Privacy and Controlled Unclassified Information (CUI) Lead Job Description

Position Summary

Essential Duties and Responsibilities

• Lead SBA enterprise privacy and Controlled Unclassified Information (CUI) management activities supporting the ECS program.
• Provide oversight and coordination for Task Area 3.5.5 Privacy and Controlled Unclassified Information Support activities.
• Develop, implement, update, and maintain privacy and CUI policies, procedures, standards, governance documentation, and operational processes.
• Support compliance with applicable federal privacy and information protection requirements including the Privacy Act of 1974, FISMA, OMB Circular A-130, NIST SP 800-53 Rev 5, NIST SP 800-171 Rev 3, and SBA cybersecurity/privacy policies.
• Lead Privacy Impact Assessments (PIAs), System of Records Notices (SORNs), data flow reviews, and privacy compliance assessments for SBA systems and services.
• Manage CUI identification, categorization, marking, handling, safeguarding, dissemination, storage, and destruction activities in accordance with federal standards.
• Coordinate privacy and CUI risk management activities with ISSOs, system owners, cybersecurity operations teams, legal counsel, and agency stakeholders.
• Support implementation and assessment of privacy and security controls across enterprise systems, cloud environments, SaaS platforms, and hybrid infrastructures.
• Provide guidance regarding data minimization, records retention, information sharing, encryption, and data protection best practices.
• Support ongoing authorization, continuous monitoring, and security assessment activities related to privacy and CUI controls.
• Assist with cybersecurity incident response and breach response activities involving personally identifiable information (PII) or CUI exposure.
• Coordinate audit support activities for privacy, CUI, FISMA, Inspector General (IG), GAO, and internal compliance reviews.
• Develop and maintain enterprise privacy and CUI dashboards, metrics, risk registers, and reporting mechanisms.
• Support enterprise risk management (ERM) activities related to privacy risks, data protection risks, and sensitive information exposure.
• Coordinate and deliver privacy and CUI awareness training, onboarding support, and role-based training initiatives.
• Provide strategic recommendations regarding privacy governance, data protection technologies, and federal compliance initiatives.
• Support FedRAMP continuous monitoring activities involving privacy and CUI requirements for cloud service providers.
• Review system architectures, data flows, and operational processes to identify privacy risks and recommend mitigation strategies.
• Ensure all deliverables align with SBA implementation procedures, federal mandates, and applicable accessibility requirements including Section 508.
• Lead cross-functional coordination meetings involving cybersecurity, compliance, operations, legal, and program management personnel.
• Provide management oversight, task coordination, schedule management, quality assurance, and status reporting for assigned privacy and CUI initiatives.

Minimum Qualifications

• Bachelor’s degree in Cybersecurity, Information Assurance, Information Systems, Public Policy, Business Administration, Computer Science, Legal Studies, or related field. Relevant experience may substitute for degree requirements.
• Minimum of 10 years of experience supporting federal cybersecurity, privacy, compliance, information assurance, governance, risk management, or CUI-related programs.
• Minimum of 5 years of experience leading enterprise privacy, compliance, governance, or cybersecurity initiatives.
• Extensive knowledge of federal privacy regulations, cybersecurity frameworks, and controlled unclassified information requirements.
• Experience supporting NIST Risk Management Framework (RMF), FISMA compliance, and federal cybersecurity assessment activities.
• Strong understanding of NIST SP 800-53 Rev 5, NIST SP 800-171 Rev 3, Privacy Act requirements, FedRAMP, OMB A-130, and Zero Trust principles.
• Experience developing privacy documentation, compliance reports, governance processes, risk assessments, and executive-level briefings.
• Experience supporting cloud security and privacy compliance across Azure, AWS, Microsoft 365, Salesforce, or SaaS environments.
• Strong project management, analytical, communication, and stakeholder engagement skills.
• Experience coordinating cross-functional teams in complex federal IT and cybersecurity environments.
• Excellent written communication and technical documentation skills.
• Experience supporting federal agencies or government cybersecurity/privacy environments preferred.

Preferred Certifications

• Certified Information Systems Security Professional (CISSP)
• Certified Information Privacy Professional/Government (CIPP/G)
• Certified Information Privacy Manager (CIPM)
• Certified Information Systems Auditor (CISA)
• Certified Authorization Professional (CAP)
• Project Management Professional (PMP)
• Certified in Risk and Information Systems Control (CRISC)
• GIAC Information Security Fundamentals (GISF)
• Federal Risk and Authorization Management Program (FedRAMP) experience
• ITIL Foundation Certification