Cybersecurity Policy and Privacy Lead

ECS is seeking a Cybersecurity Policy and Privacy Lead to work in our Washington, DC office.

The duties of the candidate will include the following:

• Provide leadership for the organization's cyber policy & privacy programs.
• Lead mid-level and junior policy analysts in the development of policy governance documentation.
• Identify gaps and areas where policies and procedures need to be developed or revised to align with NIST CSF guidelines.
• Draft clear and concise policies addressing cybersecurity governance, risk management, asset management, access control, incident response, and other relevant areas.
• Review and update existing information security policy, standards, and guidelines based on federal and departmental regulations.
• Develop detailed procedures that operationalize the cybersecurity policies.
• Review existing and proposed policies with stakeholders.
• Develop and implement standardized position descriptions based on established cyber work roles.
• Develop and review recruiting, hiring, and retention procedures in accordance with current HR policies.
• Develop or assist in the development of training policies and protocols for cyber training.
• Ensure that cyber workforce management policies and processes comply with legal and organizational requirements regarding equal opportunity, diversity, and fair hiring/employment practices.
• Establish, resource, implement, and assess cyber workforce management programs in accordance with organizational requirements.
• Review and apply organizational policies related to or influencing the cyber workforce.
• Review/Assess cyber workforce effectiveness to adjust skill and/or qualification standards.
• Interpret and apply applicable laws, statutes, and regulatory documents and integrate into policy.
• Maintain accurate documentation of developed policies and procedures.
• Implement a version control system to track changes, updates, and revisions made to the documents over time.
• Monitor the rigorous application of cyber policies, principles, and practices in the delivery of planning and management services.
• Tailor technical and planning information to a customer's level of understanding.
• Seek consensus on proposed policy changes from stakeholders.
• Provide policy guidance to cyber management, staff, and users.
• Direct and oversee privacy specialists and coordinate privacy and data security programs with senior executives globally to ensure consistency across the organization.
• Coordinate with the Chief Information Security Officer to ensure alignment between security and privacy practices.
• Establish, implement and maintain organization-wide policies and procedures to comply with privacy regulations.
• Ensure that the agency maintains appropriate privacy and confidentiality notices, consent, and authorization forms, and materials.
• Assist as needed with Privacy Impact Assessments (PIAs) of the application's security design for the appropriate security controls, which protect the confidentiality and integrity of Personally Identifiable Information (PII).

Salary Range: $120,000 - $138,000

General Description of Benefits

• A bachelor's degree in cybersecurity, information technology, computer science, English or a related field.
• Experience in creating and analyzing cybersecurity policy and recommending updates and corrections as necessary, to deliver at the specified quality level.
• Strong written and verbal communication skills.
• Demonstrated ability to lead a team.
• Ability to organize team's work using agile principles in order to deliver work products efficiently and quickly.
• Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.
• Ability to leverage best practices and lessons learned of external organizations and academic institutions dealing with cyber issues.
• Ability to develop career path opportunities.
• Ability to determine the validity of workforce trend data.
• Knowledge of applicable business processes and operations of customer organizations.
• Experience reviewing and drafting Privacy Impact Assessments (PIAs).
• Knowledge of cybersecurity and privacy principles.
• Creating policies that reflect the business's privacy and cybersecurity objectives.
• Communicate with all levels of management including senior executives (e.g., interpersonal skills, approachability, effective listening skills, appropriate use of style and language for the audience).
• Asist in developing privacy and cybersecurity training materials and other communications to increase employee understanding of company privacy and cybersecurity policies, data handling practices and procedures and legal obligations.
• Ability to interpret and apply NIST CSF guidelines to develop tailored cybersecurity policies and procedures suitable for the organization's needs.
• Experience in translating complex technical concepts into easily understandable and implementable policies and procedures, catering to diverse stakeholders.
• Experience in organizing documentation to facilitate easy navigation and understanding.
• Experience in managing versioning and track changes in policy documents.
• Clear and concise communicator capable of articulating complex cybersecurity concepts in both written documentation and verbal presentations.
• Experience in working independently (taking initiative) while working in a team environment (cooperating with team members and supporting team members).
• Knowledge and understanding of basic security principles relating to confidentiality, integrity, and availability, risk assessments, administrative controls, technical controls, disaster recovery, etc.
• Experience with Microsoft Word, Excel, and PowerPoint (Visio a plus).

Certifications/Licenses:

• 8-10 years of experience in Cybersecurity and Policy;
• 2+ years of demonstrated experience producing information security-related documentation addressing procedures, standards, and guidelines to ensure information security. This includes proficiency in formulating policies and procedures aligned with the National Institute of Standards and Technology Cybersecurity Framework or analogous sectors.
• Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), or Certified Information Privacy Manager (CIPM).
• Project Management Professional (PMP) certification
• Bachelor's degree, MBA, J.D.;
• Certifications addressing information privacy technology, privacy program governance (organization level, develop the privacy program framework, implement the privacy policy framework, metrics) privacy operation lifecycle (assess your organization, protect, sustain, respond), program management, risk management, categorization of information systems, selection of security controls, security control implementation and assessment, information system authorization, monitoring of security controls, understand basic cybersecurity concepts and definitions, apply cybersecurity architecture principles
• Active Public Trust clearance or eligible to obtain a Public Trust clearance.