This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more.

Role Description

This position requires an active Public Trust clearance or the ability to obtain a Public Trust clearance to be considered. The right candidate will be a driven cybersecurity leader with a deep commitment to privacy and public service. Recognized for exceptional communication and interpersonal skills, working with and influencing executive, technical, and mission stakeholders to align priorities and drive outcomes. Lead complex, cross-functional cybersecurity teams and vendor ecosystems with clarity and accountability, delivering measurable results. Able to translate complex toolsets and requirements into actionable roadmaps, ensuring disciplined execution and high integrity program delivery.

Responsibilities

• Lead NSF’s enterprise cybersecurity and privacy program; set objectives, coach for performance, ensure cross-training and continuity; maintain an adaptive posture with rigorous analysis and implementation.
• Govern to NIST RMF (SP 800-37), FISMA, OMB guidance, NIST SP 800-series (including privacy controls), CISA BODs, and FedRAMP; own FISMA IG maturity targets and drive quarterly improvements with metrics-based reporting.
• Develop and maintain cybersecurity and privacy policies, plans, procedures, standards, operational guides; establish and manage a documentation and knowledge repository.
• Drive risk-based management and security-focused configuration management across infrastructure and applications; maintain risk registers, executive dashboards, and remediation plans.
• Privacy Program Management: Partner with SAOP (Senior Agency Official for Privacy) to lead oversight; conduct privacy control assessments (NIST SP 800-53 Rev. 5 privacy, OMB memos); maintain a privacy risk register; embed privacy risk in enterprise reporting; deliver compliance reporting and corrective actions.
• Assessment and Authorization/Continuous Monitoring: Lead A&A/Ongoing Authorization; plan and execute assessments aligned to NIST SP 800-53/53A, 800-171/172; manage evidence, weakness analysis, POA&Ms, and durable closure; mature Continuous Monitoring and DHS CDM integrations, dashboards, automated reporting, and alert fidelity.
• SIEM (Security Information and Event Management) Monitoring and Audit Logging: Oversee Splunk operations; enforce audit logging standards, log source coverage (infrastructure, applications, cloud), retention/integrity, and compliance mapping; tune detections and dashboards.
• Zero Trust and Modernization: Execute NSF’s Zero Trust plan across identity, devices, networks, applications/workloads, and data; implement comprehensive monitoring, risk-based access, automation; conduct red/blue team testing; advance data-centric security, DLP, and protection of sensitive/PII; plan for post-quantum cryptography transitions.
• Identity and Account Management: Own enterprise IAM governance—joiner/mover/leaver automation, identity proofing, MFA and conditional access, ABAC (Attribute-Based Access Control)/RBAC (Role-Based Access Control) design, federation, lifecycle monitoring metrics; enforce least privilege, just-in-time/just-enough access.
• Privileged Access Management: Lead CyberArk operations for vaulting, credential rotation, session monitoring/recording, access brokering; integrate with IdP, ticketing, and automation to reduce risk and improve efficiency.
• Application Security and DevSecOps: Establish secure SDLC standards, threat modeling, secure code reviews, SAST (Static Application Security Testing)/DAST (Dynamic Application Security Testing)/SCA(Software Composition Analysis) in CI/CD, developer training; enforce configuration management; track AppSec KPIs (coverage, defect density, remediation time).
• Cloud and External Services Reviews: Conduct security reviews, analysis, and continuous monitoring of cloud/external services; validate FedRAMP inheritance and compensating controls; enforce CSPM policies; perform vendor risk assessments; run quarterly posture reviews and remediation.
• Operations, IR, and Forensics: Lead SOC operations and major incident response including after-hours surge; drive root cause analysis, lessons learned, corrective actions; direct IT forensics and eDiscovery with proper chain-of-custody and audit-ready evidence.
• Continuity, Contingency, and Service Recovery: Direct BCP (Business Continuity Plans)/DR (Disaster Recovery) strategy with defined RTO (Recovery Time Objective)/RPO (Recovery Point Objective); run tabletop and failover exercises; manage dependency mapping, evidence capture, and corrective actions to meet restoration objectives.
• Supply Chain Risk Management: Support ICT (Information and Communications Technology) SCRM (Supply Chain Risk Management) across development, acquisition, maintenance, and disposal; integrate NIST SP 800-161r1 practices, oversee ongoing monitoring and end-of-life disposal controls.
• Infrastructure Asset Identification and Classification: Establish authoritative asset inventory and classification standards; integrate with CMDB and DHS CDM for visibility, control coverage, and risk reporting.
• Independent Reviews and SCIF Support: Coordinate internal and third-party independent security reviews; support SCIF-related security operations and processes as required.
• Tool Refresh and Maturation: Plan refresh cycles and maturity targets for SIEM (Splunk), EDR/XDR, vulnerability scanning, IAM/IdP, PAM (CyberArk), DLP, CSPM/CWPP, configuration management tools, and cloud-native services; measure efficacy and ROI; deprecate low-value tools.
• Cybersecurity and Privacy Training: Own awareness and role-based training programs; coordinate content, track completion, measure effectiveness (e.g., phishing resilience), and drive continuous improvement.
• Reporting and Deliverables: Deliver monthly/quarterly reports covering FISMA IG maturity, POA&M status/closure, CDM dashboards, SIEM coverage and detection efficacy, incident metrics (MTTD/MTTR), audit response packages, training metrics, continuity/DR test results, and executive risk dashboards.
• Performs other job-related duties as assigned.

