Privacy and Information Management Team Lead

Join Gunnison on our enterprise-level cybersecurity support program at HHS! Our work supports HHS and its OpDivs in areas like GRC, engineering, and incident response. We are looking for a motivated and customer-oriented Privacy and Information Management Team Lead.

Duties and responsibilities include:

• Assign appropriate tasks to team members and monitor progress.
• Promote team dynamics and provide insights, direction, and correction to team members as appropriate.
• Attend and/or hold meetings to ensure effectiveness, timeliness, and professionalism within and across the team.
• OS Security Compliance and OS Staff Division (StaffDiv) collaboration, coalition building, and awareness programs supporting all OS Cybersecurity initiatives driving progress towards a strong security posture and overall compliance.
• Provide assistance in the development, facilitation, and management and OS Cybersecurity programs protecting the confidentiality, integrity, availability, authenticity and non-repudiation of OS information and information systems, through the implementation of the risk management framework.
• Review document life cycle and ensure all Information System Security Officers (ISSOs) and System Owners (SOs) are managing the documents the same.
• Assist in the implementation of any ATO process changes or innovations.
• Proactively assist in the early engagement of stakeholders to initiate the ATO process and drive progress throughout the process to assist stakeholders in meeting their ATO deadlines.
• Assist in the comprehensive risk review/technical review of ATO package.
• Provide ongoing customer support and feedback throughout each stage of the OS ATO process
• Assist ISSOs/SOs with documentation as needed.
• Prepare Authorizing Official (AO) memos.
• Process ATO and Interim Authorization to Test (IATT) packages.
• Review ATO packages and engage with relevant stakeholders and ISSOs/SOs as needed.
• Assist in updating tracking tools and managing "real time" updates to reflect current state of ATO status.
• Assist in the final preparation of packages for management review and approval.
• Assist OS Vulnerability Management in providing mitigation consultations as well as visibility into, and the tracking of mitigation activities.
• Assist OS Vulnerability Management in the implementation and support of the OS Temporary Exception/Risk Acceptance process as for all OS systems.
• Support OS Vulnerability Management in all data calls and other OSwide requests for information and reporting.
• Monitor OS VRMT Mailbox, and OS Cybersecurity and support the goal of responding to inquiries within 48 hours.
• Assist OS Security Compliance and Vulnerability Management in activities related to FISMA quarterly and annual quarterly reporting.
• Provide subject matter expertise and review all deliverables for relevancy and accuracy.
• Develop and execute plans to identify and communicate risk factors and best practices as needed.
• Perform ad hoc tasks, to include reviewing privacy related policies, guidance, training, and other deliverables; supporting events; and collaborating with OS, Departmental, OpDiv, and external parties on initiatives.

Required Qualifications:

• Experience building and managing small teams.
• Ability to write and update guidance for stakeholder usage.
• This job requires interaction with program managers, senior executives, stakeholders, administration, and support personnel.
• The ability to effectively communicate ideas and concepts both orally and in written documents is critical.
• The ability to use reliable and secure equipment and work independently and remotely using digital tools is required.
• The candidate must have good organizational, multi-tasking, and time-management skills.
• Excellent communication and writing skills.
• Experience with Federal Cybersecurity legislation, regulations, and Executive Orders, with an emphasis on privacy requirements.
• Experience coordinating privacy activities including policies, directives, memorandums, PIAs, etc. within the federal government.
• Experience in federal, state, or local government privacy compliance activities.
• Industry standard cybersecurity certification.
• Compliance-related cybersecurity certification preferred.

Education Requirement: Bachelor's degree or 2 additional years of experience. Bachelor's degree in IT or Cybersecurity preferred.

Clearance Requirement: Ability to obtain and maintain a Public Trust.

Why Join Gunnison?

• Gunnison takes on ambitious projects. We target fun, challenging work that requires creative thinking and innovation.
• Quality is our top priority.
• Gunnison employee benefits meet or exceed what other companies in the Washington, D.C. metropolitan area offer.
• There is a great sense of camaraderie at Gunnison. This is an atmosphere we will maintain as we continue to grow.
• We are growing rapidly and the opportunity for individual professional growth with Gunnison is outstanding.
• We hire for careers at Gunnison, not to fill a position.

Employee Benefits

Gunnison employee benefits meet or beat other companies in the Washington, D.C. metropolitan area, including:

• Bonuses AND profit-sharing
• 401k Matching
• Certifications and training allowance $2,500/year
• 3 weeks of personal leave your first year (160 hours can roll over every year)
• Up to 5 days of Flex-Time-Off per year

Equal Opportunity/Affirmative Action Employer. Must be eligible for employment in the United States. We are unable to sponsor candidates at this time

In 1994 Gunnison Consulting Group began serving the greater Washington, D.C. metro area, focused on tackling our customers' most ambitious technology projects. By creating a culture dedicated to enabling our customers and employees to achieve more than they ever thought they could, the company has thrived for over 25 years.