SonicJobs Logo
Left arrow iconBack to search
  1. Home
  2. 22226, Arlington, VA
  3. ZERO TRUST (ZT) PROCESS RE-ENGINEER SME

ZERO TRUST (ZT) PROCESS RE-ENGINEER SME

Zermount, Inc
Posted a month ago, valid for 25 days
Location

Arlington, VA 22226, US

Salary

Competitive

Contract type

Full Time

By applying, a Sonicjobs account will be created for you. Sonicjobs's Privacy Policy and Terms & Conditions will apply.

SonicJobs' Terms & Conditions and Privacy Policy also apply.

Sonic Summary

info
  • The Zero Trust Process Re-Engineering SME position seeks a senior-level expert to enhance the agency's IT and cybersecurity processes in line with Zero Trust principles, requiring a minimum of 10 years of relevant experience.
  • This role involves providing advisory guidance on compliance with federal mandates, conducting gap analyses, and developing remediation roadmaps to ensure continuous improvement in Zero Trust maturity.
  • Candidates must possess expert knowledge of NIST SP 800-207, NIST SP 800-53 Rev. 5, and related Zero Trust mandates, along with the ability to translate these into actionable agency-level policy frameworks.
  • The position offers a salary of $150,000 per year and requires an active Secret clearance, with a hybrid work location primarily remote but with occasional onsite requirements in Virginia.
  • Successful applicants will collaborate with stakeholders, leverage AI-assisted tools, and engage in real-time risk identification to support the agency's Zero Trust implementation efforts.

 

ZERO TRUST (ZT) PROCESS RE-ENGINEERING SME

 

POSITION OVERVIEW

 

The Zero Trust Process Re-Engineering SME exists to provide senior-level advisory expertise in assessing, analyzing, and re-engineering the agency's enterprise IT and cybersecurity processes to advance its Zero Trust implementation. This role directly supports TSA's compliance with EO 14028, OMB M-22-09, and related federal mandates by translating policy requirements into actionable process change advisory that spans all five CISA ZTMM v2.0 pillars. The expected outcome is a continuously maturing ZT process posture - with advisory findings, roadmap inputs, and common control catalog contributions that drive measurable ZTMM maturity advancement and defensible IG FISMA compliance performance. This is a senior advisory role, not an execution or documentation support position.

 

DUTIES & RESPONSIBILITIES

 

General Duties

  • Provide senior advisory guidance on the re-engineering of the agency's enterprise IT and cybersecurity processes to align with Zero Trust principles across all five CISA ZTMM v2.0 pillars: Identity, Devices, Networks, Applications & Workloads, and Data.
  • Continuously monitor the federal ZT policy and regulatory landscape, including EOs, OMB memoranda, NIST publications, and DHS/CISA directives, and deliver real-time risk identification and actionable advisory recommendations before compliance deadlines arise.
  • Conduct comprehensive gap analyses of existing agency policy documentation against ZT mandates; develop remediation roadmaps and present recommended courses of action for agency concurrence.
  • Provide advisory support for the development and continuous maturation of the agency's ZT Common Control Catalog (CCC), ensuring recommended approaches align with RMF phases and ZT implementation lifecycle milestones.
  • Develop recommended updates to the ZT Roadmap and Implementation Plan, incorporating process re-engineering findings and stakeholder input for agency review and approval.
  • Apply real-time analysis of process performance data and ZT maturity indicators to proactively surface emerging risk areas and deliver timely recommendations, moving beyond periodic reporting to support continuous risk mitigation.
  • Collaborate with cross-functional stakeholders to validate process outcomes and provide recommended courses of action for continuous improvement.
  • Support all internal and external ZT data calls, requests, audits, and compliance updates; ensure recommended responses are developed and provided for agency review.
  • Develop recommended new and revised cybersecurity policy documents and SOPs; all final documentation is subject to agency review and approval.
  • Provide senior advisory support to ZT leadership on planning, scheduling, solution development, reporting, performance metrics, and program governance.
  • Leverage AI-assisted analysis tools, automation platforms, and prompt engineering techniques to enhance advisory productivity, accelerate gap analysis and documentation tasks, and enable focus on higher-value technical advisory work; apply all AI capabilities in accordance with agency acceptable use policies and Zermount's ethical AI use guidelines.

 

SUBJECT MATTER EXPERTISE

 

Subject Matter Expertise (SME) Area #1 – Zero Trust Policy, Process Re-Engineering & Federal Compliance Advisory

  • Expert-level mastery of CISA ZTMM v2.0 across all five pillars including demonstrated ability to conduct gap assessments, produce maturity findings, and translate ZTMM criteria into agency-level process change recommendations.
  • Authoritative knowledge of federal ZT mandates including EO 14028, OMB M-22-09, OMB M-21-31, NIST SP 800-207, NIST SP 800-53 Rev. 5, FISMA, and IG FISMA metrics criteria; ability to independently interpret and apply new guidance as it is released.
  • Demonstrated capability to lead enterprise-scale process re-engineering efforts in a federal environment - producing advisory artifacts such as gap analyses, process inventories, opportunity registers, change impact analyses, and CISO-ready briefings.
  • Expert-level proficiency in ZT Common Control Catalog development, including control mapping to NIST SP 800-53 control families across all five ZTMM pillars.
  • Independent decision-making authority on process re-engineering advisory scope, methodology selection, and recommended approach.
  • Problem-solving at the intersection of policy compliance and operational process design. Able to diagnose root causes of ZT maturity gaps, prioritize remediation advisory, and sequence recommendations across competing program constraints.

