We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
New
VMD Corp jobs

Cyber Policy and Strategy Planner

VMD Corp
United States, Virginia, Arlington
Apr 15, 2025
Description
Position at VMD Corp
As a Vision, Mission, and Driven company, VMD has been delivering information technology solutions to the Federal government in Agile Engineering, Cybersecurity, andCriticalInfrastructure Protection since 2002. Our mission has now expanded, and we have merged with Xcelerate Solutions to revolutionize end-to-end enterprise security. Together we are committed to protecting our nation's citizens, critical infrastructure, and resources.
Why Join VMD Corp?
At VMD, now a part of Xcelerate Solutions, you have the opportunity to thrive in your career and become a Game Changer. The quality and talent of our people is what drives our success. We embrace an employee-first culture and make it a priority to provide professional development opportunities that foster career growth.
We help protect American Citizens and the nation's most critical infrastructure by working alongside our customers and delivering game changing solutions to strengthen their missions. We believe our passion and commitment to achieve our customers' goals and solve their most critical challenges defines who we are. We don't just dream big, we act on it - through teamwork, dedication, and resilience.

Learn more about VMD culture here:VMD Culture
Key Functions:
  • Cyber Policy and Strategy Planner (OV-SPP-002): Develops and maintains cybersecurity and privacy plans, strategy, and policy to support and align with organizational cybersecurity and privacy initiatives and regulatory compliance. Reviews existing and proposed policies with stakeholders. Interprets and applies applicable laws, statutes, and regulatory documents and integrates into policy. Provides policy guidance to cyber management, staff, and users. Seeks consensus on proposed policy changes from stakeholders.
Selected Responsibilities
  • Review existing and proposed policies with stakeholders.
  • Interprets and applies applicable laws, statutes, and regulatory documents and integrates into policy.
  • Analyzes organizational cybersecurity and privacy policy.
  • Assess policy needs and collaborate with stakeholders to develop policies to govern cybersecurity and privacy activities.
  • Draft, staff, and publish cybersecurity and privacy policy.
  • Seeks consensus on proposed policy changes from stakeholders.
  • Provides policy guidance to cybersecurity and privacy management, staff, and users.
  • Define and integrate current and future mission environments.
  • Monitor the rigorous application of cybersecurity and privacy policies, principles, and practices in the delivery of planning and management services.
  • Review, conduct, or participate in audits of cybersecurity and privacy programs and projects.
  • Develop policy, programs, and guidelines for implementation.
  • Establish and maintain communication channels with stakeholders.
  • Ensure that cybersecurity and privacy workforce management policies and processes comply with legal and organizational requirements regarding equal opportunity, diversity, and fair hiring/employment practices.
  • Promote awareness of cybersecurity and privacy policy and strategy as appropriate among management and ensure sound principles are reflected in the organization's mission, vision, and goals.
  • Design/integrate a cybersecurity/privacy strategy that outlines the vision, mission, and goals that align with the organization's strategic plan.
  • Serve on agency security and privacy policy boards.
  • Advocate for adequate funding for cybersecurity and privacy training resources, to include both internal and industry-provided courses, instructors, and related materials.
  • Review/Assess cybersecurity and privacy workforce effectiveness to adjust skill and/or qualification standards
Required Abilities
  • Ability to work from narrative interaction with senior managers and subject matter experts to produce insightful cybersecurity and privacy policy initiatives
  • Ability to leverage best practices and lessons learned of external organizations and academic institutions dealing with cybersecurity and privacy policycissues.
  • Ability to monitor advancements in information technologies that affect cybersecurity and privacy policy and ensure appropriate organizational adaptation and compliance.
  • Ability to evaluate information for reliability, validity, and relevance.
  • Ability to develop, update, and/or maintain policies and standard operating procedures (SOPs).
  • Ability to develop clear policy directions and effective presentation materials.
  • Ability to produce policy documentation.
  • Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
  • Ability to prepare and present briefings.
  • Ability to answer questions in a clear and concise manner.
  • Ability to ask clarifying questions.
  • Ability to function in a collaborative environment, seeking continuous consultation with analysts and experts-both internal and external to the organization-to leverage analytical and technical expertise.
