NIH – Lead Security Policy / Training Manager

Job Description

Company: cFocus Software Incorporated

cFocus Software seeks a Lead Security Policy / Training Manager to join our program supporting the National Institutes of Health (NIH). This position is fully remote. This position requires a Public Trust or the ability to obtain a public trust clearance.
Qualifications:
• Public Trust Clearance
• B.S. Computer Science, Information Technology, or a related field
• 10+ years of experience in information security, cybersecurity governance, compliance, or security program management.
• 5+ years leading enterprise security policy, governance, or awareness programs.
• Experience supporting Federal civilian agencies or other large enterprise organizations.
• Experience developing information security policies aligned with Federal cybersecurity requirements.
• Experience designing and managing enterprise cybersecurity awareness and training programs.
• Experience supporting executive-level governance initiatives.
• Preferred certifications: CISSP, CGRC, CISM, CRISC, GSLC, CIPM, CIPP/US, HCISPP, CPTM, CPTD, or PMP

Duties:
• Lead the development, review, revision, and maintenance of NIH/OD information security policies, standards, procedures, and governance documentation.
• Establish and maintain an enterprise Information Security Policy Management Strategy.
• Ensure policy documentation remains aligned with NIH, HHS, OMB, DHS, NIST, FISMA, Executive Orders, and other Federal cybersecurity requirements.
• Develop governance processes for policy lifecycle management, approval, publication, version control, and annual review.
• Maintain the inventory of all NIH/OD information security policies and supporting documentation.
• Coordinate policy reviews with Government stakeholders and technical subject matter experts.
• Monitor emerging Federal cybersecurity legislation, Executive Orders, OMB memoranda, NIST Special Publications, HHS directives, CISA guidance, and other regulatory requirements.
• Analyze the operational impact of new cybersecurity policies affecting NIH/OD.
• Identify compliance gaps and recommend implementation strategies.
• Prepare formal policy analysis reports for NIH leadership.
• Brief executive leadership on regulatory changes and implementation priorities.
• Support strategic planning for future policy adoption.
• Lead and manage the NIH/OD Information Security Awareness Program.
• Develop annual security awareness strategies and implementation plans.
• Design awareness campaigns addressing current cyber threats and user risks.
• Promote a culture of cybersecurity throughout the NIH organization.
• Measure program effectiveness through metrics and user participation.
• Develop continuous improvement initiatives for security awareness.
• Design, develop, coordinate, and oversee enterprise cybersecurity training programs.
• Develop role-based security training for technical and non-technical personnel.
• Coordinate instructor-led training sessions, webinars, workshops, and awareness events.
• Develop online learning content supporting NIH security objectives.
• Ensure mandatory cybersecurity awareness training meets Federal requirements.
• Evaluate training effectiveness through assessments and feedback.

Source: LinkedIn