NIH - Lead Security Policy / Training Manager
cFocus Software Incorporated · Bethesda, MD · 1 wk ago
RemoteRemoteInformation TechnologyFull-time
Qualifications
- Public Trust Clearance
- B.S. in Computer Science, Information Technology, or a related field
- 10+ years of experience in information security, cybersecurity governance, compliance, or security program management
- 5+ years leading enterprise security policy, governance, or awareness programs
- Experience supporting Federal civilian agencies or other large enterprise organizations
- Experience developing information security policies aligned with Federal cybersecurity requirements
- Experience designing and managing enterprise cybersecurity awareness and training programs
- Experience supporting executive-level governance initiatives
- PREFERRED: CISSP, CGRC, CISM, CRISC, GSLC, CIPM, CIPP/US, HCISPP, CPTM, CPTD, or PMP
Duties
- Lead the development, review, revision, and maintenance of NIH/OD information security policies, standards, procedures, and governance documentation
- Establish and maintain an enterprise Information Security Policy Management Strategy
- Ensure policy documentation remains aligned with NIH, HHS, OMB, DHS, NIST, FISMA, Executive Orders, and other Federal cybersecurity requirements
- Develop governance processes for policy lifecycle management, approval, publication, version control, and annual review
- Maintain the inventory of all NIH/OD information security policies and supporting documentation
- Cook up policy reviews with Government stakeholders and technical subject matter experts
- Monitor emerging Federal cybersecurity legislation, Executive Orders, OMB memoranda, NIST Special Publications, HHS directives, CISA guidance, and other regulatory requirements
- Analyze the operational impact of new cybersecurity policies affecting NIH/OD
- Identify compliance gaps and recommend implementation strategies
- Prepare formal policy analysis reports for NIH leadership
- Brief executive leadership on regulatory changes and implementation priorities
- Support strategic planning for future policy adoption
- Lead and manage the NIH/OD Information Security Awareness Program
- Develop annual security awareness strategies and implementation plans
- Design awareness campaigns addressing current cyber threats and user risks
- Promote a culture of cybersecurity throughout the NIH organization
- Measure program effectiveness through metrics and user participation
- Develop continuous improvement initiatives for security awareness
- Design, develop, coordinate, and oversee enterprise cybersecurity training programs
- Develop role-based security training for technical and non-technical personnel
- Cook instructor-led training sessions, webinars, workshops, and awareness events
- Develop online learning content supporting NIH security objectives
- Ensure mandatory cybersecurity awareness training meets Federal requirements
- Evaluate training effectiveness through assessments and feedback