Ascension LLC is seeking an experienced Cybersecurity Policy & Compliance Specialist to serve as the primary technical and policy author supporting a public-sector cybersecurity governance and compliance initiative.

This independent contractor will lead the assessment, drafting, and refinement of enterprise cybersecurity policies and supporting documentation. The role is critical to ensuring that the client’s security posture aligns with regulatory requirements, risk management frameworks, and industry best practices.

We are looking for a senior-level cybersecurity governance professional who understands how to translate security controls into structured, implementable policies that drive accountability and operational compliance.

This role is best suited for a highly disciplined, self-directed professional who can deliver high-quality work products with minimal supervision and operate effectively in a documentation-driven compliance environment.

Summary of the Contractor Role

The Cybersecurity Policy & Compliance Specialist will:

• Assess existing IT and cybersecurity policies
• Conduct regulatory and framework mapping
• Identify compliance gaps
• Develop structured cybersecurity governance documentation
• Produce vulnerability management and incident response documentation aligned to industry standards

This contractor will serve as the core drafting authority for the engagement and will ensure that all policies are actionable, measurable, and audit-ready.

The ideal candidate will:

• Be detail-oriented and organized
• Demonstrate strong analytical and policy-writing skills
• Anticipate regulatory gaps and operational risks
• Work independently while engaging stakeholders effectively
• Deliver structured documentation aligned to recognized frameworks

Key Responsibilities and Activities

The selected contractor will:

• Assess current cybersecurity policies against applicable regulatory and compliance standards
• Conduct policy and control gap analyses
• Develop or refine:
  • Information Security Policy
  • Acceptable Use Policy
  • Access Control Policy
  • Asset Classification Policy
  • Data Governance Policy
  • Security Awareness Policy
  • Vendor Management Policy
• Develop a Vulnerability Management Policy including:
  • Vulnerability classification structure
  • Reporting and escalation processes
  • Risk prioritization methodology
  • Risk tolerance matrix
• Develop a comprehensive Incident Response Plan including:
  • Incident classification model
  • Reporting channels
  • Escalation pathways
  • Communication procedures
  • Forensic handling considerations
  • External reporting requirements
• Map policies to recognized frameworks such as:
  • NIST SP 800-53
  • NIST Cybersecurity Framework
  • CJIS Security Policy, if applicable
• Facilitate stakeholder interviews and policy working sessions
• Incorporate legal, IT, and executive leadership input
• Prepare policy crosswalk documentation
• Support audit-readiness documentation preparation
• Maintain document version control and governance logs