Qualifications

• 10+ years of cybersecurity leadership; 5+ years leading federal or large enterprise programs with multi-vendor teams.
• Demonstrated privacy program leadership in federal environments; partnership with SAOP; execution of PIAs (Privacy Impact Assessments)/SORNs (Systems of Records Notices) and privacy control assessments.
• Deep experience with NIST RMF, FISMA, OMB guidance, NIST SP 800-series (including 53/53A and privacy controls), CISA BODs, FedRAMP, DHS CDM.
• Proven A&A/Ongoing Authorization leadership; strong continuous monitoring, assessment planning/execution, evidence management, POA&M remediation.
• SIEM/Splunk expertise: detections, dashboards, content tuning, data onboarding, audit/log monitoring, and threat analytics.
• IAM governance: IdP/IAM platforms (Azure AD/Entra, Okta, Ping), conditional access/MFA, lifecycle automation, ABAC/RBAC policy design, identity proofing, federation.
• PAM/CyberArk: architecture and operations for vaulting, credential rotation, session recording, least privilege, JIT/JEA access, and workflow integrations.
• Application Security/DevSecOps: secure SDLC, threat modeling, secure code reviews, CI/CD integrations; tooling such as GitLab/GitHub Actions, SonarQube, Veracode, Snyk; familiarity with NIST SSDF.
• SOC leadership, incident response, forensics/eDiscovery; cloud security governance across major CSPs; CSPM/CWPP policy design and enforcement.
• SCRM and vendor risk management implementing NIST SP 800-161r1; SBOM practices; lifecycle controls from acquisition through disposal.
• BCP/DR planning and execution; defined RTO/RPO; exercise orchestration and evidence management.
• Strong automation orientation; ability to write and evaluate code in PowerShell, Python, SQL, Java; familiarity with VBA.
• Experience establishing authoritative asset inventories and CMDB/CDM integrations; audit logging standards and compliance mapping.
• Bachelor’s in Cybersecurity, Information Assurance, Computer Science, Engineering, or related field; Master’s preferred.
• Certifications preferred: CISSP, CISM, CRISC, CAP, CCSP, PMP.
• Splunk certifications (e.g., Power User, Admin) and CyberArk certifications (Defender, Sentry, Guardian) preferred.
• Privacy certification strongly preferred: CIPP/G or equivalent federal privacy leadership experience.
• Must pass pre-employment qualifications of Cherokee Federal.

Benefits

• Estimated Starting Salary Range: $180,000 - $190,000 (Pay commensurate with experience).
• Full-time benefits include Medical, Dental, Vision, 401K, and other possible benefits as provided.
• Benefits are subject to change with or without notice.

Company Description

Criterion is a part of Cherokee Federal – the division of tribally owned federal contracting companies owned by Cherokee Nation Businesses. As a trusted partner for more than 60 federal clients, Cherokee Federal LLCs are focused on building a brighter future, solving complex challenges, and serving the government’s mission with compassion and heart. To learn more about Criterion, visit cherokee-federal.com.