NIH - Lead Security Policy / Training Manager

Auto Import

<span style="font-size:11pt;"><span style="line-height:normal;"><span style="font-family:'Times New Roman', serif;"><span style="font-size:10pt;">cFocus Software seeks a Lead Security Policy / Training Manager to join our program supporting the National Institutes of Health (NIH). This position is fully remote. This position requires a Public Trust or the ability to obtain a public trust clearance.</span></span></span></span><br><span style="font-size:11pt;"><span style="line-height:normal;"><span style="font-family:'Times New Roman', serif;"><b><span style="font-size:10pt;">Qualifications:</span></b></span></span></span><ul><li style="margin-left:8px;"><span style="font-size:11pt;"><span style="line-height:107%;"><span style="font-family:'Times New Roman', serif;"><span style="font-size:10pt;"><span style="line-height:107%;">Public Trust Clearance</span></span></span></span></span></li><li style="margin-left:8px;"><span style="font-size:11pt;"><span style="line-height:normal;"><span><span style="font-family:'Times New Roman', serif;"><span style="font-size:10pt;">B.S. Computer Science, Information Technology, or a related field</span></span></span></span></span></li><li style="margin-left:8px;"><span style="font-size:11pt;"><span style="line-height:normal;"><span><span style="font-family:'Times New Roman', serif;"><span style="font-size:10pt;">10+ years of experience in information security, cybersecurity governance, compliance, or security program management.</span></span></span></span></span></li><li style="margin-left:8px;"><span style="font-size:11pt;"><span style="line-height:normal;"><span><span style="font-family:'Times New Roman', serif;"><span style="font-size:10pt;">5+ years leading enterprise security policy, governance, or awareness programs.</span></span></span></span></span></li><li style="margin-left:8px;"><span style="font-size:11pt;"><span style="line-height:normal;"><span><span style="font-family:'Times New Roman', serif;"><span style="font-size:10pt;">Experience supporting Federal civilian agencies or other large enterprise organizations.</span></span></span></span></span></li><li style="margin-left:8px;"><span style="font-size:11pt;"><span style="line-height:normal;"><span><span style="font-family:'Times New Roman', serif;"><span style="font-size:10pt;">Experience developing information security policies aligned with Federal cybersecurity requirements.</span></span></span></span></span></li><li style="margin-left:8px;"><span style="font-size:11pt;"><span style="line-height:normal;"><span><span style="font-family:'Times New Roman', serif;"><span style="font-size:10pt;">Experience designing and managing enterprise cybersecurity awareness and training programs.</span></span></span></span></span></li><li style="margin-left:8px;"><span style="font-size:11pt;"><span style="line-height:normal;"><span><span style="font-family:'Times New Roman', serif;"><span style="font-size:10pt;">Experience supporting executive-level governance initiatives.</span></span></span></span></span></li><li style="margin-left:8px;"><span style="font-size:11pt;"><span style="line-height:normal;"><span><span style="font-family:'Times New Roman', serif;"><span style="font-size:10pt;">Preferred certifications: CISSP, CGRC, CISM, CRISC, GSLC, CIPM, CIPP/US, HCISPP, CPTM, CPTD, or PMP</span></span></span></span></span></li></ul><br><span style="font-size:11pt;"><span style="line-height:107%;"><span style="font-family:'Times New Roman', serif;"><b><span style="font-size:10pt;"><span style="line-height:107%;">Duties:</span></span></b></span></span></span><ul><li style="margin-left:8px;"><span style="font-size:11pt;"><span><span style="line-height:107%;"><span style="font-family:'Times New Roman', serif;"><span style="font-size:10pt;"><span style="line-height:107%;"><span style="color:#030303;">Lead the development, review, revision, and maintenance of NIH/OD information security policies, standards, procedures, and governance documentation.</span></span></span></span></span></span></span></li><li style="margin-left:8px;"><span style="font-size:11pt;"><span><span style="line-height:107%;"><span style="font-family:'Times New Roman', serif;"><span style="font-size:10pt;"><span style="line-height:107%;"><span style="color:#030303;">Establish and maintain an enterprise Information Security Policy Management Strategy.