Hiring - Policy & Governance Analyst
Posted 5 days ago by BizTech Fusion
Negotiable
Undetermined
Remote
Remote
Summary: The Policy & Governance Analyst at BizTech Fusion is responsible for conducting a comprehensive review of information security policies and developing a data governance framework aligned with NIST SP 800-53 Rev 5.2.0. This role focuses on ensuring compliance with FERPA and other relevant regulations while managing sensitive PII for a school district. The analyst will produce key deliverables and present findings to leadership in an accessible manner. The position is remote and requires US-based personnel.
Key Responsibilities:
- Review all existing NNPS information security policies, procedures, and standards
- Identify policy gaps against NIST SP 800-53 Rev 5.2.0 controls
- Assess data governance framework for student and staff PII; identify classification, handling, retention, and disposal gaps
- Evaluate compliance posture against applicable requirements: FERPA, CIPA, Virginia Student Privacy Act, and applicable NNPS board policies
- Develop or recommend an updated data governance framework appropriate for a K-12 school district of NNPS's size
- Produce the Information Security Policy Review and Data Governance Framework deliverable reports
- Coordinate with technical team to ensure technical findings are mapped to corresponding policy gaps in the consolidated report
- Participate in executive debrief; present policy/governance findings to NNPS leadership in accessible, non-technical terms
Key Skills:
- Minimum 5 years of experience in information security policy, governance, risk, or compliance roles
- CISM, CISA, or CGEIT certification (at least one required)
- Demonstrated experience conducting policy gap assessments against NIST SP 800-53 (Rev 4 or Rev 5)
- Experience developing or revising data governance frameworks for organizations handling sensitive PII
- Familiarity with FERPA requirements and their practical implications for K-12 IT environments
- Experience writing executive-level policy reports for non-technical audiences
- US-based
Salary (Rate): £60,000 yearly
City: undetermined
Country: undetermined
Working Arrangements: remote
IR35 Status: undetermined
Seniority Level: undetermined
Industry: Other
Hi
Greetings from BizTech Fusion!
BizTech Fusion requires a full information security policy review, data governance framework development, and compliance assessment. NNPS alignment to NIST SP 800-53 Rev 5.2.0 is required at the high-level. The school district handles PII for approximately 27,000 students and 4,300 staff FERPA compliance and data governance are central concerns. This role is the primary deliverable owner for the policy and governance report track.
Title: Policy & Governance Analyst
Location: Remote (US Region, Eastern Time)
Duration: 12 Month Contract with possible renewal
Tax: W2, 1099
Note: US-based personnel mandatory
Job Description
Responsibilities
- Review all existing NNPS information security policies, procedures, and standards
- Identify policy gaps against NIST SP 800-53 Rev 5.2.0 controls
- Assess data governance framework for student and staff PII identify classification, handling, retention, and disposal gaps
- Evaluate compliance posture against applicable requirements: FERPA, CIPA, Virginia Student Privacy Act, and applicable NNPS board policies
- Develop or recommend an updated data governance framework appropriate for a K-12 school district of NNPS's size
- Produce the Information Security Policy Review and Data Governance Framework deliverable reports
- Coordinate with technical team to ensure technical findings are mapped to corresponding policy gaps in the consolidated report
- Participate in executive debrief; present policy/governance findings to NNPS leadership in accessible, non-technical terms
Required Qualifications
- Minimum 5 years of experience in information security policy, governance, risk, or compliance roles
- CISM, CISA, or CGEIT certification (at least one required)
- Demonstrated experience conducting policy gap assessments against NIST SP 800-53 (Rev 4 or Rev 5)
- Experience developing or revising data governance frameworks for organizations handling sensitive PII
- Familiarity with FERPA requirements and their practical implications for K-12 IT environments
- Experience writing executive-level policy reports for non-technical audiences
- US-based
Preferred Qualifications
- Prior experience with K-12 school district or public sector (state/local government) clients
- Familiarity with Virginia education law and Virginia Department of Education (VDOE) technology and data standards
- CGRC (formerly CAP), CRISC, or CDPSE certification
- Experience developing incident response plans or security awareness training programs
- SSAE 16 / SOC 2 audit experience (relevant to the contract's SSAE16 annual reporting obligation)