The Zero Trust Data Subject Matter Expert (ZT Data SME) exists to provide senior-level advisory expertise in assessing analyzing and advancing the agencys enterprise data security and data governance posture in alignment with Zero Trust Architecture (ZTA) principles. This role serves as the programs authoritative advisory voice on the Data pillar of the CISA Zero Trust Maturity Model v2.0 (ZTMM v2.0) translating federal ZT mandates including OMB M-22-09 EO 14028 and NIST SP 800-207 into recommended data classification data access control and data governance frameworks for agency consideration and concurrence. All advisory products produced by this position are subject to TSA review and concurrence prior to any agency action.
DUTIES & RESPONSIBILITIES
General Duties
Provide senior advisory guidance on the assessment and advancement of the agencys enterprise data classification data governance and data access control posture in support of Zero Trust Architecture implementation.
Continuously monitor the federal ZT policy and regulatory landscape including EOs OMB memoranda NIST publications CISA guidance and NSA Zero Trust Implementation Guidelines (ZIGs) as they relate to data-layer security requirements; develop recommended updates to program advisory positions for leadership review.
Conduct comprehensive gap analyses of existing agency data classification schemas data access policy frameworks and data lifecycle governance practices against CISA ZTMM v2.0 Data pillar criteria; develop recommended enhancement approaches for agency concurrence.
Provide advisory support for the development and continuous maturation of the agencys ZT Common Control Catalog with specific focus on data-layer control mappings to NIST SP 800-53 Rev. 5 control families and CISA ZTMM v2.0 Data pillar maturity indicators.
Develop recommended updates to the ZT Roadmap and Implementation Plan incorporating data pillar maturity advancement priorities and data governance enhancement recommendations for agency review.
Apply real-time analysis of data access telemetry CDM data-layer indicators and behavioral risk signals to proactively surface emerging data exposure vectors and recommend advisory responses for agency consideration.
Collaborate with cross-functional ZT pillar SMEs to validate data policy outcomes and provide recommended approaches ensuring data layer integration across Identity Devices Networks and Applications & Workloads pillar assessments.
Support all internal and external ZT data calls requests audits and compliance updates related to the Data pillar; ensure recommended responses align with CISA ZTMM v2.0 criteria and applicable federal mandates.
Develop recommended new and revised data governance policy documents and data security SOPs; all final documentation requires TSA concurrence prior to issuance.
Provide senior advisory support to ZT leadership on data pillar planning scheduling solution development reporting and integration activities as directed by the ZT SME Team Leader.
Leverage AI-assisted analysis tools automation platforms and prompt engineering techniques to enhance the efficiency depth and quality of data pillar advisory assessments and deliverables.
Subject Matter Expertise (SME) Area #1 Zero Trust Data Classification Governance & Access Control
Expert-level mastery of CISA ZTMM v2.0 Data pillar maturity criteria with demonstrated ability to conduct authoritative gap assessments and recommend targeted advancement strategies.
Authoritative knowledge of federal data security mandates including OMB M-22-09 EO 14028 NIST SP 800-207 NIST SP 800-53 Rev. 5 and applicable FISMA requirements as they relate to data classification data access and data lifecycle governance.
Demonstrated capability to lead enterprise-scale data classification and data governance assessment efforts in a federal environment; ability to translate policy requirements into operationally actionable recommended frameworks.
Expert-level proficiency in data-layer ZT control assessment including attribute-based access control (ABAC) policy-based access control (PBAC) data labeling and tagging implementations DLP capability maturity and CASB integration assessment.
Independent advisory judgment on data classification schema design data access policy framework development and CDM data-layer telemetry coverage assessment.
Problem-solving at the intersection of data governance policy and operational data security implementation; ability to diagnose data-layer ZT maturity gaps and develop recommended remediation pathways that are technically sound and agency-achievable.
