LTS
LTS
is seeking an experienced
Lead IT Policy Specialist
to support a program within the Department of Commerce. This role requires deep expertise in IT governance, risk management, compliance, and security regulations. The IT Policy Specialist Lead will collaborate with internal and external stakeholders to ensure that IT policies align with federal guidelines, industry best practices, and the department's cybersecurity objectives. The role will also be responsible for reviewing and recommending policy changes based on emerging cybersecurity threats and regulatory changes.
This position is on-site in Washington D.C. This position is contingent on the award.
LTS
provides trusted consulting, and solutions in an increasingly complex and growing world. Our deep expertise in technology and analytics helps us serve a broad constituency of clients that range from cabinet-level departments of the U.S. Government to the largest Federal IT contractors in the world.
LTS
is a leading information technology (IT) provider for mission critical systems leveraging the latest technologies to deliver cutting edge solutions from small mobile applications to large, complex enterprise applications. Our professionals specialize in multiple disciplines including program management, system integration, system design, system development, cybersecurity, infrastructure and data analytics.
Responsibilities:
Support the full lifecycle management of the Enterprise Cybersecurity Policy Program. Finalizing and the publication of standards and handbooks in progress, while conducting annual reviews and updates for previously published policy documents. Support the Federal Policy Lead in maturing the Cybersecurity Policy Framework to ensure clarity, consistency, currency, and applicability of cybersecurity requirements as they apply across the Department. Support effective dissemination and adoption of Department policies, standards, and handbooks throughout the Department of Commerce. Employ creative communication methods, delivery modes, and supplemental media in support of policy dissemination and adoption by cybersecurity professionals across DOC and its Bureaus. Examples of published Department policies include: DOC Enterprise Cybersecurity Policy (Sept 2022) Security and Privacy Control Matrix (Sept 2022, updated Jan 2024) Incident Response Management Standard (February 2023) Configuration Management Standard (March 2023) Security and Privacy Assessment and Authorization Handbook (March 2023) Plan of Actions and Milestones Handbook (March 2023) Contingency Planning Standard (March 2023) Rules of Behavior Cybersecurity Awareness and Training Standard (June 2023)
Provide subject matter technical knowledge and analysis to support functional technical areas of a project. Develop and deliver cyber security reports, documents and briefings and advise on industry best practices. Conduct research to resolve complex issues or problems. Develop and conduct cybersecurity data calls, monitors requirements of data requests, develop the analysis of the data, and articulate results in both detailed and high-level formats for a diverse group of internal and external stakeholders, in response to Federally mandated, Senior leadership, and mission-required drivers for continued cyber defense strategies. Required Skills, Experience, & Qualifications:
Bachelor's Degree in Information Technology, Cybersecurity, Computer Science, or a related field is required. Minimum 5 years of experience in IT policy development, cybersecurity, or related fields. Must be a U.S. citizen Public Trust Suitability In-depth knowledge of federal cybersecurity regulations, executive orders, frameworks, and standards (e.g., FISMA, NIST 800 series, CSF, CMMC). Proven experience in developing, implementing, and maintaining IT policies, standards, and procedures. Strong problem-solving and analytical skills, with a focus on developing solutions to improve cybersecurity policy frameworks. Experience working with cross-functional teams, including legal, compliance, IT, and cybersecurity teams. Strong understanding of IT governance, risk management, and compliance (GRC) frameworks. Experienced in translating technical cybersecurity content into clear, accessible language suitable for a wide range of stakeholders, including non-technical audiences. Experience in a federal or government agency environment, particularly within a cybersecurity and IT policy development context. Familiarity with emerging technologies such as cloud computing, artificial intelligence, and machine learning, and their impact on cybersecurity policies. Proficiency in using innovative and engaging communication methods (e.g., multimedia, training tools, visual aids) to effectively disseminate policy content to cybersecurity professionals Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), or similar certifications
preferred .
is seeking an experienced
Lead IT Policy Specialist
to support a program within the Department of Commerce. This role requires deep expertise in IT governance, risk management, compliance, and security regulations. The IT Policy Specialist Lead will collaborate with internal and external stakeholders to ensure that IT policies align with federal guidelines, industry best practices, and the department's cybersecurity objectives. The role will also be responsible for reviewing and recommending policy changes based on emerging cybersecurity threats and regulatory changes.
This position is on-site in Washington D.C. This position is contingent on the award.
LTS
provides trusted consulting, and solutions in an increasingly complex and growing world. Our deep expertise in technology and analytics helps us serve a broad constituency of clients that range from cabinet-level departments of the U.S. Government to the largest Federal IT contractors in the world.
LTS
is a leading information technology (IT) provider for mission critical systems leveraging the latest technologies to deliver cutting edge solutions from small mobile applications to large, complex enterprise applications. Our professionals specialize in multiple disciplines including program management, system integration, system design, system development, cybersecurity, infrastructure and data analytics.
Responsibilities:
Support the full lifecycle management of the Enterprise Cybersecurity Policy Program. Finalizing and the publication of standards and handbooks in progress, while conducting annual reviews and updates for previously published policy documents. Support the Federal Policy Lead in maturing the Cybersecurity Policy Framework to ensure clarity, consistency, currency, and applicability of cybersecurity requirements as they apply across the Department. Support effective dissemination and adoption of Department policies, standards, and handbooks throughout the Department of Commerce. Employ creative communication methods, delivery modes, and supplemental media in support of policy dissemination and adoption by cybersecurity professionals across DOC and its Bureaus. Examples of published Department policies include: DOC Enterprise Cybersecurity Policy (Sept 2022) Security and Privacy Control Matrix (Sept 2022, updated Jan 2024) Incident Response Management Standard (February 2023) Configuration Management Standard (March 2023) Security and Privacy Assessment and Authorization Handbook (March 2023) Plan of Actions and Milestones Handbook (March 2023) Contingency Planning Standard (March 2023) Rules of Behavior Cybersecurity Awareness and Training Standard (June 2023)
Provide subject matter technical knowledge and analysis to support functional technical areas of a project. Develop and deliver cyber security reports, documents and briefings and advise on industry best practices. Conduct research to resolve complex issues or problems. Develop and conduct cybersecurity data calls, monitors requirements of data requests, develop the analysis of the data, and articulate results in both detailed and high-level formats for a diverse group of internal and external stakeholders, in response to Federally mandated, Senior leadership, and mission-required drivers for continued cyber defense strategies. Required Skills, Experience, & Qualifications:
Bachelor's Degree in Information Technology, Cybersecurity, Computer Science, or a related field is required. Minimum 5 years of experience in IT policy development, cybersecurity, or related fields. Must be a U.S. citizen Public Trust Suitability In-depth knowledge of federal cybersecurity regulations, executive orders, frameworks, and standards (e.g., FISMA, NIST 800 series, CSF, CMMC). Proven experience in developing, implementing, and maintaining IT policies, standards, and procedures. Strong problem-solving and analytical skills, with a focus on developing solutions to improve cybersecurity policy frameworks. Experience working with cross-functional teams, including legal, compliance, IT, and cybersecurity teams. Strong understanding of IT governance, risk management, and compliance (GRC) frameworks. Experienced in translating technical cybersecurity content into clear, accessible language suitable for a wide range of stakeholders, including non-technical audiences. Experience in a federal or government agency environment, particularly within a cybersecurity and IT policy development context. Familiarity with emerging technologies such as cloud computing, artificial intelligence, and machine learning, and their impact on cybersecurity policies. Proficiency in using innovative and engaging communication methods (e.g., multimedia, training tools, visual aids) to effectively disseminate policy content to cybersecurity professionals Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), or similar certifications
preferred .