Privacy and Controlled Unclassified Information (CUI) Lead in Washington, District of Columbia at cFocus Software Incorporated
NewJob Function: Admin/Clerical/SecretarialEmployment Type: Full-Time
cFocus Software Incorporated
Washington, District of Columbia, 20001, United States
Posted on
New job! Apply early to increase your chances of getting hired.
Explore Related Opportunities
Computer and Information Analysts jobs near me in Washington, D.C.Jobs near me in Washington, D.C.Computer and Information Analysts jobs
Job Description
Privacy and Controlled Unclassified Information (CUI) Lead Position Title: Privacy and Controlled Unclassified Information Lead
Program: SBA Enterprise Cybersecurity Services (ECS)Position SummaryThe Privacy and Controlled Unclassified Information (CUI) Lead supports the Small Business Administration (SBA) Enterprise Cybersecurity Services (ECS) program by leading enterprise privacy, controlled unclassified information (CUI), data governance, and regulatory compliance initiatives. This position aligns with the HACS SIN Cyber Task Manager labor category and provides leadership, oversight, coordination, and management support for SBA privacy and CUI programs in alignment with federal cybersecurity, privacy, and information protection requirements.
The Privacy and CUI Lead is responsible for managing privacy compliance activities, CUI governance processes, risk management coordination, data protection initiatives, privacy impact assessments, policy development, training support, audit coordination, and continuous monitoring activities supporting SBA systems, applications, cloud services, and enterprise operations. The role serves as the primary interface between program stakeholders, cybersecurity teams, system owners, legal personnel, and agency leadership regarding privacy and sensitive information protection requirements.Essential Duties and Responsibilities
Program: SBA Enterprise Cybersecurity Services (ECS)Position SummaryThe Privacy and Controlled Unclassified Information (CUI) Lead supports the Small Business Administration (SBA) Enterprise Cybersecurity Services (ECS) program by leading enterprise privacy, controlled unclassified information (CUI), data governance, and regulatory compliance initiatives. This position aligns with the HACS SIN Cyber Task Manager labor category and provides leadership, oversight, coordination, and management support for SBA privacy and CUI programs in alignment with federal cybersecurity, privacy, and information protection requirements.
The Privacy and CUI Lead is responsible for managing privacy compliance activities, CUI governance processes, risk management coordination, data protection initiatives, privacy impact assessments, policy development, training support, audit coordination, and continuous monitoring activities supporting SBA systems, applications, cloud services, and enterprise operations. The role serves as the primary interface between program stakeholders, cybersecurity teams, system owners, legal personnel, and agency leadership regarding privacy and sensitive information protection requirements.Essential Duties and Responsibilities
- Lead SBA enterprise privacy and Controlled Unclassified Information (CUI) management activities supporting the ECS program.
- Provide oversight and coordination for Task Area 3.5.5 Privacy and Controlled Unclassified Information Support activities.
- Develop, implement, update, and maintain privacy and CUI policies, procedures, standards, governance documentation, and operational processes.
- Support compliance with applicable federal privacy and information protection requirements including the Privacy Act of 1974, FISMA, OMB Circular A-130, NIST SP 800-53 Rev 5, NIST SP 800-171 Rev 3, and SBA cybersecurity/privacy policies.
- Lead Privacy Impact Assessments (PIAs), System of Records Notices (SORNs), data flow reviews, and privacy compliance assessments for SBA systems and services.
- Manage CUI identification, categorization, marking, handling, safeguarding, dissemination, storage, and destruction activities in accordance with federal standards.
- Coordinate privacy and CUI risk management activities with ISSOs, system owners, cybersecurity operations teams, legal counsel, and agency stakeholders.
- Support implementation and assessment of privacy and security controls across enterprise systems, cloud environments, SaaS platforms, and hybrid infrastructures.
- Provide guidance regarding data minimization, records retention, information sharing, encryption, and data protection best practices.
- Support ongoing authorization, continuous monitoring, and security assessment activities related to privacy and CUI controls.
- Assist with cybersecurity incident response and breach response activities involving personally identifiable information (PII) or CUI exposure.
- Coordinate audit support activities for privacy, CUI, FISMA, Inspector General (IG), GAO, and internal compliance reviews.
- Develop and maintain enterprise privacy and CUI dashboards, metrics, risk registers, and reporting mechanisms.
- Support enterprise risk management (ERM) activities related to privacy risks, data protection risks, and sensitive information exposure.
- Coordinate and deliver privacy and CUI awareness training, onboarding support, and role-based training initiatives.