SME Area #2 Enterprise Data Security Architecture & Technical Domain Fluency
Foundational working knowledge of enterprise data security architectures including cloud data platforms (Azure AWS GCP) hybrid cloud data environments data warehouse and data lake security configurations and SaaS data protection mechanisms.
Familiarity with enterprise data security tooling including DLP platforms CASB solutions SIEM data-layer analytics and CDM program data telemetry capabilities and their intersection with ZT Data pillar maturity advancement.
Understanding of encryption at rest and in transit implementation patterns key management practices and data sovereignty considerations as they relate to ZT data access control policy application.
Supports primary ZT data advisory function by enabling cross-domain assessment that spans the full data lifecycle from data creation and classification through access sharing retention and disposal across diverse TSA system types.
Interacts directly with pillar SMEs (Identity Network Devices Applications & Workloads) to validate data-layer policy integration and ensure recommended data access control frameworks are operationally coherent across all CISA ZTMM v2.0 pillars.
QUALIFICATIONS
Minimum Requirements
A minimum of 10 years of IT cybersecurity experience including direct support to U.S. Government programs in a data security information assurance or ZT advisory capacity.
Expert knowledge of NIST SP 800-207 NIST SP 800-53 Rev. 5 FISMA and federal ZT mandates including OMB M-22-09 and EO 14028 as applied to data classification and data access governance.
Demonstrated ability to lead data security and data governance advisory assessments directly supporting ZT Data pillar implementation in a federal environment.
Experience developing or maturing enterprise ZT artifacts including Data pillar assessments data classification schemas data governance frameworks and ZT Common Control Catalog data-layer mappings.
Proven experience translating federal ZT and data security mandates into actionable agency-level data policy frameworks data access process changes and governance control recommendations.
Experience supporting or leading ZT-related IG CIGIE metrics reporting or FISMA ZT compliance submissions as they relate to Data pillar requirements.
Superb written and oral communication skills; demonstrated ability to navigate highly political client environments and deliver advisory products that reflect agency priorities and sensitivities.
Demonstrated familiarity with AI-assisted analysis tools or prompt engineering; ability to apply AI-enabled capabilities to enhance data classification assessment telemetry analysis and advisory deliverable development.
Preferred Qualifications
Prior direct involvement in a federal ZT pilot program or enterprise ZT deployment in a planning advisory or assessment capacity with specific data pillar accountability.
Experience developing or significantly maturing a ZT Common Control Catalog aligned to NIST SP 800-53 Rev. 5 with Data pillar control inheritance classification.
Familiarity with SAFe for Government (SGP) or equivalent agile delivery methodology in a federal program environment.
Experience with IG CIGIE audit preparation and response in the context of federal ZT or FISMA compliance specifically related to data security metrics.
Leadership: Senior advisory engagement with CISO-level and senior federal leadership; ability to bridge data security policy requirements and operational implementation advisory needs; cross-pillar SME coordination.
Behavioral: Proactive data risk identification and real-time advisory posture; political acumen in complex federal stakeholder environments; precision in policy documentation and advisory product development.
Education & Certifications
Minimum of a Bachelor of Science (or higher) in Information Technology Computer Science Cybersecurity Information Systems or a closely related field.
Required: Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP).
Strongly preferred: Certified Data Privacy Solutions Engineer (CDPSE); Certified Information Privacy Manager (CIPM); or Certified Chief Information Security Officer (CCISO). Project Management Professional (PMP) or Certified Authorization Professional (CAP/CGRC) also strongly preferred.
WORK LOCATION
Hybrid Primarily Remote. Occasional onsite work required at the client location in Springfield VA. Schedule subject to change based on client requirements.
HOURS OF OPERATION
Business Hours: 8:00 AM EST 4:30 PM EST.
Core Hours: 9:00 AM EST 3:00 PM EST.
