cFocus Software seeks a Lead Security Policy / Training Manager to join our program supporting the National Institutes of Health (NIH). This position is fully remote. This position requires a Public Trust or the ability to obtain a public trust clearance.
Qualifications:-
Public Trust Clearance
-
B.S. Computer Science, Information Technology, or a related field
-
10+ years of experience in information security, cybersecurity governance, compliance, or security program management.
-
5+ years leading enterprise security policy, governance, or awareness programs.
-
Experience supporting Federal civilian agencies or other large enterprise organizations.
-
Experience developing information security policies aligned with Federal cybersecurity requirements.
-
Experience designing and managing enterprise cybersecurity awareness and training programs.
-
Experience supporting executive-level governance initiatives.
-
Preferred certifications: CISSP, CGRC, CISM, CRISC, GSLC, CIPM, CIPP/US, HCISPP, CPTM, CPTD, or PMP
Duties:-
Lead the development, review, revision, and maintenance of NIH/OD information security policies, standards, procedures, and governance documentation.
-
Establish and maintain an enterprise Information Security Policy Management Strategy.
-
Ensure policy documentation remains aligned with NIH, HHS, OMB, DHS, NIST, FISMA, Executive Orders, and other Federal cybersecurity requirements.
-
Develop governance processes for policy lifecycle management, approval, publication, version control, and annual review.
-
Maintain the inventory of all NIH/OD information security policies and supporting documentation.
-
Coordinate policy reviews with Government stakeholders and technical subject matter experts.
-
Monitor emerging Federal cybersecurity legislation, Executive Orders, OMB memoranda, NIST Special Publications, HHS directives, CISA guidance, and other regulatory requirements.
-
Analyze the operational impact of new cybersecurity policies affecting NIH/OD.
-
Identify compliance gaps and recommend implementation strategies.
-
Prepare formal policy analysis reports for NIH leadership.
-
Brief executive leadership on regulatory changes and implementation priorities.
-
Support strategic planning for future policy adoption.
-
Lead and manage the NIH/OD Information Security Awareness Program.
-
Develop annual security awareness strategies and implementation plans.
-
Design awareness campaigns addressing current cyber threats and user risks.
-
Promote a culture of cybersecurity throughout the NIH organization.
-
Measure program effectiveness through metrics and user participation.
-
Develop continuous improvement initiatives for security awareness.
-
Design, develop, coordinate, and oversee enterprise cybersecurity training programs.
-
Develop role-based security training for technical and non-technical personnel.
-
Coordinate instructor-led training sessions, webinars, workshops, and awareness events.
-
Develop online learning content supporting NIH security objectives.
-
Ensure mandatory cybersecurity awareness training meets Federal requirements.
-
Evaluate training effectiveness through assessments and feedback.
RxIu27X3C5