Technical Policy Specialist

About the Role

The Technical Policy Specialist occupies the intersection of policy, regulation, and technical implementation — developing policy documentation that is not just legally sound but operationally executable and auditably maintained. At ELDR, policy-as-code is not just a concept: we help clients build policy repositories governed in Git, written in structured formats, tested through automated pipelines, and versioned with full audit trails. The Technical Policy Specialist brings this approach to clients navigating cybersecurity, data governance, AI, and regulatory compliance policy environments — particularly from the Washington hub where regulatory frameworks originate.

Responsibilities

• Develop technical policies, standards, and procedures for regulated institutions in structured, version-controlled formats — Markdown, YAML, or XML — managed in Git-based repositories
• Translate regulatory requirements into operational policy language: mapping legal obligations to control statements, implementation guidance, and evidence requirements
• Implement policy governance frameworks including policy lifecycle management, review cadences, approval workflows, and change control
• Contribute to policy-as-code initiatives — developing automated policy testing, compliance-as-code frameworks, and machine-readable policy formats
• Produce control narratives, policy mapping matrices, and regulatory crosswalk documentation for audit and regulatory examination support
• Advise clients on policy architecture — hierarchy design, scoping, interoperability with GRC platforms, and integration with operational procedures
• Track regulatory developments from NIST, CISA, OCC, OSFI, and comparable bodies and assess policy implications for client environments

Requirements

• 5–10 years of experience in policy development, regulatory compliance writing, or governance documentation in a technical environment
• Working knowledge of at least two major regulatory frameworks: NIST 800-53, ISO 27001, SOX, GDPR, HIPAA, FedRAMP, or equivalent
• Experience writing policies in structured formats and managing policy repositories in version-controlled systems
• Strong regulatory literacy — ability to read and interpret legislative, regulatory, and standards documents accurately
• Excellent written communication skills with precision, clarity, and appropriate technical register
• Undergraduate degree required; law, public policy, information systems, or cybersecurity background preferred

Preferred Qualifications

• Hands-on experience with policy-as-code tooling — Open Policy Agent (OPA), Rego, Sentinel, or comparable
• Prior government, regulatory body, or federal contractor experience
• Familiarity with GRC platform policy modules — ServiceNow GRC Policy Management, Archer, or OneTrust
• CIPP, CISM, or equivalent governance or privacy certification

What We Offer

• Policy architecture work at the regulatory frontier — NIST, AI Act, cybersecurity frameworks
• Washington-area base with direct proximity to the regulatory and policy environment
• Integration with ELDR Intelligence on regulatory tracking and analysis
• Competitive compensation with professional development support