IT Policy Specialist – Lead

Job Summary:

The IT Policy Specialist – Lead provides subject matter technical knowledge and analysis to support functional technical areas of a project. This role applies advanced principles, methods, technical knowledge and analysis of the functional area to specific task requirements to develop solutions to complex problems and contributes to the cyber security project teams in the delivery of program and task order requirements. This role also develops and delivers cyber security reports, documents and briefings and advises on industry best practices. The IT Policy Specialist conducts research to resolve complex issues or problems; develops and conducts cybersecurity data calls, monitors requirements of data requests, develops the analysis of the data, and articulates results in both detailed and high-level formats for a diverse group of internal and external stakeholders, in response to Federally mandated, Senior leadership, and mission-required drivers for continued cyber defense strategies.

*This position is dependent upon contract award. Selected candidate must be onsite in Washington, DC.* 

Job Duties and Responsibilities:

The IT Policy Specialist – Lead will support the full lifecycle management of the Enterprise Cybersecurity Policy Program. Such support activities include but may not be limited to:

• Finalizing and the publication of standards and handbooks in progress, while conducting annual reviews and updates for previously published policy documents.
• Support the Federal Policy Lead in maturing the Cybersecurity Policy Framework to ensure clarity, consistency, currency, and applicability of cybersecurity requirements as they apply across the Department.
• Support effective dissemination and adoption of Department policies, standards, and handbooks throughout the Department of Commerce.
• Employ creative communication methods, delivery modes, and supplemental media in support of policy dissemination and adoption by cybersecurity professionals across DOC and its Bureaus. Examples of published Department policies include: o DOC Enterprise Cybersecurity Policy (Sept 2022)o Security and Privacy Control Matrix (Sept 2022, updated Jan 2024)o Incident Response Management Standard (February 2023)o Configuration Management Standard (March 2023)o Security and Privacy Assessment and Authorization Handbook (March 2023)o Plan of Actions and Milestones Handbook (March 2023)o Contingency Planning Standard (March 2023)o Rules of Behavioro Cybersecurity Awareness and Training Standard (June 2023)

Job Requirements (Education/Skills/Experience):

• Must have an active Public Trust clearance. 
• Education: Minimum bachelor’s degree in Cybersecurity, Public Policy, Information Assurance, or a related field.
• Minimum 5 years of experience in life cycle management of cybersecurity policy, governance, and compliance.
• Strong knowledge of NIST SP 800-53, FISMA, OMB A-130, and other federal cybersecurity policies.
• Experience developing, analyzing, and implementing IT security policies, standards, and frameworks.
• Ability to analyze complex policy and security data and develop strategic recommendations for leadership.
• Strong communication and technical writing skills to develop policy documents, reports, and executive briefings.
• Systems Tools Familiarity: Governance, Risk, and Compliance (GRC) tools, SharePoint, and Microsoft Office Suite.

Desired:

• Certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditore (CISA), or Certified Information Privacy Professional (CIPP), or similar.

Work Location:

• DOC Headquarters, Washington, DC

Diné Development Corporation (DDC) is a Navajo Nation owned family of companies that delivers IT, professional, and environmental solutions to advance the missions of federal, state, and tribal government agencies. As thought leaders and innovators, our team of specialists build client-centric solutions that solve critical challenges faced by defense, civilian, and healthcare organizations. Employing a mission-focused approach, we deliver value that not only enhances current operations, but also drives future change. Closely aligned with this approach is our commitment to advancing the Navajo Nation and its People. Through economic development and community empowerment, we elevate the Navajo Nation to provide lasting impact and sustainable growth for future generations. DDC’s ability to unite legacy-inspired technologies, industry best practices, and proven methodologies has contributed to our success for twenty years.

This contractor and subcontractor shall abide by the requirements of 41 CFR 60-1.4(a), 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity, national origin, or for inquiring about, discussing, or disclosing information about compensation, or any other basis prohibited by law. We participate in E-Verify.