Job description

Job Title: IT Cybersecurity Policy Manager
Job Location: Tallahassee, FL (on-site/hybrid)
Job Duration: 12 months + extension
Job Duties:

• Conduct an assessment of the organization's current cybersecurity policies and procedures against the NIST CSF framework.
• Identify gaps and areas where policies and procedures need to be developed or revised to align with NIST CSF guidelines.
• Draft clear and concise policies addressing cybersecurity governance, risk management, asset management, access control, incident response, and other relevant areas.
• Ensure that developed policies and procedures align with each of the five core functions of the NIST CSF.
• Map organizational processes and controls to the appropriate categories within the framework.
• Develop detailed procedures that operationalize the cybersecurity policies based on the NIST CSF guidelines.
• Engage with key stakeholders, cybersecurity teams, IT personnel, and department heads to gather insights and information necessary for the development of policies, standards, procedures, work details or other relevant required documentation.
• Collaborate with these stakeholders to ensure that the policies and procedures are practical, feasible, and aligned with organizational goals.
• Maintain accurate documentation of developed policies and procedures.
• Implement a version control system to track changes, updates, and revisions made to the documents over time.
• Prepare reports and presentations detailing the status of cybersecurity compliance and the effectiveness of NIST CSF-based policies and procedures.
• Communicate findings, recommendations, and updates to relevant stakeholders and management.
• Collaborate with IT and security teams, legal, compliance, and other relevant departments to ensure a cohesive and integrated approach to cybersecurity.

Required Experience:

• A bachelor's degree in cybersecurity, information technology, computer science, English or a related field.

• 6+ years of experience in IT security related responsibilities
• 2+ years of demonstrated experience producing information security related documentation addressing procedures, standards, and guidelines to ensure information security. This includes proficiency in formulating policies and procedures aligned with the National Institute of Standards and Technology Cybersecurity Framework or analogous sectors.
• Knowledge of and a comprehensive understanding of the NIST Cybersecurity Framework, including its core functions, categories, and subcategories.
• Ability to interpret and apply NIST CSF guidelines to develop tailored cybersecurity policies and procedures suitable for the organization's needs.
• Experience in translating complex technical concepts into easily understandable and implementable policies and procedures, catering to diverse stakeholders.
• Experience in organizing documentation to facilitate easy navigation and understanding.
• Experience in managing versioning and track changes in policy documents.
• Clear and concise communicator capable of articulating complex cybersecurity concepts in both written documentation and verbal presentations.
• Experience in working independently (taking initiative) while working in a team environment (cooperating with team members and supporting team members).

• Knowledge understanding of basic security principles relating to confidentiality, integrity, and availability, risk assessments, administrative controls, technical controls, disaster recovery, etc.

Preferred Experience:

• Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA)
• Information Security Certification(s) E.g., CISSP, CISM, CISA, GIAC, CISA, CISM, CCIE Security, CompTIA, etc.
• Track record of successfully creating, reviewing, and updating policies and procedures, specifically in the realm of cybersecurity and in alignment with NIST standards.
• Knowledge of relevant industry-specific regulations, compliance requirements, and standards beyond NIST, such as ISO/IEC 27001, or industry-specific frameworks.
• Strong interpersonal skills to collaborate with cross-functional teams, stakeholders, and management to gather requirements and address cybersecurity concerns effectively.
• Experience with Microsoft Word, Excel, and PowerPoint. (Visio a plus).

Dexian is a leading provider of staffing, IT, and workforce solutions with over 12,000 employees and 70 locations worldwide. As one of the largest IT staffing companies and the 2nd largest minority-owned staffing company in the U.S., Dexian was formed in 2023 through the merger of DISYS and Signature Consultants. Combining the best elements of its core companies, Dexian's platform connects talent, technology, and organizations to produce game-changing results that help everyone achieve their ambitions and goals.

Dexian's brands include Dexian DISYS, Dexian Signature Consultants, Dexian Government Solutions, Dexian Talent Development and Dexian IT Solutions. Visit https://dexian.com/ to learn more.

Dexian is an Equal Opportunity Employer that recruits and hires qualified candidates without regard to race, religion, sex, sexual orientation, gender identity, age, national origin, ancestry, citizenship, disability, or veteran status.