 

SME Area #2 – Enterprise IT Architecture & Technical Domain Fluency

  • Foundational working knowledge of enterprise IT systems architecture, including cloud platforms (Azure, AWS, or GCP), network environments, database systems, and systems administration - sufficient to assess ZT process impacts across technical domains and engage credibly with technical stakeholders and pillar SMEs.
  • Familiarity with enterprise IT service management frameworks (e.g., ITIL) and their intersection with cybersecurity process design and ZT implementation planning.
  • Understanding of hybrid cloud and on-premises infrastructure models as they relate to ZT policy applicability and process re-engineering scope.
  • Supports primary ZT policy advisory function by enabling cross-domain process assessment that spans Identity, Devices, Networks, Applications, and Data, avoiding siloed policy analysis that ignores technical implementation realities.
  • Interacts directly with pillar SMEs (Identity, Network, Devices, Data, Apps & Workloads) to validate process re-engineering recommendations against technical feasibility and implementation constraints.

QUALIFICATIONS

Minimum Requirements

  • A minimum of 10 years as a Policy Analyst, Process Re-Engineer, or Senior Policy Writer for an enterprise IT or cybersecurity program with demonstrated Zero Trust scope.
  • Expert knowledge of NIST SP 800-207, NIST SP 800-53 Rev. 5, FISMA, and federal ZT mandates including EO 14028, OMB M-22-09, and OMB M-21-31.
  • Demonstrated ability to lead process re-engineering efforts directly supporting ZT implementation.
  • Experience developing or maturing enterprise ZT artifacts including Common Control Catalogs, ZT roadmaps, and implementation plans.
  • Demonstrated operational experience developing and implementing Zero Trust solutions in a federal agency or large enterprise environment.
  • Proven experience translating ZT mandates into actionable agency-level policy frameworks, process change initiatives, and implementation roadmaps.
  • Experience supporting or leading ZT-related IG FISMA metrics reporting or FISMA ZT compliance submissions.
  • Superb written and oral communication skills; demonstrated ability to navigate highly political client environments with professionalism and tact.
  • Demonstrated familiarity with AI-assisted analysis tools or prompt engineering; ability to apply AI capabilities ethically to accelerate advisory work.

Preferred Qualifications

  • Five years of IT cybersecurity experience, including direct support to the U.S. Government. This experience can be concurrent with the minimum 10 years of Policy Analyst, Process Re-Engineer, or Senior Policy Writer experience.
  • Prior direct involvement in a federal ZT pilot program or enterprise ZT deployment in a planning, advisory, or execution leadership capacity.
  • Experience developing or significantly maturing a ZT Common Control Catalog aligned to NIST SP 800-53 and CISA ZTMM v2.0.
  • Familiarity with SAFe for Government (SGP) or equivalent agile delivery methodology in a federal program environment.
  • Experience with IG FISMA audit preparation and response in the context of federal ZT or FISMA compliance programs.

Competencies

  • Technical: CISA ZTMM v2.0 (all five pillars), NIST SP 800-207, NIST SP 800-53 Rev. 5, RMF, FISMA, IG FISMA metrics, EO 14028, OMB M-22-09, Common Control Catalog development, enterprise process re-engineering methodology, AI-assisted analysis.
  • Leadership: Senior advisory engagement with CISO-level and senior federal leadership; ability to bring forward recommended solutions for concurrence rather than soliciting open-ended direction; cross-pillar SME coordination; program governance support.
  • Behavioral: Proactive risk identification and real-time advisory posture; political acumen in complex federal client environments; high attention to detail in policy analysis and artifact production; continuous learning orientation toward evolving federal ZT guidance.

Education & Certifications

  • Minimum of a Bachelor of Science (or higher) in Information Technology, Computer Science, Cybersecurity, or a related field.
  • Required: Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP), or Certified Authorization Professional (CAP / CGRC), or equivalent certification.
  • Strongly preferred: Certified Chief Information Security Officer (CCISO), Project Management Professional (PMP), or Six Sigma Green Belt.

 

Clearance level

  • Active Secret clearance is required.

 

WORK LOCATION

 

  • Hybrid – Primarily Remote. Occasional onsite work required at the client location in Springfield, VA and Zermount HQ in Arlington, VA.

 

HOURS OF OPERATION

 

  • Business Hours: 8:00 AM EST – 4:30 PM EST.
  • Core Hours: 9:00 AM EST – 3:00 PM EST.

 

REPORTING STRUCTURE

 

  • Reports To: ZT SME Team Lead
  • Direct Reports: None.


Learn more about this Employer on their Career Site

Apply now in a few quick clicks

By applying, a Sonicjobs account will be created for you. Sonicjobs's Privacy Policy and Terms & Conditions will apply.

SonicJobs' Terms & Conditions and Privacy Policy also apply.

Logo
SonicJobs
Your next career move. Sorted.
Search jobsbackground image

Contact us

© 2017 - 2026 SonicJobs Inc. All rights reserved

Terms & Conditions | Privacy Policy | Browse Jobs