Requirements

• Bachelor’s degree from an accredited college or university in a relevant field (e.g., Cybersecurity, Information Technology, Information Systems, Public Policy, or related discipline), or equivalent combination of education and experience.
• 10 years of relevant professional experience in cybersecurity, IT policy, governance, or related roles.
• Demonstrated expertise in developing, reviewing, and implementing federal IT and cybersecurity policies.
• Strong knowledge of cybersecurity frameworks and standards (e.g., NIST, FISMA, FedRAMP).
• Experience conducting policy assessments, gap analyses, and compliance evaluations.
• Experience coordinating policy reviews and managing policy lifecycle processes.
• Experience advising senior leadership on cybersecurity strategy, policy, and risk management.
• Strong analytical and problem-solving skills with the ability to assess complex environments and provide strategic recommendations.
• Excellent written and verbal communication skills, including experience preparing executive-level materials and training content.
• Ability to obtain and maintain a Q clearance.
• U.S. Citizenship is required due to federal contract and/or security clearance requirements.

Nice To Haves

• Experience supporting federal agencies.
• Familiarity with federal cybersecurity and IT governance frameworks (e.g., NIST, FISMA, FedRAMP).
• Experience supporting IT or cybersecurity operations programs.
• Prior experience in a consulting or professional services environment.
• Possessing an active Q, L, or Top Secret clearance is strongly preferred.

Responsibilities

• Provide subject matter expertise across IT policy, cybersecurity, strategic planning, and governance to support mission-critical objectives.
• Lead the development, refinement, and implementation of IT and cybersecurity policies, standards, and guidance.
• Ensure alignment of policies with applicable regulatory requirements, federal frameworks, and client strategic objectives.
• Review applicable IT and cybersecurity policies to ensure alignment and compliance with client requirements.
• Conduct assessments to identify IT and cybersecurity policy gaps and provide written recommendations for remediation.
• Evaluate policy effectiveness and recommend improvements to strengthen governance and compliance.
• Lead drafting, review, and refinement of IT and cybersecurity policy and guidance documents.
• Coordinate policy reviews, ensuring stakeholder alignment to shepherd policy through required approvals.
• Track policy status, updates, and approvals to ensure transparency and accountability across stakeholders.
• Develop policy implementation plans and roadmaps aligned with client strategic goals and cybersecurity initiatives.
• Support development and maintenance of cybersecurity plans, strategies, and policy frameworks.
• Provide expert input into enterprise-level planning, modernization efforts, and governance initiatives.
• Develop and maintain a repository of IT and cybersecurity policy risk mitigation strategies.
• Identify policy-related risks and gaps, and recommend actionable mitigation approaches.
• Support compliance with federal cybersecurity frameworks and regulatory requirements (e.g., NIST, FISMA, FedRAMP).
• Create and deliver IT and cybersecurity policy awareness campaigns, training sessions, and workshops for client personnel.
• Promote understanding and adoption of policies, standards, and governance processes across the organization.
• Translate complex policy and regulatory requirements into clear, accessible guidance for both technical and non-technical audiences.
• Maintain a centralized, version-controlled library of all current and historical IT and cybersecurity policy documents.
• Ensure proper documentation management, version control, and accessibility of policy materials.
• Establish and enforce documentation standards, templates, and best practices.
• Interface with client leadership and stakeholders to provide expert guidance on cybersecurity policy, risks, and strategic initiatives.
• Support executive briefings, governance forums, and cross-functional working groups.
• Collaborate with business analysts, technical teams, and program leadership to ensure alignment between policy, operations, and reporting.