Cyber Policy and Compliance Expert
Remote
Full Time
Intelligence Community
Experienced
Tetrad Digital Integrity (TDI) is a leading-edge cybersecurity firm with a mission to safeguard and protect our customers from increasing threats and vulnerabilities in this digital age.
This role involves developing challenging and realistic test materials that assess a test subject's ability to understand and reason about Governance, Risk, and Compliance (GRC). You will create complex assessment scenarios that require the subject to dynamically generate comprehensive, contextually appropriate, and technically enforceable cybersecurity policies. These scenarios will involve shifting security contexts, evolving regulatory requirements (e.g., NIST, ISO, GDPR), and active threat environments to benchmark the subject's ability to balance technical security with organizational objectives.
RESPONSIBILITIES:
This role involves developing challenging and realistic test materials that assess a test subject's ability to understand and reason about Governance, Risk, and Compliance (GRC). You will create complex assessment scenarios that require the subject to dynamically generate comprehensive, contextually appropriate, and technically enforceable cybersecurity policies. These scenarios will involve shifting security contexts, evolving regulatory requirements (e.g., NIST, ISO, GDPR), and active threat environments to benchmark the subject's ability to balance technical security with organizational objectives.
RESPONSIBILITIES:
- Dynamic Policy Scenario Creation: Develop sophisticated test cases that require the test subject to generate or modify security policies based on specific triggers, such as a new zero-day vulnerability, a shift to remote work, or an update to international privacy laws.
- Compliance & Framework Mapping: Evaluate responses for strict adherence to major security frameworks and standards, including NIST SP 800-53, ISO 27001, SOC2, HIPAA, and GDPR.
- Enforceability Assessment: Critique generated policies not just for compliance, but for technical feasibility and enforceability (e.g., ensuring a "Data Protection Policy" translates into realistic DLP or encryption configurations).
- Strategic Risk Analysis: Assess the subject’s ability to align security controls with business goals, ensuring policies are not overly restrictive (hindering operations) or dangerously permissive.
- Iterative Refinement: Provide expert-level feedback and rewritten responses to establish a high standard of reasoning in complex regulatory and ethical decision-making processes.
- Deep GRC Expertise: Extensive experience creating, maintaining, and auditing cybersecurity policies, standards, and procedures for enterprise environments.
- Regulatory Knowledge: Mastery of key cybersecurity frameworks and regulations, specifically NIST (CSF & RMF), ISO/IEC 27001, GDPR, and CCPA.
- Technical Understanding: Ability to understand how written policies map to technical controls (STIG, firewalls, IAM, SIEM, Endpoint Security) to ensure generated policies are practically enforceable.
- Risk Management: Strong background in conducting risk assessments and translating risk appetite into policy language.
- Communication: Exceptional written communication skills with the ability to articulate complex compliance requirements clearly and concisely.
- Education: Bachelor’s or Master’s degree in Cybersecurity, Information Systems, Law, or relevant field.
- Experience: 5+ years of experience in GRC, Information Security Management, or Security Auditing.
- Certifications: CISSP, CISM, CISA, CRISC, or CIPP.
- Background in auditing or preparing organizations for third-party audits (e.g., DoD Impact Levels, FedRAMP, CMMC).
- Previous experience in highly regulated industries such as Defense, Finance, or Healthcare.
- Experience with Policy-as-Code tools (e.g., Open Policy Agent) or cloud governance (AWS Config, Azure Policy).
TDI does business with the federal government, which restricts employment to individuals who are either US citizens or lawful permanent residents of the United States.
“TDI is an Equal Opportunity Employer. Employment decisions are made based on individual qualifications, merit, and business needs. We do not discriminate in employment opportunities or practices based on race, color, religion, sex, or national origin, in accordance with applicable federal laws.”
Apply for this position
Required*