</span></span></span></span></span></span></span></li><li style="margin-left:8px;"><span style="font-size:11pt;"><span><span style="line-height:107%;"><span style="font-family:'Times New Roman', serif;"><span style="font-size:10pt;"><span style="line-height:107%;"><span style="color:#030303;">Ensure policy documentation remains aligned with NIH, HHS, OMB, DHS, NIST, FISMA, Executive Orders, and other Federal cybersecurity requirements.</span></span></span></span></span></span></span></li><li style="margin-left:8px;"><span style="font-size:11pt;"><span><span style="line-height:107%;"><span style="font-family:'Times New Roman', serif;"><span style="font-size:10pt;"><span style="line-height:107%;"><span style="color:#030303;">Develop governance processes for policy lifecycle management, approval, publication, version control, and annual review.</span></span></span></span></span></span></span></li><li style="margin-left:8px;"><span style="font-size:11pt;"><span><span style="line-height:107%;"><span style="font-family:'Times New Roman', serif;"><span style="font-size:10pt;"><span style="line-height:107%;"><span style="color:#030303;">Maintain the inventory of all NIH/OD information security policies and supporting documentation.</span></span></span></span></span></span></span></li><li style="margin-left:8px;"><span style="font-size:11pt;"><span><span style="line-height:107%;"><span style="font-family:'Times New Roman', serif;"><span style="font-size:10pt;"><span style="line-height:107%;"><span style="color:#030303;">Coordinate policy reviews with Government stakeholders and technical subject matter experts.</span></span></span></span></span></span></span></li><li style="margin-left:8px;"><span style="font-size:11pt;"><span><span style="line-height:107%;"><span style="font-family:'Times New Roman', serif;"><span style="font-size:10pt;"><span style="line-height:107%;"><span style="color:#030303;">Monitor emerging Federal cybersecurity legislation, Executive Orders, OMB memoranda, NIST Special Publications, HHS directives, CISA guidance, and other regulatory requirements.</span></span></span></span></span></span></span></li><li style="margin-left:8px;"><span style="font-size:11pt;"><span><span style="line-height:107%;"><span style="font-family:'Times New Roman', serif;"><span style="font-size:10pt;"><span style="line-height:107%;"><span style="color:#030303;">Analyze the operational impact of new cybersecurity policies affecting NIH/OD.</span></span></span></span></span></span></span></li><li style="margin-left:8px;"><span style="font-size:11pt;"><span><span style="line-height:107%;"><span style="font-family:'Times New Roman', serif;"><span style="font-size:10pt;"><span style="line-height:107%;"><span style="color:#030303;">Identify compliance gaps and recommend implementation strategies.</span></span></span></span></span></span></span></li><li style="margin-left:8px;"><span style="font-size:11pt;"><span><span style="line-height:107%;"><span style="font-family:'Times New Roman', serif;"><span style="font-size:10pt;"><span style="line-height:107%;"><span style="color:#030303;">Prepare formal policy analysis reports for NIH leadership.</span></span></span></span></span></span></span></li><li style="margin-left:8px;"><span style="font-size:11pt;"><span><span style="line-height:107%;"><span style="font-family:'Times New Roman', serif;"><span style="font-size:10pt;"><span style="line-height:107%;"><span style="color:#030303;">Brief executive leadership on regulatory changes and implementation priorities.</span></span></span></span></span></span></span></li><li style="margin-left:8px;"><span style="font-size:11pt;"><span><span style="line-height:107%;"><span style="font-family:'Times New Roman', serif;"><span style="font-size:10pt;"><span style="line-height:107%;"><span style="color:#030303;">Support strategic planning for future policy adoption.</span></span></span></span></span></span></span></li><li style="margin-left:8px;"><span style="font-size:11pt;"><span><span style="line-height:107%;"><span style="font-family:'Times New Roman', serif;"><span style="font-size:10pt;"><span style="line-height:107%;"><span style="color:#030303;">Lead and manage the NIH/OD Information Security Awareness Program.