Benefits:
401(k) matching
Competitive salary
Health insurance
Paid time off
About this Role:
We are seeking a Cybersecurity Senior Subject Matter Expert (SME) to provide expert advisory support, cyber governance leadership, and risk management guidance across enterprise cybersecurity initiatives within HHS. This role serves as a senior consultant responsible for supporting cybersecurity planning, program oversight, policy development, and federal compliance activities in alignment with cybersecurity mandates and agency missions. The ideal candidate brings extensive knowledge of federal cybersecurity frameworks, executive-level communication skills, and proven experience advising CIO, CISO, and security leadership stakeholders.
Key Responsibilities:
Strategic Cybersecurity Advisory
Provide subject matter expertise to support cybersecurity strategy, governance, and modernization efforts.
Advise senior leadership on cybersecurity risks, compliance gaps, and enterprise risk mitigation strategies.
Support development of cybersecurity maturity roadmaps and enterprise resilience initiatives.
Cyber Governance & Policy Support
Lead development, review, and implementation of cybersecurity policies, standards, and standard operating procedures (SOPs).
Support cybersecurity governance boards, working groups, and policy lifecycle management.
Assist in workforce enablement by providing cybersecurity policy training and awareness guidance.
Cyber Risk Management
Support implementation of NIST Risk Management Framework (RMF) across enterprise systems.
Provide guidance on FedRAMP authorization, High Value Asset (HVA) protection, and Continuous Monitoring (ISCM) practices.
Advise on Cyber Supply Chain Risk Management (C-SCRM) strategy and vendor security assessments.
Integrate cybersecurity risk with Enterprise Risk Management (ERM) frameworks.
Compliance & Audit Readiness
Ensure program alignment with FISMA, NIST 800-53, and federal cyber mandates.
Provide oversight and support to system ISSOs and security assessors.
Prepare and review ATO documentation, POA&Ms, and audit artifacts for compliance readiness.
Contribute to cybersecurity dashboards and FISMA performance reporting.
Cyber Program Enablement
Support Cyber Affairs and Information Management by enhancing stakeholder engagement and federal coordination.
Conduct cyber data analysis to support decision-making, metrics reporting, and risk intelligence.
Ensure quality assurance and Section 508 compliance for all deliverables.
Prepare weekly status reports, executive presentations, briefing materials, and decision memos.
Security Requirements
Adherence to federal cybersecurity policies including:
FISMA, NIST SP 800-53 Rev 5
FedRAMP moderate/high security standards
Controlled Unclassified Information (CUI) protocols
Mandatory 1-hour cybersecurity incident reporting
Qualifications and Skills:
Bachelor’s degree in Cybersecurity, Information Technology, Engineering, or related field.
10+ years of experience in cybersecurity, risk management, or cyber compliance roles.
Demonstrated experience advising CIO/CISO-level stakeholders.
Knowledge of:
NIST 800-53, RMF, CSF
FedRAMP, FISMA, and federal A&A processes
CUI handling, Privacy Act, and DHS/CISA guidance
Proven experience in cyber program management, policy analysis, or governance.
Excellent communication and stakeholder engagement skills.
Must be able to obtain and maintain a Public Trust clearance/Must be a US citizen.
Desired Skills and Competencies:
Active cybersecurity or program management certifications such as:
CISSP, CISM, CAP, CGRC, PMP, CEH, CCSP
Experience supporting cybersecurity programs at HHS or other federal agencies (DHS, VA, DoD, DOJ, etc.).
Experience developing cybersecurity strategies, governance frameworks, or risk management programs.
Familiarity with Zero Trust Architecture and Executive Order 14028 compliance.
Flexible work from home options available.