• The Cybersecurity Subject Matter Expert (SME) will be responsible for leading and executing the comprehensive cybersecurity program to protect the Agency’s Enterprise Infrastructure. • The SME will manage all aspects of security compliance, Risk Management Framework (RMF) activities, and vulnerability management to ensure systems maintain their Authority to Operate (ATO) and are compliant with all DoD and Agency policies. • Lead all activities required to maintain current and achieve new ATOs and Authorities to Connect (ATCs) for all Agency systems. • Perform as the System-Level Information System Security Officer (S-ISSO), managing day-to-day security operations. • Direct the vulnerability management program by ensuring all vulnerabilities identified by tools such as ACAS and SCAP are remediated. • Oversee and perform IAVM compliance patching, STIG compliance, and remediation for all IT assets. • Support all internal and external security reviews, including CSSP vulnerability assessments, CORA, IG audits, and penetration testing. • Collaborate with government and development teams on the 'System Security Package.'

• Train new biosecurity auditors on Orbit’s audit procedures, digital tools, reporting processes, and expectations • Create or update training materials, checklists, and reference guides • Offer ongoing coaching and answer auditor questions as they arise • Review submitted audits for completeness, accuracy, and adherence to Orbit standards • Identify inconsistencies, missing information, or deviations from protocol • Provide feedback and corrective guidance to auditors when needed • Conduct secondary reviews of flagged audits to ensure integrity • Serve as the primary support contact for the biosecurity audit team • Host periodic remote check-ins to ensure auditors remain aligned with quality expectations • Monitor auditor performance metrics and document trends or issues • Recommend improvements to audit processes or standards • Maintain digital records of auditor performance, quality scores, and audit outcomes • Summarize audit trends, compliance gaps, or training needs for leadership • Collaborate with management on refining biosecurity audit criteria or tools

• Conducting thorough assessments of IT systems • Analyzing diverse sources of threat intelligence • Implementing measures to safeguard applications and data • Establishing and maintaining robust access control mechanisms • Handling security incidents and monitoring the IT estate • Configuring and troubleshooting security infrastructure devices • Developing innovative technical solutions and security tools • Generating required reports related to security • Staying abreast of the latest security news, trends, and emerging vulnerabilities

• Define and lead the execution of a multi-year global cybersecurity awareness and education strategy. • Manage and optimize the enterprise-wide online security training program, including platform management, course selection, mandatory learning assignments, tracking, and reporting. • Plan and run simulated phishing campaigns, analyze results, identify risk trends, and develop targeted education for vulnerable groups. • Design and deliver on-site and virtual educational initiatives, such as workshops, presentations, and security roadshows. • Lead and develop a small global team of security awareness specialists, while overseeing external content creation partners and training vendors. • Measure and report the effectiveness of security awareness initiatives, using KPIs, behavioral indicators, phishing metrics, and employee engagement data.