Lead NSF’s enterprise cybersecurity and privacy program; set objectives, coach for performance, ensure cross-training and continuity; maintain an adaptive posture with rigorous analysis and implementation.
Govern to NIST RMF (SP 800-37), FISMA, OMB guidance, NIST SP 800-series (including privacy controls), CISA BODs, and FedRAMP; own FISMA IG maturity targets and drive quarterly improvements with metrics-based reporting.
Develop and maintain cybersecurity and privacy policies, plans, procedures, standards, operational guides; establish and manage a documentation and knowledge repository.
Drive risk-based management and security-focused configuration management across infrastructure and applications; maintain risk registers, executive dashboards, and remediation plans.
Privacy Program Management: Partner with SAOP (Senior Agency Official for Privacy) to lead oversight; conduct privacy control assessments (NIST SP 800-53 Rev. 5 privacy, OMB memos); maintain a privacy risk register; embed privacy risk in enterprise reporting; deliver compliance reporting and corrective actions.
Assessment and Authorization/Continuous Monitoring: Lead A&A/Ongoing Authorization; plan and execute assessments aligned to NIST SP 800-53/53A, 800-171/172; manage evidence, weakness analysis, POA&Ms, and durable closure; mature Continuous Monitoring and DHS CDM integrations, dashboards, automated reporting, and alert fidelity.
SIEM (Security Information and Event Management) Monitoring and Audit Logging: Oversee Splunk operations; enforce audit logging standards, log source coverage (infrastructure, applications, cloud), retention/integrity, and compliance mapping; tune detections and dashboards.
Zero Trust and Modernization: Execute NSF’s Zero Trust plan across identity, devices, networks, applications/workloads, and data; implement comprehensive monitoring, risk-based access, automation; conduct red/blue team testing; advance data-centric security, DLP, and protection of sensitive/PII; plan for post-quantum cryptography transitions.
Identity and Account Management: Own enterprise IAM governance—joiner/mover/leaver automation, identity proofing, MFA and conditional access, ABAC (Attribute-Based Access Control)/RBAC (Role-Based Access Control) design, federation, lifecycle monitoring metrics; enforce least privilege, just-in-time/just-enough access.
Privileged Access Management: Lead CyberArk operations for vaulting, credential rotation, session monitoring/recording, access brokering; integrate with IdP, ticketing, and automation to reduce risk and improve efficiency.
Application Security and DevSecOps: Establish secure SDLC standards, threat modeling, secure code reviews, SAST (Static Application Security Testing)/DAST (Dynamic Application Security Testing)/SCA(Software Composition Analysis) in CI/CD, developer training; enforce configuration management; track AppSec KPIs (coverage, defect density, remediation time).
Cloud and External Services Reviews: Conduct security reviews, analysis, and continuous monitoring of cloud/external services; validate FedRAMP inheritance and compensating controls; enforce CSPM policies; perform vendor risk assessments; run quarterly posture reviews and remediation.
Operations, IR, and Forensics: Lead SOC operations and major incident response including after-hours surge; drive root cause analysis, lessons learned, corrective actions; direct IT forensics and eDiscovery with proper chain-of-custody and audit-ready evidence.
Continuity, Contingency, and Service Recovery: Direct BCP (Business Continuity Plans)/DR (Disaster Recovery) strategy with defined RTO (Recovery Time Objective)/RPO (Recovery Point Objective); run tabletop and failover exercises; manage dependency mapping, evidence capture, and corrective actions to meet restoration objectives.
Supply Chain Risk Management: Support ICT (Information and Communications Technology) SCRM (Supply Chain Risk Management) across development, acquisition, maintenance, and disposal; integrate NIST SP 800-161r1 practices, oversee ongoing monitoring and end-of-life disposal controls.
Infrastructure Asset Identification and Classification: Establish authoritative asset inventory and classification standards; integrate with CMDB and DHS CDM for visibility, control coverage, and risk reporting.
Independent Reviews and SCIF Support: Coordinate internal and third-party independent security reviews; support SCIF-related security operations and processes as required.
Tool Refresh and Maturation: Plan refresh cycles and maturity targets for SIEM (Splunk), EDR/XDR, vulnerability scanning, IAM/IdP, PAM (CyberArk), DLP, CSPM/CWPP, configuration management tools, and cloud-native services; measure efficacy and ROI; deprecate low-value tools.
Cybersecurity and Privacy Training: Own awareness and role-based training programs; coordinate content, track completion, measure effectiveness (e.g., phishing resilience), and drive continuous improvement.
Reporting and Deliverables: Deliver monthly/quarterly reports covering FISMA IG maturity, POA&M status/closure, CDM dashboards, SIEM coverage and detection efficacy, incident metrics (MTTD/MTTR), audit response packages, training metrics, continuity/DR test results, and executive risk dashboards.
Performs other job-related duties as assigned.

