CISA Cyber Policy and Strategy Planner


This role develops and maintains cybersecurity plans, strategy, and policy to support and align with organizational cybersecurity initiatives and regulatory compliance.

Personnel performing this role may unofficially or alternatively be called:

  • Cyber Policy Writer and Strategist
  • Cyber Strategic Advisor
  • Governance Specialist / Manager
  • Policy Analyst
  • Policy and Planning Analyst
  • Policy and Strategy Manager
  • Policy Compliance Analyst
  • Policy Manager
  • Regulatory Affairs Analyst
  • Strategic IT Policy Planner
  • Strategic Planning Manager

Skill Community: Cross Functional
Category: Oversee and Govern
Specialty Area: Strategic Planning and Policy
Work Role Code: 752

Core Tasks

  • Develop policy, programs, and guidelines for implementation. (T0074)
  • Establish and maintain communication channels with stakeholders. (T0094)
  • Review existing and proposed policies with stakeholders. (T0222)
  • Serve on agency and interagency policy boards. (T0226)
  • Promote awareness of cyber policy and strategy as appropriate among management and ensure sound principles are reflected in the organization's mission, vision, and goals. (T0384)
  • Interpret and apply applicable laws, statutes, and regulatory documents and integrate into policy. (T0408)
  • Analyze organizational cyber policy. (T0425)
  • Assess policy needs and collaborate with stakeholders to develop policies to govern cyber activities. (T0429)
  • Define and integrate current and future mission environments. (T0441)
  • Design/integrate a cyber strategy that outlines the vision, mission, and goals that align with the organization’s strategic plan. (T0445)
  • Draft, staff, and publish cyber policy. (T0472)
  • Monitor the rigorous application of cyber policies, principles, and practices in the delivery of planning and management services. (T0505)
  • Seek consensus on proposed policy changes from stakeholders. (T0506)
  • Provide policy guidance to cyber management, staff, and users. (T0529)
  • Review, conduct, or participate in audits of cyber programs and projects. (T0533)
  • Support the CIO in the formulation of cyber-related policies. (T0537)

Core Competencies

  • External Awareness
  • Legal, Government, and Jurisprudence
  • Organizational Awareness
  • Policy Management
  • Strategic Planning
  • Technology Awareness

Core Knowledge, Skills, Abilities (KSAs)

  • Ability to leverage best practices and lessons learned of external organizations and academic institutions dealing with cyber issues. (A0037)
  • Knowledge of applicable laws, statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures. (K0168)
  • Knowledge of the organization's core business/mission processes. (K0146)
  • Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities. (A0033)
  • Knowledge of strategic theory and practice. (K0248)
  • Knowledge of emerging technologies that have potential for exploitation. (K0309)
  • Knowledge of current and emerging cyber technologies. (K0335)

Join the Mission

CISA is always searching for diverse, talented, and highly motivated professionals to continue its mission of securing the nation’s critical infrastructure. CISA is more than a great place to work; our workforce tackles the risks and threats that matter most to the nation, our families, and communities.

To join this mission, visit USAJOBs and/or the DHS Cybersecurity Service to view job announcements and to access the application. Be sure to tailor your resume to the specific job announcement, attach relevant documents, and complete all required assessments. 

When applying for CISA’s cyber positions, please review CISA’s cyber roles above and update your resume to align your experience with the listed competencies. Your resume must also show demonstrated cyber/IT related experience in:

  • Attention to Detail
  • Customer Service
  • Oral Communication
  • Problem Solving

To receive email notifications when new CISA positions are announced, set up a “saved search” on USAJOBs with keyword “Cybersecurity and Infrastructure Security Agency.

Individuals eligible for special hiring authorities may also be considered during CISA’s one-stop hiring events or by emailing Veterans@cisa.dhs.gov or Careers@cisa.dhs.gov.

Was this webpage helpful?  Yes  |  Somewhat  |  No