[Remote] U.S. Cybersecurity Policy Consultant – Federal Regulation Advisory Role (Hourly or Project)

[Remote] U.S. Cybersecurity Policy Consultant – Federal & Sectoral Regulation, Advisory Role (Hourly or Project) JOB TYPE Hourly or Project (negotiable) Est. duration: Ongoing, part-time (3-10 hrs/week to start) BUDGET $200+ / hr (flexible for exceptional candidates) OR submit your flat project rate. LOCATION Fully remote; U.S. time-zone overlap preferred. OVERVIEW We’re a fast growing consultancy that helps clients navigate U.S. cybersecurity compliance. We need an experienced American cybersecurity-policy specialist who can translate new federal rules (NIST CSF, CIRCIA, SEC cyber rules, HIPAA Security Rule, FISMA, FedRAMP, CMMC, TSA pipelines directives, state privacy laws, etc.) into actionable, business ready guidance for executives and engineering teams. This is not a penetration testing or SOC analyst role, it is policy, governance, and strategic advisory. You will brief clients, draft white papers, build compliance road maps, and occasionally represent us in stakeholder meetings. CORE RESPONSIBILITIES Monitor and interpret new U.S. federal & state cybersecurity statutes, regulations, and guidance (CISA, OMB, FTC, SEC, HHS, DoD, state AGs). Produce concise executive briefs (2–5 pages) summarizing rule making, enforcement actions, and comment deadlines. Build compliance gap analysis matrices between existing client programs and new requirements. Draft policy templates (incident response plans, vendor risk clauses, board level cyber reporting metrics). Support client calls: explain regulatory expectations in plain English; answer “What does this mean for us?” questions. Optionally represent us in trade association working groups or regulatory comment periods (we pay for your time). MUST-HAVE QUALIFICATIONS 5+ years U.S. cybersecurity policy experience in one or more of: federal agency, Capitol Hill, law firm, Big-4, or in house at a regulated company. Demonstrated subject matter expertise in at least two U.S. regimes (e.g., NIST CSF, CIRCIA, SEC cyber rules, CMMC, HIPAA, GLBA, FISMA, TSA Security Directives). Strong writing portfolio (samples required): policy memos, regulatory comment letters, or client briefs. J.D., M.P.A., M.S. Cybersecurity, or equivalent professional certification (CIPP/US, CISSP, CISA, PMP welcome but not mandatory). Native or near-native English; ability to turn legalese into bullet points executives will read. NICE TO HAVE Active security clearance (Secret or higher). Experience testifying or briefing state/federal legislative committees. Familiarity with EU NIS2, DORA, or GDPR for cross border clients. Network inside CISA, FBI, or sector specific ISACs. Experience with the Chinese market is a strong plus. ENGAGEMENT LOGISTICS Fully remote, part-time retainer to start (3–10 hrs/week); can scale up quickly if workload grows. Flexible hours, we care about deliverables, not keystroke monitoring. APPLICATION INSTRUCTIONS Reply with “CyberPolicy2025” in the first sentence so we know you read the post. Attach two short writing samples (policy memo, client brief, or comment letter) that you personally drafted (redact client names if needed). Give us your hourly rate OR a fixed monthly retainer quote for 10 hrs/week. In less than 150 words, tell us which upcoming U.S. cybersecurity regulation you think will most impact China-US relations and why. Optional: link to LinkedIn, law firm bio, or publications. TIMELINE Proposals reviewed on a rolling basis; job closes when we find the right fit. 15-min video screen → paid 1-hr scenario exercise → offer. We’re committed to diversity and welcome applicants of all backgrounds. If you’re a policy wonk who geeks out on footnotes in Federal Register filings, we’d love to hear from you! Apply tot his job