  • Ability to map cybersecurity and privacy principles to policy implementations (relevant to confidentiality, integrity, availability, authentication, nonrepudiation).
Required Knowledge
  • Knowledge of NIST Risk Management Framework (RMF) requirements.
  • Knowledge of the nature and function of the relevant information structure (e.g., National Information Infrastructure).
  • Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
  • Knowledge of the organization's core business/mission processes.
  • Knowledge of risk/threat assessment.
  • Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • Knowledge of industry-standard and organizationally accepted analysis principles and methods.
  • Knowledge of specific operational impacts of cybersecurity and privacy lapses.
  • Knowledge of computer networking concepts and protocols, and network security methodologies.
  • Knowledge of cybersecurity and privacy principles.
  • Knowledge of cybersecurity and privacy threats and vulnerabilities.
  • Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
  • Knowledge of new and emerging information technology (IT) and cybersecurity technologies.
  • Knowledge of resource management principles and techniques.
  • Knowledge of system life cycle management principles, including software security and usability.
  • Knowledge of how information needs and collection requirements are translated, tracked, and prioritized across the extended enterprise.
  • Knowledge of enterprise incident response program, roles, and responsibilities.
  • Knowledge of Cloud-based knowledge management technologies and concepts related to security, governance, procurement, and administration.
  • Knowledge of organizational process improvement concepts and process maturity models (e.g., Capability Maturity Model Integration (CMMI) for Development, CMMI for Services, and CMMI for Acquisitions).
  • Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).
  • Knowledge of sustainment technologies, processes and strategies.
  • Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, nonrepudiation).
  • Knowledge of who FDIC's operational planners are, how and where they can be contacted, and what are their collaboration expectations.
  • Knowledge of network privacy architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • Knowledge of encryption methodologies.
  • Knowledge of Personally Identifiable Information (PII) data security standards.
  • Knowledge of Payment Card Industry (PCI) data security standards.
Qualifications and Skills
  • Skill in preparing cybersecurity and privacy policy plans and related correspondence.
  • Skill in drafting, editing and publishing cybersecurity and privacy policy documentation
  • Skill in talking to others to convey information effectively.
  • Skill in administrative planning activities, to include preparation of functional and specific support plans, preparing and managing correspondence, and staffing procedures.
  • Skill in applying policy implementation and delivery capabilities.
  • Skill in identifying gaps in policy implementation and delivery capabilities.
  • Skill in utilizing feedback to improve processes, procedures and, services related to cybersecurity and privacy policy implementation
Preferred Experience and Certifications
  • This requires 7+ years of relevant cyber security experience and is a Senior Position.
Recommended Qualifications
  • At least 3-5 years of relevant experience supporting enterprise cybersecurity and privacy policy
  • BA/BS recommended in computer science, computer engineering or equivalent work experience or formal legal training with security and privacy specialization
  • 3-5 years of practical knowledge of policy areas typically obtained through advanced education combined with experience. Legal training and experience in policy development a plus
Relevant Certifications
  • EC-Council Disaster Recovery Professional (EDRP)
  • EC-Council Certified Ethical Hacker (CEH)
  • Federal Acquisition Certification - Program and Project Management (FAC - P/PM) - Senior/Expert
  • FISMA Certified FISMA Compliance Practitioner (CFCP)
  • GIAC Information Security Professional (GISP)
  • GIAC Security Essentials Certification (GSEC)
  • ITIL v3 Foundations
  • ISACA Certified in the Governance of Enterprise IT (CGEIT)
  • ISACA Certified Information Security Manager (CISM)
  • ISC2 Certified Authorization Professional (CAP)
  • ISC2 Certified Information Systems Security Professional (CISSP)
  • ISC2 CISSP Information Systems Security Management Professional (CISSP-ISSMP)
Citizenship and Clearance: US Citizenship, Must be eligible to pass a FDIC background investigation

Location: Must reside within the DC Metro area. Remote and Contractor Site 1515 Wilson Blvd. Arlington, VA 22209

VMD provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran per applicable Federal, state and local laws. VMD maintains a drug-free workplace.
Applied = 0
MORE JOBS LIKE THIS

(web-77f7f6d758-rcqbq)