Privacy and Controlled Unclassified Information (CUI) Lead Job Description

Position Summary

Essential Duties and Responsibilities

• Lead SBA enterprise privacy and Controlled Unclassified Information (CUI) management activities supporting the ECS program.
• Provide oversight and coordination for Task Area 3.5.5 Privacy and Controlled Unclassified Information Support activities.
• Develop implement update and maintain privacy and CUI policies procedures standards governance documentation and operational processes.
• Support compliance with applicable federal privacy and information protection requirements including the Privacy Act of 1974 FISMA OMB Circular A-130 NIST SP 800-53 Rev 5 NIST SP 800-171 Rev 3 and SBA cybersecurity/privacy policies.
• Lead Privacy Impact Assessments (PIAs) System of Records Notices (SORNs) data flow reviews and privacy compliance assessments for SBA systems and services.
• Manage CUI identification categorization marking handling safeguarding dissemination storage and destruction activities in accordance with federal standards.
• Coordinate privacy and CUI risk management activities with ISSOs system owners cybersecurity operations teams legal counsel and agency stakeholders.
• Support implementation and assessment of privacy and security controls across enterprise systems cloud environments SaaS platforms and hybrid infrastructures.
• Provide guidance regarding data minimization records retention information sharing encryption and data protection best practices.
• Support ongoing authorization continuous monitoring and security assessment activities related to privacy and CUI controls.
• Assist with cybersecurity incident response and breach response activities involving personally identifiable information (PII) or CUI exposure.
• Coordinate audit support activities for privacy CUI FISMA Inspector General (IG) GAO and internal compliance reviews.
• Develop and maintain enterprise privacy and CUI dashboards metrics risk registers and reporting mechanisms.
• Support enterprise risk management (ERM) activities related to privacy risks data protection risks and sensitive information exposure.
• Coordinate and deliver privacy and CUI awareness training onboarding support and role-based training initiatives.
• Provide strategic recommendations regarding privacy governance data protection technologies and federal compliance initiatives.
• Support FedRAMP continuous monitoring activities involving privacy and CUI requirements for cloud service providers.
• Review system architectures data flows and operational processes to identify privacy risks and recommend mitigation strategies.
• Ensure all deliverables align with SBA implementation procedures federal mandates and applicable accessibility requirements including Section 508.
• Lead cross-functional coordination meetings involving cybersecurity compliance operations legal and program management personnel.
• Provide management oversight task coordination schedule management quality assurance and status reporting for assigned privacy and CUI initiatives.

Minimum Qualifications

• Bachelors degree in Cybersecurity Information Assurance Information Systems Public Policy Business Administration Computer Science Legal Studies or related field. Relevant experience may substitute for degree requirements.
• Minimum of 10 years of experience supporting federal cybersecurity privacy compliance information assurance governance risk management or CUI-related programs.
• Minimum of 5 years of experience leading enterprise privacy compliance governance or cybersecurity initiatives.
• Extensive knowledge of federal privacy regulations cybersecurity frameworks and controlled unclassified information requirements.
• Experience supporting NIST Risk Management Framework (RMF) FISMA compliance and federal cybersecurity assessment activities.
• Strong understanding of NIST SP 800-53 Rev 5 NIST SP 800-171 Rev 3 Privacy Act requirements FedRAMP OMB A-130 and Zero Trust principles.
• Experience developing privacy documentation compliance reports governance processes risk assessments and executive-level briefings.
• Experience supporting cloud security and privacy compliance across Azure AWS Microsoft 365 Salesforce or SaaS environments.
• Strong project management analytical communication and stakeholder engagement skills.
• Experience coordinating cross-functional teams in complex federal IT and cybersecurity environments.
• Excellent written communication and technical documentation skills.
• Experience supporting federal agencies or government cybersecurity/privacy environments preferred.

Preferred Certifications

• Certified Information Systems Security Professional (CISSP)
• Certified Information Privacy Professional/Government (CIPP/G)
• Certified Information Privacy Manager (CIPM)
• Certified Information Systems Auditor (CISA)
• Certified Authorization Professional (CAP)
• Project Management Professional (PMP)
• Certified in Risk and Information Systems Control (CRISC)
• GIAC Information Security Fundamentals (GISF)
• Federal Risk and Authorization Management Program (FedRAMP) experience
• ITIL Foundation Certification