CISA Cyber Policy and Strategy Planner

This role develops and maintains cybersecurity plans, strategy, and policy to support and align with organizational cybersecurity initiatives and regulatory compliance.

Personnel performing this role may unofficially or alternatively be called:

  • Cyber Policy Writer and Strategist
  • Cyber Strategic Advisor
  • Governance Specialist / Manager
  • Policy Analyst
  • Policy and Planning Analyst
  • Policy and Strategy Manager
  • Policy Compliance Analyst
  • Policy Manager
  • Regulatory Affairs Analyst
  • Strategic IT Policy Planner
  • Strategic Planning Manager

Skill Community: Cross Functional
Category: Oversee and Govern
Specialty Area: Strategic Planning and Policy

Core Tasks

  • Develop policy, programs, and guidelines for implementation. (T0074)
  • Establish and maintain communication channels with stakeholders. (T0094)
  • Review existing and proposed policies with stakeholders. (T0222)
  • Serve on agency and interagency policy boards. (T0226)
  • Promote awareness of cyber policy and strategy as appropriate among management and ensure sound principles are reflected in the organization's mission, vision, and goals. (T0384)
  • Interpret and apply applicable laws, statutes, and regulatory documents and integrate into policy. (T0408)
  • Analyze organizational cyber policy. (T0425)
  • Assess policy needs and collaborate with stakeholders to develop policies to govern cyber activities. (T0429)
  • Define and integrate current and future mission environments. (T0441)
  • Design/integrate a cyber strategy that outlines the vision, mission, and goals that align with the organization’s strategic plan. (T0445)
  • Draft, staff, and publish cyber policy. (T0472)
  • Monitor the rigorous application of cyber policies, principles, and practices in the delivery of planning and management services. (T0505)
  • Seek consensus on proposed policy changes from stakeholders. (T0506)
  • Provide policy guidance to cyber management, staff, and users. (T0529)
  • Review, conduct, or participate in audits of cyber programs and projects. (T0533)
  • Support the CIO in the formulation of cyber-related policies. (T0537)

Core Competencies

  • External Awareness
  • Legal, Government, and Jurisprudence
  • Organizational Awareness
  • Policy Management
  • Strategic Planning
  • Technology Awareness

Core Knowledge, Skills, Abilities (KSAs)

  • Ability to leverage best practices and lessons learned of external organizations and academic institutions dealing with cyber issues. (A0037)
  • Knowledge of applicable laws, statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures. (K0168)
  • Knowledge of the organization's core business/mission processes. (K0146)
  • Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities. (A0033)
  • Knowledge of strategic theory and practice. (K0248)
  • Knowledge of emerging technologies that have potential for exploitation. (K0309)
  • Knowledge of current and emerging cyber technologies. (K0335)

How to Apply


To apply for this work role, submit an application to one or more of CISA's vacancy announcements. Please ensure your resume has been updated to reflect your demonstrated experience performing the above tasks and describe your exposure to the listed competencies.

  1. Assign the appropriate Task ID and/or Core KSA ID to each experience statement in your resume. Task and KSA IDs are listed in parenthesis at the end of each bullet above.
  2. You must also include demonstrated experience on the four required competencies:
  • Attention to Detail
  • Customer Service
  • Oral Communication
  • Problem Solving

Was this webpage helpful?  Yes  |  Somewhat  |  No