</span></span></span></span></span></span></span></li><li style="margin-left:8px;"><span style="font-size:11pt;"><span><span style="line-height:107%;"><span style="font-family:'Times New Roman', serif;"><span style="font-size:10pt;"><span style="line-height:107%;"><span style="color:#030303;">Develop annual security awareness strategies and implementation plans.</span></span></span></span></span></span></span></li><li style="margin-left:8px;"><span style="font-size:11pt;"><span><span style="line-height:107%;"><span style="font-family:'Times New Roman', serif;"><span style="font-size:10pt;"><span style="line-height:107%;"><span style="color:#030303;">Design awareness campaigns addressing current cyber threats and user risks.</span></span></span></span></span></span></span></li><li style="margin-left:8px;"><span style="font-size:11pt;"><span><span style="line-height:107%;"><span style="font-family:'Times New Roman', serif;"><span style="font-size:10pt;"><span style="line-height:107%;"><span style="color:#030303;">Promote a culture of cybersecurity throughout the NIH organization.</span></span></span></span></span></span></span></li><li style="margin-left:8px;"><span style="font-size:11pt;"><span><span style="line-height:107%;"><span style="font-family:'Times New Roman', serif;"><span style="font-size:10pt;"><span style="line-height:107%;"><span style="color:#030303;">Measure program effectiveness through metrics and user participation.</span></span></span></span></span></span></span></li><li style="margin-left:8px;"><span style="font-size:11pt;"><span><span style="line-height:107%;"><span style="font-family:'Times New Roman', serif;"><span style="font-size:10pt;"><span style="line-height:107%;"><span style="color:#030303;">Develop continuous improvement initiatives for security awareness.</span></span></span></span></span></span></span></li><li style="margin-left:8px;"><span style="font-size:11pt;"><span><span style="line-height:107%;"><span style="font-family:'Times New Roman', serif;"><span style="font-size:10pt;"><span style="line-height:107%;"><span style="color:#030303;">Design, develop, coordinate, and oversee enterprise cybersecurity training programs.</span></span></span></span></span></span></span></li><li style="margin-left:8px;"><span style="font-size:11pt;"><span><span style="line-height:107%;"><span style="font-family:'Times New Roman', serif;"><span style="font-size:10pt;"><span style="line-height:107%;"><span style="color:#030303;">Develop role-based security training for technical and non-technical personnel.</span></span></span></span></span></span></span></li><li style="margin-left:8px;"><span style="font-size:11pt;"><span><span style="line-height:107%;"><span style="font-family:'Times New Roman', serif;"><span style="font-size:10pt;"><span style="line-height:107%;"><span style="color:#030303;">Coordinate instructor-led training sessions, webinars, workshops, and awareness events.</span></span></span></span></span></span></span></li><li style="margin-left:8px;"><span style="font-size:11pt;"><span><span style="line-height:107%;"><span style="font-family:'Times New Roman', serif;"><span style="font-size:10pt;"><span style="line-height:107%;"><span style="color:#030303;">Develop online learning content supporting NIH security objectives.</span></span></span></span></span></span></span></li><li style="margin-left:8px;"><span style="font-size:11pt;"><span><span style="line-height:107%;"><span style="font-family:'Times New Roman', serif;"><span style="font-size:10pt;"><span style="line-height:107%;"><span style="color:#030303;">Ensure mandatory cybersecurity awareness training meets Federal requirements.</span></span></span></span></span></span></span></li><li style="margin-left:8px;"><span style="font-size:11pt;"><span><span style="line-height:107%;"><span style="font-family:'Times New Roman', serif;"><span style="font-size:10pt;"><span style="line-height:107%;"><span style="color:#030303;">Evaluate training effectiveness through assessments and feedback.</span></span></span></span></span></span></span></li></ul>

Back to blog