- Provide strategic recommendations regarding privacy governance, data protection technologies, and federal compliance initiatives.
- Support FedRAMP continuous monitoring activities involving privacy and CUI requirements for cloud service providers.
- Review system architectures, data flows, and operational processes to identify privacy risks and recommend mitigation strategies.
- Ensure all deliverables align with SBA implementation procedures, federal mandates, and applicable accessibility requirements including Section 508.
- Lead cross-functional coordination meetings involving cybersecurity, compliance, operations, legal, and program management personnel.
- Provide management oversight, task coordination, schedule management, quality assurance, and status reporting for assigned privacy and CUI initiatives.
- Bachelor’s degree in Cybersecurity, Information Assurance, Information Systems, Public Policy, Business Administration, Computer Science, Legal Studies, or related field. Relevant experience may substitute for degree requirements.
- Minimum of 10 years of experience supporting federal cybersecurity, privacy, compliance, information assurance, governance, risk management, or CUI-related programs.
- Experience in data labeling, marking, categorizing controlled unclassified information, CUI destruction or records digitization process.
- Experience in Lead roles, coordination, serving in capacity of liaison, and pulling together a quality work product across the two disciplines: privacy and CUI or something similar.
- Proficient knowledge with certain doctrines to include the Privacy Act of 1974, as amended, NIST 800-53 revision 5, E-Government Act 2002, Section 208, NIST SP 800-122, Executive Order 13556, Executive Order 13719, Presidential and Federal Records Act Amendments of 2014, FISMA Act 2014, OMB circulars A-130, A-108, and A-123.
- Position requires multi-tasking and often short suspense; candidate must be comfortable in handling competing deadlines.
- Excellent teaching, problem solving, communication, and interpersonal skills.
- Experience in applying Privacy risk management framework techniques to strengthen and mature the current Privacy Program, collaborating with the Chief Privacy Officer.
- Ability to interact with a broad cross-section of personnel to include senior management to convey and ensure provisions of the Privacy Act, CUI, and Federal Records Act are followed.
- Minimum of 5 years of experience leading enterprise privacy, compliance, governance, or cybersecurity initiatives.
- Extensive knowledge of federal privacy regulations, cybersecurity frameworks, and controlled unclassified information requirements.
- Experience supporting NIST Risk Management Framework (RMF), FISMA compliance, and federal cybersecurity assessment activities.
- Strong understanding of NIST SP 800-53 Rev 5, NIST SP 800-171 Rev 3, Privacy Act requirements, FedRAMP, OMB A-130, and Zero Trust principles.
- Experience developing privacy documentation, compliance reports, governance processes, risk assessments, and executive-level briefings.
- Experience supporting cloud security and privacy compliance across Azure, AWS, Microsoft 365, Salesforce, or SaaS environments.
- Strong project management, analytical, communication, and stakeholder engagement skills.
- Experience coordinating cross-functional teams in complex federal IT and cybersecurity environments.
- Excellent written communication and technical documentation skills.
- Experience supporting federal agencies or government cybersecurity/privacy environments preferred.
- Certified Information Systems Security Professional (CISSP)
- Certified Information Privacy Professional/Government (CIPP/G)
- Certified Information Privacy Manager (CIPM)
- Certified Information Systems Auditor (CISA)
- Certified Authorization Professional (CAP)
- Project Management Professional (PMP)
- Certified in Risk and Information Systems Control (CRISC)
- GIAC Information Security Fundamentals (GISF)
- Federal Risk and Authorization Management Program (FedRAMP) experience
- ITIL Foundation Certification
Scan to Apply
Just scan this QR code to apply from your phone.
Job Location
Washington, District of Columbia, 20001, United States
Frequently asked questions about this position
Similar Jobs In Washington, District of Columbia
Hot Job
Senior Cyber Security Analyst (TS Clearance with SCI Eligibility)
JFL Consulting LLC
Washington, District of Columbia
Urgently Hiring
Senior Red Team Cyber Operator
Oak Grove Technologies LLC
Fort Belvoir, Virginia
New
Summer Intern, Cybersecurity Delivery
SecureIT
Reston, Virginia
New
FCC - SOC Analyst
cFocus Software Incorporated
Washington, District of Columbia
New
ISSO / Control Evaluator - Sr
cFocus Software Incorporated
Washington, District of Columbia
Apply NowYour application goes straight to the hiring team
By submitting your application, you understand and agree to JobTarget's
Terms of Use and
Privacy Policy.