ZERO TRUST (ZT) PROCESS RE-ENGINEER SME

ZERO TRUST

(ZT)

PROCESS RE-ENGINEERING SME POSITION OVERVIEW

The Zero Trust Process Re-Engineering SME exists to provide senior-level advisory expertise in assessing, analyzing, and re-engineering the agency's enterprise IT and cybersecurity processes to advance its Zero Trust implementation. This role directly supports TSA's compliance with

EO 14028, OMB

M-22-09, and related federal mandates by translating policy requirements into actionable process change advisory that spans all five

CISA ZTMM

v2.0 pillars. The expected outcome is a continuously maturing ZT process posture•with advisory findings, roadmap inputs, and common control catalog contributions that drive measurable ZTMM maturity advancement and defensible

IG FISMA

compliance performance. This is a senior advisory role, not an execution or documentation support position.

DUTIESRESPONSIBILITIES

General Duties Provide senior advisory guidance on the re-engineering of the agency's enterprise IT and cybersecurity processes to align with Zero Trust principles across all five

CISA ZTMM

v2.0 pillars: Identity, Devices, Networks, ApplicationsWorkloads, and Data. Continuously monitor the federal ZT policy and regulatory landscape, including EOs, OMB memoranda, NIST publications, and

DHS/CISA

directives, and deliver real-time risk identification and actionable advisory recommendations before compliance deadlines arise. Conduct comprehensive gap analyses of existing agency policy documentation against ZT mandates; develop remediation roadmaps and present recommended courses of action for agency concurrence. Provide advisory support for the development and continuous maturation of the agency's ZT Common Control Catalog (CCC), ensuring recommended approaches align with RMF phases and ZT implementation lifecycle milestones. Develop recommended updates to the ZT Roadmap and Implementation Plan, incorporating process re-engineering findings and stakeholder input for agency review and approval. Apply real-time analysis of process performance data and ZT maturity indicators to proactively surface emerging risk areas and deliver timely recommendations, moving beyond periodic reporting to support continuous risk mitigation. Collaborate with cross-functional stakeholders to validate process outcomes and provide recommended courses of action for continuous improvement. Support all internal and external ZT data calls, requests, audits, and compliance updates; ensure recommended responses are developed and provided for agency review. Develop recommended new and revised cybersecurity policy documents and SOPs; all final documentation is subject to agency review and approval. Provide senior advisory support to ZT leadership on planning, scheduling, solution development, reporting, performance metrics, and program governance. Leverage AI-assisted analysis tools, automation platforms, and prompt engineering techniques to enhance advisory productivity, accelerate gap analysis and documentation tasks, and enable focus on higher-value technical advisory work; apply all AI capabilities in accordance with agency acceptable use policies and Zermount's ethical AI use guidelines.

SUBJECT MATTER EXPERTISE

Subject Matter Expertise (SME) Area #1•Zero Trust Policy, Process Re-EngineeringFederal Compliance Advisory Expert-level mastery of

CISA ZTMM

v2.0 across all five pillars including demonstrated ability to conduct gap assessments, produce maturity findings, and translate ZTMM criteria into agency-level process change recommendations. Authoritative knowledge of federal ZT mandates including

EO 14028, OMB M-22-09, OMB M-21-31, NIST SP 800-207, NIST SP 800-53

Rev. 5, FISMA, and

IG FISMA

metrics criteria; ability to independently interpret and apply new guidance as it is released. Demonstrated capability to lead enterprise-scale process re-engineering efforts in a federal environment•producing advisory artifacts such as gap analyses, process inventories, opportunity registers, change impact analyses, and CISO-ready briefings. Expert-level proficiency in ZT Common Control Catalog development, including control mapping to

