Compliance Manager, Mid (Policy)

Position Summary

The Compliance Manager, Mid – Policy provides critical policy and governance expertise to the OIS Cybersecurity Services (CS) Division. This role supports the development, enhancement, and implementation of OS cybersecurity and IT privacy policies, standards, procedures, and SOPs. The position ensures that OS IT systems maintain confidentiality, integrity, and availability, meet federal regulatory requirements, and align with cybersecurity best practices. The Compliance Manager plays a central role in analyzing existing policies, identifying gaps, and producing actionable policy recommendations to maintain a proactive and compliant security posture.

Functional Responsibilities

Policy Development & Governance

• Develop, review, and maintain cybersecurity and IT privacy policies, standards, procedures, plans, and SOPs in alignment with OS Cybersecurity Policy and Governance (P&G) task schedule.
• Ensure all policies are consistent with HHS, NIST, and other federal requirements, and reflect cybersecurity and privacy best practices.
• Collaborate with OS StaffDivs, third-party vendors, and stakeholders to promulgate policy guidance and ensure compliance across IT systems.

Policy Analysis & Research

• Conduct comprehensive research and literature reviews to support policy development and enhancement.
• Analyze existing policies to identify gaps, conflicts, or areas requiring updates to maintain alignment with federal regulations and organizational objectives.
• Evaluate policy effectiveness and propose actionable recommendations to address identified deficiencies.

Technical Writing & Documentation

• Execute high-quality technical writing to produce clear, accurate, and consistent policies, SOPs, guidance documents, and memoranda.
• Ensure all documentation meets rigorous quality control and quality assurance standards and supports compliance, audit readiness, and operational clarity.

Stakeholder Engagement & Communication

• Advise OS leadership on policy trade-offs, implementation strategies, and governance decisions.
• Serve as a liaison to ensure OS StaffDivs and contractors understand and adhere to security and privacy policies.
• Provide clear, concise policy communication to facilitate adoption and compliance across OS IT systems.

Continuous Improvement & Compliance Assurance

• Monitor policy relevance in response to evolving federal regulations, industry standards, and organizational needs.
• Recommend policy adjustments or enhancements to maintain proactive cybersecurity risk management.
• Support audit readiness and compliance assessments by providing documentation and guidance on policy adherence.

Required Qualifications

• Minimum of 3–5 years of experience in compliance, policy development, IT governance, or cybersecurity policy.
• Strong knowledge of federal cybersecurity frameworks, HHS policies, NIST standards, and IT privacy and security regulations.
• Demonstrated ability to conduct research, analyze complex information, and develop actionable policy recommendations.
• Excellent technical writing, analytical, and communication skills.
• Strong organizational and project management abilities, capable of managing multiple policy initiatives simultaneously.

Education & Experience

• Bachelor’s degree in Cybersecurity, Information Technology, Business, Law, or a related field required.
• Experience supporting federal, DoD, or government IT programs preferred.

Desired Certifications (Preferred)

• Certified Compliance & Ethics Professional (CCEP)
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Project Management Professional (PMP)

Job Type: Full-time

Benefits:

• 401(k)
• 401(k) matching
• Dental insurance
• Flexible spending account
• Health insurance
• Health savings account
• Paid time off
• Retirement plan
• Vision insurance

Work Location: Hybrid remote in Washington, DC 20201