Zero Trust (Zt) Data Subject Matter Expert

About The Position

Requirements

• A minimum of 10 years of IT cybersecurity experience, including direct support to U.S. Government programs in a data security, information assurance, or ZT advisory capacity.
• Expert knowledge of NIST SP 800-207, NIST SP 800-53 Rev. 5, FISMA, and federal ZT mandates including OMB M-22-09 and EO 14028 as applied to data classification and data access governance.
• Demonstrated ability to lead data security and data governance advisory assessments directly supporting ZT Data pillar implementation in a federal environment.
• Experience developing or maturing enterprise ZT artifacts including Data pillar assessments, data classification schemas, data governance frameworks, and ZT Common Control Catalog data-layer mappings.
• Proven experience translating federal ZT and data security mandates into actionable agency-level data policy frameworks, data access process changes, and governance control recommendations.
• Experience supporting or leading ZT-related IG CIGIE metrics reporting or FISMA ZT compliance submissions as they relate to Data pillar requirements.
• Superb written and oral communication skills; demonstrated ability to navigate highly political client environments and deliver advisory products that reflect agency priorities and sensitivities.
• Demonstrated familiarity with AI-assisted analysis tools or prompt engineering; ability to apply AI-enabled capabilities to enhance data classification assessment, telemetry analysis, and advisory deliverable development.
• Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP).
• Bachelor of Science (or higher) in Information Technology, Computer Science, Cybersecurity, Information Systems, or a closely related field.

Nice To Haves

• Prior direct involvement in a federal ZT pilot program or enterprise ZT deployment in a planning, advisory, or assessment capacity with specific data pillar accountability.
• Experience developing or significantly maturing a ZT Common Control Catalog aligned to NIST SP 800-53 Rev. 5 with Data pillar control inheritance classification.
• Familiarity with SAFe for Government (SGP) or equivalent agile delivery methodology in a federal program environment.
• Experience with IG CIGIE audit preparation and response in the context of federal ZT or FISMA compliance, specifically related to data security metrics.
• Certified Data Privacy Solutions Engineer (CDPSE); Certified Information Privacy Manager (CIPM); or Certified Chief Information Security Officer (CCISO).
• Project Management Professional (PMP) or Certified Authorization Professional (CAP/CGRC) also strongly preferred.

Responsibilities

• Provide senior advisory guidance on the assessment and advancement of the agency's enterprise data classification, data governance, and data access control posture in support of Zero Trust Architecture implementation.
• Continuously monitor the federal ZT policy and regulatory landscape, including EOs, OMB memoranda, NIST publications, CISA guidance, and NSA Zero Trust Implementation Guidelines (ZIGs), as they relate to data-layer security requirements; develop recommended updates to program advisory positions for leadership review.
• Conduct comprehensive gap analyses of existing agency data classification schemas, data access policy frameworks, and data lifecycle governance practices against CISA ZTMM v2.0 Data pillar criteria; develop recommended enhancement approaches for agency concurrence.
• Provide advisory support for the development and continuous maturation of the agency's ZT Common Control Catalog, with specific focus on data-layer control mappings to NIST SP 800-53 Rev. 5 control families and CISA ZTMM v2.0 Data pillar maturity indicators.
• Develop recommended updates to the ZT Roadmap and Implementation Plan, incorporating data pillar maturity advancement priorities and data governance enhancement recommendations for agency review.
• Apply real-time analysis of data access telemetry, CDM data-layer indicators, and behavioral risk signals to proactively surface emerging data exposure vectors and recommend advisory responses for agency consideration.
• Collaborate with cross-functional ZT pillar SMEs to validate data policy outcomes and provide recommended approaches ensuring data layer integration across Identity, Devices, Networks, and Applications & Workloads pillar assessments.
• Support all internal and external ZT data calls, requests, audits, and compliance updates related to the Data pillar; ensure recommended responses align with CISA ZTMM v2.0 criteria and applicable federal mandates.
• Develop recommended new and revised data governance policy documents and data security SOPs; all final documentation requires TSA concurrence prior to issuance.
• Provide senior advisory support to ZT leadership on data pillar planning, scheduling, solution development, reporting, and integration activities as directed by the ZT SME Team Leader.
• Leverage AI-assisted analysis tools, automation platforms, and prompt engineering techniques to enhance the efficiency, depth, and quality of data pillar advisory assessments and deliverables.
• Expert-level mastery of CISA ZTMM v2.0 Data pillar maturity criteria with demonstrated ability to conduct authoritative gap assessments and recommend targeted advancement strategies.
• Authoritative knowledge of federal data security mandates including OMB M-22-09, EO 14028, NIST SP 800-207, NIST SP 800-53 Rev. 5, and applicable FISMA requirements as they relate to data classification, data access, and data lifecycle governance.
• Demonstrated capability to lead enterprise-scale data classification and data governance assessment efforts in a federal environment; ability to translate policy requirements into operationally actionable recommended frameworks.
• Expert-level proficiency in data-layer ZT control assessment, including attribute-based access control (ABAC), policy-based access control (PBAC), data labeling and tagging implementations, DLP capability maturity, and CASB integration assessment.
• Independent advisory judgment on data classification schema design, data access policy framework development, and CDM data-layer telemetry coverage assessment.
• Problem-solving at the intersection of data governance policy and operational data security implementation; ability to diagnose data-layer ZT maturity gaps and develop recommended remediation pathways that are technically sound and agency-achievable.
• Foundational working knowledge of enterprise data security architectures including cloud data platforms (Azure, AWS, GCP), hybrid cloud data environments, data warehouse and data lake security configurations, and SaaS data protection mechanisms.
• Familiarity with enterprise data security tooling including DLP platforms, CASB solutions, SIEM data-layer analytics, and CDM program data telemetry capabilities and their intersection with ZT Data pillar maturity advancement.
• Understanding of encryption at rest and in transit implementation patterns, key management practices, and data sovereignty considerations as they relate to ZT data access control policy application.
• Supports primary ZT data advisory function by enabling cross-domain assessment that spans the full data lifecycle from data creation and classification through access, sharing, retention, and disposal across diverse TSA system types.
• Interacts directly with pillar SMEs (Identity, Network, Devices, Applications & Workloads) to validate data-layer policy integration and ensure recommended data access control frameworks are operationally coherent across all CISA ZTMM v2.0 pillars.