Requirements

10+ years of cybersecurity leadership; 5+ years leading federal or large enterprise programs with multi-vendor teams.
Demonstrated privacy program leadership in federal environments; partnership with SAOP; execution of PIAs (Privacy Impact Assessments)/SORNs (Systems of Records Notices) and privacy control assessments.
Deep experience with NIST RMF, FISMA, OMB guidance, NIST SP 800-series (including 53/53A and privacy controls), CISA BODs, FedRAMP, DHS CDM.
Proven A&A/Ongoing Authorization leadership; strong continuous monitoring, assessment planning/execution, evidence management, POA&M remediation.
SIEM/Splunk expertise: detections, dashboards, content tuning, data onboarding, audit/log monitoring, and threat analytics.
IAM governance: IdP/IAM platforms (Azure AD/Entra, Okta, Ping), conditional access/MFA, lifecycle automation, ABAC/RBAC policy design, identity proofing, federation.
PAM/CyberArk: architecture and operations for vaulting, credential rotation, session recording, least privilege, JIT/JEA access, and workflow integrations.
Application Security/DevSecOps: secure SDLC, threat modeling, secure code reviews, CI/CD integrations; tooling such as GitLab/GitHub Actions, SonarQube, Veracode, Snyk; familiarity with NIST SSDF.
SOC leadership, incident response, forensics/eDiscovery; cloud security governance across major CSPs; CSPM/CWPP policy design and enforcement.
SCRM and vendor risk management implementing NIST SP 800-161r1; SBOM practices; lifecycle controls from acquisition through disposal.
BCP/DR planning and execution; defined RTO/RPO; exercise orchestration and evidence management.
Strong automation orientation; ability to write and evaluate code in PowerShell, Python, SQL, Java; familiarity with VBA.
Experience establishing authoritative asset inventories and CMDB/CDM integrations; audit logging standards and compliance mapping.
Bachelor’s in Cybersecurity, Information Assurance, Computer Science, Engineering, or related field; Master’s preferred.
Certifications preferred: CISSP, CISM, CRISC, CAP, CCSP, PMP.
Splunk certifications (e.g., Power User, Admin) and CyberArk certifications (Defender, Sentry, Guardian) preferred.
Privacy certification strongly preferred: CIPP/G or equivalent federal privacy leadership experience.
Must pass pre-employment qualifications of Cherokee Federal.

Benefits

Medical
Dental
Vision
401K
Other possible benefits as provided. Benefits are subject to change with or without notice.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

cybersecurity leadershipprivacy program managementNIST RMFFISMAOMB guidanceNIST SP 800-seriesSIEMIAM governancePAMapplication security

Soft Skills

leadershipcoachingcross-trainingrisk managementcommunicationcollaborationanalytical skillsproblem-solvingcontinuous improvementtraining coordination

Certifications

CISSPCISMCRISCCAPCCSPPMPSplunk certificationsCyberArk certificationsCIPP/GMaster's in Cybersecurity