Cyber Policy and Strategy Planner

Company: VMD Corp
Location: Arlington
Posted on: April 16, 2025

Job Description:

Description

Position at VMD Corp


As a Vision, Mission, and Driven company, VMD has been delivering information technology solutions to the Federal government in Agile Engineering, Cybersecurity, andCriticalInfrastructure Protection since 2002. Our mission has now expanded, and we have merged with Xcelerate Solutions to revolutionize end-to-end enterprise security. Together we are committed to protecting our nation's citizens, critical infrastructure, and resources.Why Join VMD Corp?At VMD, now a part of Xcelerate Solutions, you have the opportunity to thrive in your career and become a Game Changer. The quality and talent of our people is what drives our success. We embrace an employee-first culture and make it a priority to provide professional development opportunities that foster career growth.We help protect American Citizens and the nation's most critical infrastructure by working alongside our customers and delivering game changing solutions to strengthen their missions. We believe our passion and commitment to achieve our customers' goals and solve their most critical challenges defines who we are. We don't just dream big, we act on it - through teamwork, dedication, and resilience.Learn more about VMD culture here:Key Functions:Cyber Policy and Strategy Planner (OV-SPP-002): Develops and maintains cybersecurity and privacy plans, strategy, and policy to support and align with organizational cybersecurity and privacy initiatives and regulatory compliance. Reviews existing and proposed policies with stakeholders. Interprets and applies applicable laws, statutes, and regulatory documents and integrates into policy. Provides policy guidance to cyber management, staff, and users. Seeks consensus on proposed policy changes from stakeholders.Selected ResponsibilitiesReview existing and proposed policies with stakeholders.Interprets and applies applicable laws, statutes, and regulatory documents and integrates into policy.Analyzes organizational cybersecurity and privacy policy.Assess policy needs and collaborate with stakeholders to develop policies to govern cybersecurity and privacy activities.Draft, staff, and publish cybersecurity and privacy policy.Seeks consensus on proposed policy changes from stakeholders.Provides policy guidance to cybersecurity and privacy management, staff, and users.Define and integrate current and future mission environments.Monitor the rigorous application of cybersecurity and privacy policies, principles, and practices in the delivery of planning and management services.Review, conduct, or participate in audits of cybersecurity and privacy programs and projects.Develop policy, programs, and guidelines for implementation.Establish and maintain communication channels with stakeholders.Ensure that cybersecurity and privacy workforce management policies and processes comply with legal and organizational requirements regarding equal opportunity, diversity, and fair hiring/employment practices.Promote awareness of cybersecurity and privacy policy and strategy as appropriate among management and ensure sound principles are reflected in the organization's mission, vision, and goals.Design/integrate a cybersecurity/privacy strategy that outlines the vision, mission, and goals that align with the organization's strategic plan.Serve on agency security and privacy policy boards.Advocate for adequate funding for cybersecurity and privacy training resources, to include both internal and industry-provided courses, instructors, and related materials.Review/Assess cybersecurity and privacy workforce effectiveness to adjust skill and/or qualification standardsRequired AbilitiesAbility to work from narrative interaction with senior managers and subject matter experts to produce insightful cybersecurity and privacy policy initiativesAbility to leverage best practices and lessons learned of external organizations and academic institutions dealing with cybersecurity and privacy policycissues.Ability to monitor advancements in information technologies that affect cybersecurity and privacy policy and ensure appropriate organizational adaptation and compliance.Ability to evaluate information for reliability, validity, and relevance.Ability to develop, update, and/or maintain policies and standard operating procedures (SOPs).Ability to develop clear policy directions and effective presentation materials.Ability to produce policy documentation.Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.Ability to prepare and present briefings.Ability to answer questions in a clear and concise manner.Ability to ask clarifying questions.Ability to function in a collaborative environment, seeking continuous consultation with analysts and experts-both internal and external to the organization-to leverage analytical and technical expertise.Ability to map cybersecurity and privacy principles to policy implementations (relevant to confidentiality, integrity, availability, authentication, nonrepudiation).Required KnowledgeKnowledge of NIST Risk Management Framework (RMF) requirements.Knowledge of the nature and function of the relevant information structure (e.g., National Information Infrastructure).Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.Knowledge of the organization's core business/mission processes.Knowledge of risk/threat assessment.Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).Knowledge of industry-standard and organizationally accepted analysis principles and methods.Knowledge of specific operational impacts of cybersecurity and privacy lapses.Knowledge of computer networking concepts and protocols, and network security methodologies.Knowledge of cybersecurity and privacy principles.Knowledge of cybersecurity and privacy threats and vulnerabilities.Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).Knowledge of new and emerging information technology (IT) and cybersecurity technologies.Knowledge of resource management principles and techniques.Knowledge of system life cycle management principles, including software security and usability.Knowledge of how information needs and collection requirements are translated, tracked, and prioritized across the extended enterprise.Knowledge of enterprise incident response program, roles, and responsibilities.Knowledge of Cloud-based knowledge management technologies and concepts related to security, governance, procurement, and administration.Knowledge of organizational process improvement concepts and process maturity models (e.g., Capability Maturity Model Integration (CMMI) for Development, CMMI for Services, and CMMI for Acquisitions).Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).Knowledge of sustainment technologies, processes and strategies.Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, nonrepudiation).Knowledge of who FDIC's operational planners are, how and where they can be contacted, and what are their collaboration expectations.Knowledge of network privacy architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).Knowledge of encryption methodologies.Knowledge of Personally Identifiable Information (PII) data security standards.Knowledge of Payment Card Industry (PCI) data security standards.Qualifications and SkillsSkill in preparing cybersecurity and privacy policy plans and related correspondence.Skill in drafting, editing and publishing cybersecurity and privacy policy documentationSkill in talking to others to convey information effectively.Skill in administrative planning activities, to include preparation of functional and specific support plans, preparing and managing correspondence, and staffing procedures.Skill in applying policy implementation and delivery capabilities.Skill in identifying gaps in policy implementation and delivery capabilities.Skill in utilizing feedback to improve processes, procedures and, services related to cybersecurity and privacy policy implementationPreferred Experience and CertificationsThis requires 7+ years of relevant cyber security experience and is a Senior Position.Recommended QualificationsAt least 3-5 years of relevant experience supporting enterprise cybersecurity and privacy policyBA/BS recommended in computer science, computer engineering or equivalent work experience or formal legal training with security and privacy specialization3-5 years of practical knowledge of policy areas typically obtained through advanced education combined with experience. Legal training and experience in policy development a plusRelevant CertificationsEC-Council Disaster Recovery Professional (EDRP)EC-Council Certified Ethical Hacker (CEH)Federal Acquisition Certification - Program and Project Management (FAC - P/PM) - Senior/ExpertFISMA Certified FISMA Compliance Practitioner (CFCP)GIAC Information Security Professional (GISP)GIAC Security Essentials Certification (GSEC)ITIL v3 FoundationsISACA Certified in the Governance of Enterprise IT (CGEIT)ISACA Certified Information Security Manager (CISM)ISC2 Certified Authorization Professional (CAP)ISC2 Certified Information Systems Security Professional (CISSP)ISC2 CISSP Information Systems Security Management Professional (CISSP-ISSMP)Citizenship and Clearance: US Citizenship, Must be eligible to pass a FDIC background investigationLocation: Must reside within the DC Metro area. Remote and Contractor Site 1515 Wilson Blvd. Arlington, VA 22209VMD provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran per applicable Federal, state and local laws. VMD maintains a drug-free workplace.

Keywords: VMD Corp, Reston , Cyber Policy and Strategy Planner, Other , Arlington, Virginia