NIST SP 800-53

control families across all five ZTMM pillars. Independent decision-making authority on process re-engineering advisory scope, methodology selection, and recommended approach. Problem-solving at the intersection of policy compliance and operational process design. Able to diagnose root causes of ZT maturity gaps, prioritize remediation advisory, and sequence recommendations across competing program constraints. SME Area #2•Enterprise IT ArchitectureTechnical Domain Fluency Foundational working knowledge of enterprise IT systems architecture, including cloud platforms (Azure, AWS, or GCP), network environments, database systems, and systems administration•sufficient to assess ZT process impacts across technical domains and engage credibly with technical stakeholders and pillar SMEs. Familiarity with enterprise IT service management frameworks (e.g., ITIL) and their intersection with cybersecurity process design and ZT implementation planning. Understanding of hybrid cloud and on-premises infrastructure models as they relate to ZT policy applicability and process re-engineering scope. Supports primary ZT policy advisory function by enabling cross-domain process assessment that spans Identity, Devices, Networks, Applications, and Data, avoiding siloed policy analysis that ignores technical implementation realities. Interacts directly with pillar SMEs (Identity, Network, Devices, Data, AppsWorkloads) to validate process re-engineering recommendations against technical feasibility and implementation constraints.

QUALIFICATIONS

Minimum Requirements A minimum of 10 years as a Policy Analyst, Process Re-Engineer, or Senior Policy Writer for an enterprise IT or cybersecurity program with demonstrated Zero Trust scope. Expert knowledge of

NIST SP 800-207, NIST SP 800-53

Rev. 5, FISMA, and federal ZT mandates including

EO 14028, OMB

M-22-09, and

OMB M-21-31.

Demonstrated ability to lead process re-engineering efforts directly supporting ZT implementation. Experience developing or maturing enterprise ZT artifacts including Common Control Catalogs, ZT roadmaps, and implementation plans. Demonstrated operational experience developing and implementing Zero Trust solutions in a federal agency or large enterprise environment. Proven experience translating ZT mandates into actionable agency-level policy frameworks, process change initiatives, and implementation roadmaps. Experience supporting or leading ZT-related

IG FISMA

metrics reporting or

FISMA ZT

compliance submissions. Superb written and oral communication skills; demonstrated ability to navigate highly political client environments with professionalism and tact. Demonstrated familiarity with AI-assisted analysis tools or prompt engineering; ability to apply AI capabilities ethically to accelerate advisory work. Preferred Qualifications Five years of IT cybersecurity experience, including direct support to the U.S. Government. This experience can be concurrent with the minimum 10 years of Policy Analyst, Process Re-Engineer, or Senior Policy Writer experience. Prior direct involvement in a federal ZT pilot program or enterprise ZT deployment in a planning, advisory, or execution leadership capacity. Experience developing or significantly maturing a ZT Common Control Catalog aligned to NIST SP 800-53 and

CISA ZTMM

v2.0. Familiarity with SAFe for Government (SGP) or equivalent agile delivery methodology in a federal program environment. Experience with

IG FISMA

audit preparation and response in the context of federal ZT or FISMA compliance programs.

Competencies Technical:

CISA ZTMM

v2.0 (all five pillars), NIST

SP 800-207, NIST SP 800-53

Rev. 5, RMF, FISMA, IG FISMA metrics, EO 14028, OMB M-22-09, Common Control Catalog development, enterprise process re-engineering methodology, AI-assisted analysis.

Leadership:

Senior advisory engagement with CISO-level and senior federal leadership; ability to bring forward recommended solutions for concurrence rather than soliciting open-ended direction; cross-pillar SME coordination; program governance support.

Behavioral:

Proactive risk identification and real-time advisory posture; political acumen in complex federal client environments; high attention to detail in policy analysis and artifact production; continuous learning orientation toward evolving federal ZT guidance. EducationCertifications Minimum of a Bachelor of Science (or higher) in Information Technology, Computer Science, Cybersecurity, or a related field.

Required:

Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP), or Certified Authorization Professional (CAP / CGRC), or equivalent certification.

Strongly preferred:

Certified Chief Information Security Officer (CCISO), Project Management Professional (PMP), or Six Sigma Green Belt. Clearance level Active Secret clearance is required.

WORK LOCATION

Hybrid•Primarily Remote. Occasional onsite work required at the client location in Springfield, VA and Zermount HQ in Arlington, VA.

HOURS OF OPERATION

Business Hours:

8:00 AM EST•4:30 PM EST.

Core Hours:

9:00 AM EST•3:00 PM

EST. REPORTING STRUCTURE

Reports To:

ZT SME Team Lead Direct Reports:

None.