Cyber Program Manager

Cherokee Federal

  • Washington DC
  • Permanent
  • Full-time
  • 5 days ago
Job Description:As required by our governmental client, this position requires an active Public Trust to be considered.A government contract requires that this position be restricted to U.S. citizens or legal permanent residents. You must provide documentation that you are a U.S. citizen or legal permanent resident to qualify.As a Program Manager supporting a federal department OCIO, you will be responsible for managing cybersecurity projects of various levels of risk and complexity. This role includes providing leadership, project oversight, and subject matter expertise for cybersecurity operations and information assurance activities. You will serve as the primary customer contact and be responsible for management, coordination and optimizing your team's performance. Responsible for oversight of program/project budget and schedules. You will collaborate with cross-functional teams to implement processes that improve operational efficiency and support the department's mission.Compensation & Benefits:Estimated Starting Salary Range for Program Manager: Pay commensurate with experience.Full time benefits include Medical, Dental, Vision, 401K, and other possible benefits as provided. Benefits are subject to change with or without notice.Program Manager Responsibilities Include:
  • Provide project oversight, coordination and management for each work task as required.
  • Develop and maintain a project plan(s) and schedules to support activities; project plan status reports shall follow a review schedule to track project progress, finances, risk and/or issues, status and resolutions.
  • Provide management and cybersecurity support following the Agile engineering model, focusing on delivery while supporting change and adhering to existing processing standards i.e. National Institute Standards and Technology (NIST) Special Publications, Binding Operating Directive, Executive Orders and mandates.
  • Provide Weekly Status Reports documenting activities of the previous week and identifying planned sprint activities for the following months. The reports must include, at a minimum, the following information:
  • Overview of work completed, in progress, and planned for each task, by subtask.
  • Personnel, labor categories and hours expended on each task, by subtask.
  • Status of individual deliverables and all planned activities for each task, by subtask.
  • Identification of risk areas with recommended remedial actions.
  • Status of all issues and risks identified during previous week's status reports.
  • Your team will be responsible for:
  • Provide support to the continuous monitoring process, assessing and evaluating Information System (Hardware and Software) inventory to detect vulnerabilities, identifying critical and high weakness via insecure application development techniques, inherited controls from Common Control Provider including FedRAMP cloud service providers (CSP), networked enclaves, and provide remediation or corrective actions to improve the security posture.
  • Provide support in tracking and ongoing evaluation of weakness, vulnerabilities in the agency's Continuous Diagnostic and Mitigation (CDM), other identified security tool suite or other detection reports, issued corrective action plans, re-mediating addressing issues affecting the security posture of applications information system infrastructure.
  • Provide cybersecurity expertise to support cybersecurity in the System's Development Life Cycle (SDLC) process, including supporting processing for requirements review in development phases (Agile, Spiral, DEVSECOPS or Waterfall model), annual Security Assessment and Authorization (SA&A), and Information System Continuous Monitoring (ISCM).
  • Develop / update information system's data for Privacy Impact Assessments (PIAs), Privacy Threshold Analyses (PTAs), and System of Record Notices (SORNs). This includes interfacing/coordinating with the System Owner (SO) that originates/has responsibility for the document to ensure the PIA/PTA/SORN contains appropriate information to be approved/adjudicated by the Privacy Office for inclusion in System Authorization package.
  • Assist the System Owner, Information Owner, Component Privacy Officer and Information System Security Manager (ISSM) in recording all known security weaknesses of assigned information systems in the Plans of Action and Milestones (POA&M's) in accordance with Federal policy, guides and procedures.
  • Develop Draft Plan of Action and Milestones (POA&M) for observed control level deficiencies or gaps control implementation(s) in accordance with the Department's policy, guides and procedures.
  • Conduct quality assurance reviews of existing POA&Ms to ensure completeness, accuracy and identified solutions are cost effective.
  • Support the information system contingency planning process in accordance with NIST SP 800-34 Revision (Current), Guide to Test, Training and Exercise Programs for Information Technology Plans and Capabilities and ensure contingency plan test exercises results are documented in an after-action report, and Lessons Learned corrective actions are captured for updating information in the Information Systems Contingency Plan (ISCP).
  • Performs other job-related duties as assigned.
Program Manager Experience, Education, Skills, Abilities requested:
  • With bachelor's degree in information systems or related field, at least 8 years of experience required
  • Without bachelor's degree, at least 12 years related experience required
  • Minimum of 6 years of program management and cybersecurity team lead experience
  • 5 years of experience with federal government customers creating and maintaining IT Authorization to Operate (ATO) packages for new systems and interfacing/coordinating with the System Owners (SO), Business Owners, System Maintainers, and Developers
  • Ability to plan, execute and develop report for application vulnerability analysis and provide technical recommendations to maintain and improve mission functionality.
  • Minimum of 6 years' information system and network security experience with an emphasis in Information Assurance
  • Keen understanding Federal Information Security Modernization Act 2014 (FISMA) and federal requirement for reporting.
  • Keen understanding of the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) in detail of all supporting steps and Cybersecurity Framework (CSF) and Privacy Act.
  • Knowledge General Services Administration Federal Risk and Authorization Management Program (FedRAMP) including process for continuous monitoring.
  • Performing vulnerability application and database security assessment, scanning and results interpretation.
Understand the Federal Government's deployment of Information Security Continuous Monitoring (ISCM), the Continuous Diagnostics and Mitigation (CDM) Program, organizational phases and technologies. * SME knowledge of enterprise security architecture methodologies, concepts, procedures, principles, and tools.
  • Contingency planning and backup and recovery experience and application of NIST guidance in this area.
  • Experience using security control and privacy control findings and status from assessment to develop POA&M for controls that should be put in place to re-mediate vulnerabilities.
  • Ability to work with customers to assess needs, provide assistance, resolve problems, satisfy expectations; knows products and services.
  • Understanding of the principles, methods, or tools for developing, scheduling, coordinating, and managing projects and resources, including monitoring work, and performance.
  • Understanding of the principles, methods, and tools of quality assurance and quality control used to ensure a product fulfills functional requirements and standards.
  • Proficient in Microsoft Office products: Word, Excel, PowerPoint, Visio, Teams, Power BI, Tableau, and SharePoint.
  • Experience with managing Federal contracts projects and must have the ability to communicate effectively both orally and in writing.
Education:
  • Bachelor's degree in technical area or equivalent work experience
Certification Required:
  • PMP
  • CISSP
Company Information:Criterion is a part of Cherokee Federal - the division of tribally owned federal contracting companies owned by Cherokee Nation Businesses. As a trusted partner for more than 60 federal clients, Cherokee Federal LLCs are focused on building a brighter future, solving complex challenges, and serving the government's mission with compassion and heart. To learn more about Criterion, visit cherokee-federal.com.Legal Disclaimer: All qualified applicants will receive consideration for employment without regard to protected veteran status, disability or any other status protected under applicable federal, state or local law. Many of our job openings require access to government buildings or military installations. Candidates must pass pre-employment qualifications of Cherokee Federal.#CherokeeFederal #LI-PY1Cherokee Federal is a military friendly employer. Veterans and active military transitioning to civilian status are encouraged to apply.Similar searchable job titles:Project LeadCybersecurity SMEInformation Systems Security ManagerKeywords:NISTInformation SystemsTroubleshootingSystem SecurityCybersecurity AnalysisATO documentationPerformance OptimizationUser Support

Cherokee Federal