• Support in the economic and financial analysis of companies for credit underwriting • Collection, verification and preparation of documentation required for financing applications • Operational management of leasing applications (equipment, auto, real estate) • Use of major leasing platforms for uploading, monitoring and finalizing applications • Liaison with financial institutions, leasing companies and clients • Support in the preparation of business plans and projected cash flows • Monitoring application progress and managing deadlines • Occasional support in handling factoring transactions

• Shape and refine requirements for existing and new B2B products together with the business unit and the Product Owner (PO) • Facilitate and structure strategy processes related to the further development of the B2B product portfolio • Navigate complex stakeholder constellations confidently — including proactive expectation management with a demanding PO • Bring the UX perspective into strategy and requirements discussions without diving into hands-on operational design • Create clarity, structure, and transparency: present options, advocate recommendations, and drive decisions

Role Description The Privacy and Controlled Unclassified Information (CUI) Lead supports the Small Business Administration (SBA) Enterprise Cybersecurity Services (ECS) program by leading enterprise privacy, controlled unclassified information (CUI), data governance, and regulatory compliance initiatives. The Privacy and CUI Lead is responsible for managing privacy compliance activities, CUI governance processes, risk management coordination, data protection initiatives, privacy impact assessments, policy development, training support, audit coordination, and continuous monitoring activities supporting SBA systems, applications, cloud services, and enterprise operations. The role serves as the primary interface between program stakeholders, cybersecurity teams, system owners, legal personnel, and agency leadership regarding privacy and sensitive information protection requirements. - Lead SBA enterprise privacy and Controlled Unclassified Information (CUI) management activities supporting the ECS program. - Provide oversight and coordination for Task Area 3.5.5 Privacy and Controlled Unclassified Information Support activities. - Develop, implement, update, and maintain privacy and CUI policies, procedures, standards, governance documentation, and operational processes. - Support compliance with applicable federal privacy and information protection requirements including the Privacy Act of 1974, FISMA, OMB Circular A-130, NIST SP 800-53 Rev 5, NIST SP 800-171 Rev 3, and SBA cybersecurity/privacy policies. - Lead Privacy Impact Assessments (PIAs), System of Records Notices (SORNs), data flow reviews, and privacy compliance assessments for SBA systems and services. - Manage CUI identification, categorization, marking, handling, safeguarding, dissemination, storage, and destruction activities in accordance with federal standards. - Coordinate privacy and CUI risk management activities with ISSOs, system owners, cybersecurity operations teams, legal counsel, and agency stakeholders. - Support implementation and assessment of privacy and security controls across enterprise systems, cloud environments, SaaS platforms, and hybrid infrastructures. - Provide guidance regarding data minimization, records retention, information sharing, encryption, and data protection best practices. - Support ongoing authorization, continuous monitoring, and security assessment activities related to privacy and CUI controls. - Assist with cybersecurity incident response and breach response activities involving personally identifiable information (PII) or CUI exposure. - Coordinate audit support activities for privacy, CUI, FISMA, Inspector General (IG), GAO, and internal compliance reviews. - Develop and maintain enterprise privacy and CUI dashboards, metrics, risk registers, and reporting mechanisms. - Support enterprise risk management (ERM) activities related to privacy risks, data protection risks, and sensitive information exposure. - Coordinate and deliver privacy and CUI awareness training, onboarding support, and role-based training initiatives. - Provide strategic recommendations regarding privacy governance, data protection technologies, and federal compliance initiatives. - Support FedRAMP continuous monitoring activities involving privacy and CUI requirements for cloud service providers. - Review system architectures, data flows, and operational processes to identify privacy risks and recommend mitigation strategies. - Ensure all deliverables align with SBA implementation procedures, federal mandates, and applicable accessibility requirements including Section 508. - Lead cross-functional coordination meetings involving cybersecurity, compliance, operations, legal, and program management personnel. - Provide management oversight, task coordination, schedule management, quality assurance, and status reporting for assigned privacy and CUI initiatives. Qualifications - Bachelor’s degree in Cybersecurity, Information Assurance, Information Systems, Public Policy, Business Administration, Computer Science, Legal Studies, or related field. Relevant experience may substitute for degree requirements. - Minimum of 10 years of experience supporting federal cybersecurity, privacy, compliance, information assurance, governance, risk management, or CUI-related programs. - Minimum of 5 years of experience leading enterprise privacy, compliance, governance, or cybersecurity initiatives. - Extensive knowledge of federal privacy regulations, cybersecurity frameworks, and controlled unclassified information requirements. - Experience supporting NIST Risk Management Framework (RMF), FISMA compliance, and federal cybersecurity assessment activities. - Strong understanding of NIST SP 800-53 Rev 5, NIST SP 800-171 Rev 3, Privacy Act requirements, FedRAMP, OMB A-130, and Zero Trust principles. - Experience developing privacy documentation, compliance reports, governance processes, risk assessments, and executive-level briefings. - Experience supporting cloud security and privacy compliance across Azure, AWS, Microsoft 365, Salesforce, or SaaS environments. - Strong project management, analytical, communication, and stakeholder engagement skills. - Experience coordinating cross-functional teams in complex federal IT and cybersecurity environments. - Excellent written communication and technical documentation skills. - Experience supporting federal agencies or government cybersecurity/privacy environments preferred. Preferred Certifications - Certified Information Systems Security Professional (CISSP) - Certified Information Privacy Professional/Government (CIPP/G) - Certified Information Privacy Manager (CIPM) - Certified Information Systems Auditor (CISA) - Certified Authorization Professional (CAP) - Project Management Professional (PMP) - Certified in Risk and Information Systems Control (CRISC) - GIAC Information Security Fundamentals (GISF) - Federal Risk and Authorization Management Program (FedRAMP) experience - ITIL Foundation Certification

• Accurately capture and update fund performance data, manager profiles, and market intelligence into the central database. • Cross-verify data entries against source documents (e.g., fact sheets and reports) to ensure 100% accuracy and consistency. • Follow up with fund managers and industry partners via email and telephone to collect missing data or clarify information. • Assist in the preparation of reports, newsletters, and administrative tasks related to the annual Symposium. • Maintain an efficient digital filing system for all industry reports and sensitive commercial documentation.