Cybersecurity Policy & Compliance Manager

About The Position

Requirements

• Bachelor’s degree in computer science, Engineering, Cyber Security, or equivalent experience in lieu of a degree.
• 8+ years of experience in cybersecurity policy writing, compliance, or risk management within a DoD or federal environment.
• 5+ years of experience developing and implementing cybersecurity policies in a military or government setting
• In-depth knowledge of DoD cybersecurity frameworks, including RFM, NIST/NISPOM/DoDI 8500
• Must have active Secret Clearance with the ability to obtain TS with SCI eligibility.
• Strong understanding of federal cybersecurity regulations and the Privacy Act.
• Expertise in applying RMF across system lifecycles.
• Ability to write clear, actionable cybersecurity policies, procedures, and guidance documents.
• Analytical and strong organizational skills, with excellent verbal and written ability.
• Good work ethic and active desire to learn.
• Skillful time management and organizational skills to set and meet deadlines.
• Ability to work both independently and within a team.
• Ability to work effectively in a team environment to encourage collaboration, innovation, and continuous improvement.
• Ability to meet minimum clearance requirements.
• Ability to work nights, weekends, and holidays as required.
• Ability to travel up to 10%.

Responsibilities

• Lead the development, review, and maintenance of cybersecurity policies and procedures in alignment with DOD and DA directives.
• Confirm IT policies and procedures are kept and aligned with company goals.
• Review IT documentation to ensure it meets company standards and applicable regulatory requirements.
• Evaluate IT process deficiencies and recommend new controls to fix issues.
• Analyze new processes to ensure they are properly implemented.
• Maintain company documentation as changes need to be made.
• Maintain knowledge of applicable regulations to ensure the company remains in compliance.
• Ensure audit evidence is kept and can be provided to auditors.
• Follow up on audit findings to ensure the proper corrective actions are taken.
• Conduct presentations on new policies and issues of non-compliance.
• May recruit, hire, train staff, evaluate employee performance, and recommend or initiate promotions, transfers, and disciplinary action.
• Ensure that AMC systems, networks, and operations adhere to federal cybersecurity regulations, including the Risk Management Framework (RMF) and other applicable standards.
• Collaborate with technical and operational teams to assess risk, enforce policy, and maintain a robust cybersecurity posture across the command.
• Oversee RMF compliance activities, including system categorization, control selection, implementation, assessment, and authorization.
• Conduct internal audits and assessments to ensure adherence to cybersecurity standards and identify areas for improvement.
• Coordinate with system owners and other stakeholders to ensure cybersecurity requirements are integrated throughout the system lifecycle.
• Monitor changes in federal cybersecurity regulations and update internal policies accordingly.
• Manage documentation for cybersecurity compliance.
• Provide guidance and training to staff on cybersecurity policy and compliance requirements.
• Serve as liaison with external auditors, DOD cybersecurity authorities, and other oversight bodies.
• Support incident response activities and ensure proper documentation and reporting of cybersecurity events.
• Maintain awareness of emerging threats, technologies, and best practices in cybersecurity governance.
• Other duties as assigned.