REPORTING STRUCTURE
Reports To: ZT SME Team Lead
Direct Reports:
ZERO TRUST (ZT) DATA SUBJECT MATTER EXPERT POSITION OVERVIEWThe Zero Trust Data Subject Matter Expert (ZT Data SME) exists to provide senior-level advisory expertise in assessing analyzing and advancing the agencys enterprise data security and data governance posture in alignment with Zero Trust Arc...
ZERO TRUST (ZT) DATA SUBJECT MATTER EXPERT
POSITION OVERVIEW
The Zero Trust Data Subject Matter Expert (ZT Data SME) exists to provide senior-level advisory expertise in assessing analyzing and advancing the agencys enterprise data security and data governance posture in alignment with Zero Trust Architecture (ZTA) principles. This role serves as the programs authoritative advisory voice on the Data pillar of the CISA Zero Trust Maturity Model v2.0 (ZTMM v2.0) translating federal ZT mandates including OMB M-22-09 EO 14028 and NIST SP 800-207 into recommended data classification data access control and data governance frameworks for agency consideration and concurrence. All advisory products produced by this position are subject to TSA review and concurrence prior to any agency action.
DUTIES & RESPONSIBILITIES
General Duties
Provide senior advisory guidance on the assessment and advancement of the agencys enterprise data classification data governance and data access control posture in support of Zero Trust Architecture implementation.
Continuously monitor the federal ZT policy and regulatory landscape including EOs OMB memoranda NIST publications CISA guidance and NSA Zero Trust Implementation Guidelines (ZIGs) as they relate to data-layer security requirements; develop recommended updates to program advisory positions for leadership review.
Conduct comprehensive gap analyses of existing agency data classification schemas data access policy frameworks and data lifecycle governance practices against CISA ZTMM v2.0 Data pillar criteria; develop recommended enhancement approaches for agency concurrence.
Provide advisory support for the development and continuous maturation of the agencys ZT Common Control Catalog with specific focus on data-layer control mappings to NIST SP 800-53 Rev. 5 control families and CISA ZTMM v2.0 Data pillar maturity indicators.
Develop recommended updates to the ZT Roadmap and Implementation Plan incorporating data pillar maturity advancement priorities and data governance enhancement recommendations for agency review.
Apply real-time analysis of data access telemetry CDM data-layer indicators and behavioral risk signals to proactively surface emerging data exposure vectors and recommend advisory responses for agency consideration.
Collaborate with cross-functional ZT pillar SMEs to validate data policy outcomes and provide recommended approaches ensuring data layer integration across Identity Devices Networks and Applications & Workloads pillar assessments.
Support all internal and external ZT data calls requests audits and compliance updates related to the Data pillar; ensure recommended responses align with CISA ZTMM v2.0 criteria and applicable federal mandates.
Develop recommended new and revised data governance policy documents and data security SOPs; all final documentation requires TSA concurrence prior to issuance.
Provide senior advisory support to ZT leadership on data pillar planning scheduling solution development reporting and integration activities as directed by the ZT SME Team Leader.
Leverage AI-assisted analysis tools automation platforms and prompt engineering techniques to enhance the efficiency depth and quality of data pillar advisory assessments and deliverables.
Subject Matter Expertise (SME) Area #1 Zero Trust Data Classification Governance & Access Control
Expert-level mastery of CISA ZTMM v2.0 Data pillar maturity criteria with demonstrated ability to conduct authoritative gap assessments and recommend targeted advancement strategies.
Authoritative knowledge of federal data security mandates including OMB M-22-09 EO 14028 NIST SP 800-207 NIST SP 800-53 Rev. 5 and applicable FISMA requirements as they relate to data classification data access and data lifecycle governance.
Demonstrated capability to lead enterprise-scale data classification and data governance assessment efforts in a federal environment; ability to translate policy requirements into operationally actionable recommended frameworks.
Expert-level proficiency in data-layer ZT control assessment including attribute-based access control (ABAC) policy-based access control (PBAC) data labeling and tagging implementations DLP capability maturity and CASB integration assessment.
