NIH - Lead Security Policy / Training Manager
Remote
Full Time
NIH - ISPSS
Experienced
cFocus Software seeks a Lead Security Policy / Training Manager to join our program supporting the National Institutes of Health (NIH). This position is fully remote. This position requires a Public Trust or the ability to obtain a public trust clearance.
Qualifications:
Duties:
Qualifications:
- Public Trust Clearance
- B.S. Computer Science, Information Technology, or a related field
- 10+ years of experience in information security, cybersecurity governance, compliance, or security program management.
- 5+ years leading enterprise security policy, governance, or awareness programs.
- Experience supporting Federal civilian agencies or other large enterprise organizations.
- Experience developing information security policies aligned with Federal cybersecurity requirements.
- Experience designing and managing enterprise cybersecurity awareness and training programs.
- Experience supporting executive-level governance initiatives.
- Preferred certifications: CISSP, CGRC, CISM, CRISC, GSLC, CIPM, CIPP/US, HCISPP, CPTM, CPTD, or PMP
Duties:
- Lead the development, review, revision, and maintenance of NIH/OD information security policies, standards, procedures, and governance documentation.
- Establish and maintain an enterprise Information Security Policy Management Strategy.
- Ensure policy documentation remains aligned with NIH, HHS, OMB, DHS, NIST, FISMA, Executive Orders, and other Federal cybersecurity requirements.
- Develop governance processes for policy lifecycle management, approval, publication, version control, and annual review.
- Maintain the inventory of all NIH/OD information security policies and supporting documentation.
- Coordinate policy reviews with Government stakeholders and technical subject matter experts.
- Monitor emerging Federal cybersecurity legislation, Executive Orders, OMB memoranda, NIST Special Publications, HHS directives, CISA guidance, and other regulatory requirements.
- Analyze the operational impact of new cybersecurity policies affecting NIH/OD.
- Identify compliance gaps and recommend implementation strategies.
- Prepare formal policy analysis reports for NIH leadership.
- Brief executive leadership on regulatory changes and implementation priorities.
- Support strategic planning for future policy adoption.
- Lead and manage the NIH/OD Information Security Awareness Program.
- Develop annual security awareness strategies and implementation plans.
- Design awareness campaigns addressing current cyber threats and user risks.
- Promote a culture of cybersecurity throughout the NIH organization.
- Measure program effectiveness through metrics and user participation.
- Develop continuous improvement initiatives for security awareness.
- Design, develop, coordinate, and oversee enterprise cybersecurity training programs.
- Develop role-based security training for technical and non-technical personnel.
- Coordinate instructor-led training sessions, webinars, workshops, and awareness events.
- Develop online learning content supporting NIH security objectives.
- Ensure mandatory cybersecurity awareness training meets Federal requirements.
- Evaluate training effectiveness through assessments and feedback.
Apply for this position
Required*