C

Lead Security Policy and Training Manager

cFocus Software Incorporated • United State
Remote
Apply
AI Summary

Lead the development and maintenance of information security policies, standards, and governance documentation. Develop and manage enterprise cybersecurity awareness and training programs. Ensure policy documentation remains aligned with Federal cybersecurity requirements.

Key Highlights
Lead the development and maintenance of information security policies, standards, and governance documentation
Develop and manage enterprise cybersecurity awareness and training programs
Ensure policy documentation remains aligned with Federal cybersecurity requirements
Key Responsibilities
Lead the development, review, revision, and maintenance of NIH/OD information security policies, standards, procedures, and governance documentation
Establish and maintain an enterprise Information Security Policy Management Strategy
Ensure policy documentation remains aligned with NIH, HHS, OMB, DHS, NIST, FISMA, Executive Orders, and other Federal cybersecurity requirements
Develop governance processes for policy lifecycle management, approval, publication, version control, and annual review
Maintain the inventory of all NIH/OD information security policies and supporting documentation
Coordinate policy reviews with Government stakeholders and technical subject matter experts
Monitor emerging Federal cybersecurity legislation, Executive Orders, OMB memoranda, NIST Special Publications, HHS directives, CISA guidance, and other regulatory requirements
Analyze the operational impact of new cybersecurity policies affecting NIH/OD
Identify compliance gaps and recommend implementation strategies
Prepare formal policy analysis reports for NIH leadership
Brief executive leadership on regulatory changes and implementation priorities
Support strategic planning for future policy adoption
Lead and manage the NIH/OD Information Security Awareness Program
Develop annual security awareness strategies and implementation plans
Design awareness campaigns addressing current cyber threats and user risks
Promote a culture of cybersecurity throughout the NIH organization
Measure program effectiveness through metrics and user participation
Develop continuous improvement initiatives for security awareness
Design, develop, coordinate, and oversee enterprise cybersecurity training programs
Develop role-based security training for technical and non-technical personnel
Coordinate instructor-led training sessions, webinars, workshops, and awareness events
Develop online learning content supporting NIH security objectives
Ensure mandatory cybersecurity awareness training meets Federal requirements
Evaluate training effectiveness through assessments and feedback
Technical Skills Required
Public Trust Clearance Information Security Policy Management Cybersecurity Governance
Benefits & Perks
Fully remote work
Public Trust Clearance
Nice to Have
CISSP, CGRC, CISM, CRISC, GSLC, CIPM, CIPP/US, HCISPP, CPTM, CPTD, or PMP

Job Description


cFocus Software seeks a Lead Security Policy / Training Manager to join our program supporting the National Institutes of Health (NIH). This position is fully remote. This position requires a Public Trust or the ability to obtain a public trust clearance.
Qualifications:
  • Public Trust Clearance
  • B.S. Computer Science, Information Technology, or a related field
  • 10+ years of experience in information security, cybersecurity governance, compliance, or security program management.
  • 5+ years leading enterprise security policy, governance, or awareness programs.
  • Experience supporting Federal civilian agencies or other large enterprise organizations.
  • Experience developing information security policies aligned with Federal cybersecurity requirements.
  • Experience designing and managing enterprise cybersecurity awareness and training programs.
  • Experience supporting executive-level governance initiatives.
  • Preferred certifications: CISSP, CGRC, CISM, CRISC, GSLC, CIPM, CIPP/US, HCISPP, CPTM, CPTD, or PMP
Duties:
  • Lead the development, review, revision, and maintenance of NIH/OD information security policies, standards, procedures, and governance documentation.
  • Establish and maintain an enterprise Information Security Policy Management Strategy.
  • Ensure policy documentation remains aligned with NIH, HHS, OMB, DHS, NIST, FISMA, Executive Orders, and other Federal cybersecurity requirements.
  • Develop governance processes for policy lifecycle management, approval, publication, version control, and annual review.
  • Maintain the inventory of all NIH/OD information security policies and supporting documentation.
  • Coordinate policy reviews with Government stakeholders and technical subject matter experts.
  • Monitor emerging Federal cybersecurity legislation, Executive Orders, OMB memoranda, NIST Special Publications, HHS directives, CISA guidance, and other regulatory requirements.
  • Analyze the operational impact of new cybersecurity policies affecting NIH/OD.
  • Identify compliance gaps and recommend implementation strategies.
  • Prepare formal policy analysis reports for NIH leadership.
  • Brief executive leadership on regulatory changes and implementation priorities.
  • Support strategic planning for future policy adoption.
  • Lead and manage the NIH/OD Information Security Awareness Program.
  • Develop annual security awareness strategies and implementation plans.
  • Design awareness campaigns addressing current cyber threats and user risks.
  • Promote a culture of cybersecurity throughout the NIH organization.
  • Measure program effectiveness through metrics and user participation.
  • Develop continuous improvement initiatives for security awareness.
  • Design, develop, coordinate, and oversee enterprise cybersecurity training programs.
  • Develop role-based security training for technical and non-technical personnel.
  • Coordinate instructor-led training sessions, webinars, workshops, and awareness events.
  • Develop online learning content supporting NIH security objectives.
  • Ensure mandatory cybersecurity awareness training meets Federal requirements.
  • Evaluate training effectiveness through assessments and feedback.

Similar Jobs

Explore other opportunities that match your interests

Visa Sponsorship Relocation Remote
Job Type Full-time
Experience Level Not Applicable

ladders

United State

Senior Security Engineer

Cyber Security
•
3h ago
Visa Sponsorship Relocation Remote
Job Type Contract
Experience Level Mid-Senior level

Insight Global

United State

Senior Information Security Analyst

Cyber Security
•
3h ago

Premium Job

Sign up is free! Login or Sign up to view full details.

•••••• •••••• ••••••
Job Type ••••••
Experience Level ••••••

Proven Recruiting

United State

Subscribe our newsletter

New Things Will Always Update Regularly