Independent advisory judgment on data classification schema design data access policy framework development and CDM data-layer telemetry coverage assessment.
Problem-solving at the intersection of data governance policy and operational data security implementation; ability to diagnose data-layer ZT maturity gaps and develop recommended remediation pathways that are technically sound and agency-achievable.
SME Area #2 Enterprise Data Security Architecture & Technical Domain Fluency
Foundational working knowledge of enterprise data security architectures including cloud data platforms (Azure AWS GCP) hybrid cloud data environments data warehouse and data lake security configurations and SaaS data protection mechanisms.
Familiarity with enterprise data security tooling including DLP platforms CASB solutions SIEM data-layer analytics and CDM program data telemetry capabilities and their intersection with ZT Data pillar maturity advancement.
Understanding of encryption at rest and in transit implementation patterns key management practices and data sovereignty considerations as they relate to ZT data access control policy application.
Supports primary ZT data advisory function by enabling cross-domain assessment that spans the full data lifecycle from data creation and classification through access sharing retention and disposal across diverse TSA system types.
Interacts directly with pillar SMEs (Identity Network Devices Applications & Workloads) to validate data-layer policy integration and ensure recommended data access control frameworks are operationally coherent across all CISA ZTMM v2.0 pillars.
QUALIFICATIONS
Minimum Requirements
A minimum of 10 years of IT cybersecurity experience including direct support to U.S. Government programs in a data security information assurance or ZT advisory capacity.
Expert knowledge of NIST SP 800-207 NIST SP 800-53 Rev. 5 FISMA and federal ZT mandates including OMB M-22-09 and EO 14028 as applied to data classification and data access governance.
Demonstrated ability to lead data security and data governance advisory assessments directly supporting ZT Data pillar implementation in a federal environment.
Experience developing or maturing enterprise ZT artifacts including Data pillar assessments data classification schemas data governance frameworks and ZT Common Control Catalog data-layer mappings.
Proven experience translating federal ZT and data security mandates into actionable agency-level data policy frameworks data access process changes and governance control recommendations.
Experience supporting or leading ZT-related IG CIGIE metrics reporting or FISMA ZT compliance submissions as they relate to Data pillar requirements.
Superb written and oral communication skills; demonstrated ability to navigate highly political client environments and deliver advisory products that reflect agency priorities and sensitivities.
Demonstrated familiarity with AI-assisted analysis tools or prompt engineering; ability to apply AI-enabled capabilities to enhance data classification assessment telemetry analysis and advisory deliverable development.
Preferred Qualifications
Prior direct involvement in a federal ZT pilot program or enterprise ZT deployment in a planning advisory or assessment capacity with specific data pillar accountability.
Experience developing or significantly maturing a ZT Common Control Catalog aligned to NIST SP 800-53 Rev. 5 with Data pillar control inheritance classification.
Familiarity with SAFe for Government (SGP) or equivalent agile delivery methodology in a federal program environment.
Experience with IG CIGIE audit preparation and response in the context of federal ZT or FISMA compliance specifically related to data security metrics.
Leadership: Senior advisory engagement with CISO-level and senior federal leadership; ability to bridge data security policy requirements and operational implementation advisory needs; cross-pillar SME coordination.
Behavioral: Proactive data risk identification and real-time advisory posture; political acumen in complex federal stakeholder environments; precision in policy documentation and advisory product development.
Education & Certifications
Minimum of a Bachelor of Science (or higher) in Information Technology Computer Science Cybersecurity Information Systems or a closely related field.
Required: Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP).
Strongly preferred: Certified Data Privacy Solutions Engineer (CDPSE); Certified Information Privacy Manager (CIPM); or Certified Chief Information Security Officer (CCISO). Project Management Professional (PMP) or Certified Authorization Professional (CAP/CGRC) also strongly preferred.
WORK LOCATION
Hybrid Primarily Remote. Occasional onsite work required at the client location in Springfield VA. Schedule subject to change based on client requirements.