This position is located in our VA, Leesburg facility
Program Manager should be a proven team player with excellent oral and written communications skills and the ability to work in high pace / demanding environment with technical staff implementing processes and procedures and senior / executive customer staff at an agency policy level.
Manages and is responsible for the successful completion of all tasks in assigned program area including policy, implementation, and oversight of the projects infrastructure security management, technical work, staff supervision, financial and business development activities
At this level, the position is typically responsible for program(s) with annual revenues of $5-10 million and is typically responsible for managing 25-50 employees both exempt and non-exempt and including one or more subordinate supervisors - working on multiple projects and tasks.
The Program Manager will serve as the focal point in addressing and reporting unanticipated threats and security incidents to the Client Program Office ISSO, ATO ISSM, the Cyber Operations Center, and the CSMC within 15 minutes according to the communications mechanisms specified by the Government. Security certification such as CISSP, CISM, or Certificate of Cloud Security Knowledge (CCSK) is preferred.
1. Manages and is responsible for the successful completion of all tasks in assigned program area including technical work, financial and business development activities
2. Directs the development and implementation of the Information Systems Security for the assigned project(s)
3. Supervises assigned technical and administrative staff, including subordinate supervisors, and performs personnel actions including hiring and performance evaluation.
4. Directs program activities to meet client and organization work objectives and serves as a liaison with clients to coordinate activities, negotiate tasks, and solve problems.
5. Responsible for profitability and revenue growth of assigned program(s).
6. At least supervisory 5 years of successful mid to large ($1M) program management, with proven experience managing complex information security projects.
7. Assures quality of program products, services, and deliverables, including participating in reviews, audits, and site visits.
8. Performs business development activities, including the preparation and review of technical and cost proposals.
9. Performs program financial management services, including financial analysis, budget and cost quote preparation, cost management, reconciliation, and profit enhancement.
10. Coordinates and monitors sub-contractor activities and administers subcontractor deliverables and finances.
11. Develops, reviews, and approves plans, schedules, consulting agreements and other program documents.
12. Prepares and provides various reports and technical reviews to senior management as requested.
13. Ensures compliance with relevant corporate and government policies and standards.
14. Participates in special projects as required.
15. Proposes IT policies, standards, and procedures related to information systems security.
16. Manages the detection, response, mitigation, and reporting of cyber threats
17. Maintains an understanding of the current vulnerabilities, response, and mitigation strategies used in cyber security operations
18. Directs all phases of planning and accomplishment of the information systems security functions and activities of the project and recommends final decisions on most policy matters.
19. Manages the development of the ISS documentation development, determines allocation of resources and needs across the tasks of the projected in accordance with ISS program goals and objectives.
20. Provides security expertise in Windows, Linux/Unix operating systems
21. Provides support configuring and managing Security Information Event Management (SIEMs), Firewalls, Network Intrusion Detection System (NIDS) and Host Intrusion Detection Systems (HIDS) , Proxies, and Active Directory (Group Policy)
22. Directs his team in the production of detailed documentation including architecture reference model, data flow, physical and logical diagrams
23. Designs, advises and implements security network, system, controls, monitoring and configuration management tools in a cloud computing environment
24. Directs the assessment of information systems to ensure that appropriate security functions have been included in the systems design and architecture.
25. Establishes, monitors and evaluates the performance of information systems in support of information systems security accomplishments based on appropriate measures.
26. Audits compliance with government, and company mandates affecting information systems security and periodically benchmarks IT performance against industry costs and trends.
27. Provides threat analysis and risk management
28. Work with stakeholders to incorporate security solutions into the Software Development Life Cycle (SDLC) and architecture
29. Responsible for the efficient management and safeguarding of resources and assures internal controls meet required standards.
30. Provides analysis for correlated information sources and produces reports and briefs to provide an accurate depiction of the current threat landscape and associated risk.
31. Maintains current knowledge of relevant technology as assigned.
32. Participates in special projects as required.
33. Strong communication skills
Bachelors/ Masters Degree in in Engineering, Mathematics or Science.
Current relevant technical certifications desired (e.g., Certified Information Systems Security Professional (CISSP), MCSE, CISSP- Information Systems Security Engineering Professional (ISSEP), CompTIA Security +, CompTIA Network + and/or SANS/GIAC) strongly desired, but is not required.
PMP professional Certification preferred.
Bachelors Degree + 10 years of related experience/ Masters Degree +8 years of related experience / PHD +6 in years of related experience with data security administration, including at least supervisory 5 years of successful mid to large ($1M) program management, with proven experience managing complex information security projects. Qualified candidates must have a minimum of one year experience managing a CSIRC type operation for a government or commercial client with a staff of at least 25 persons.
Must be well versed in security concepts, principles, practices, and tools. Experience in developing and implementing security solutions, including the ongoing assessment and tracking of adherence to required security guidelines across the enterprise computing environment. Experience with operating systems architecture, security controls, hardening, testing and monitoring tools. Experience with host and network intrusion protection solutions, firewalls, log management, authentication techniques, and encryption. Proven ability to formulate security architecture recommendations and design security services. Demonstrated ability to implement technical solutions to contractual requirements supporting NIST and FISMA requirements. Experienced in assisting responses to external audits, penetration tests, vulnerability assessments, recommending and coordinating application fixes, patch management, risk assessments, and implementing security procedures in the event of a security breach.
1. At least 10 years of experience working with the Federal Aviation Administration (FAA) with excellent knowledge of the agency and the Non-National Airspace System (NAS) elements.
2. Three years network security analysis, using intrusion detection systems
3. Experience working in a network security environment, such as a Security Operations Center (SOC), Computer Emergency Response Team (CERT), Computer Incident Response Team (CIRT), Computer Incident Response Center (CIRC) or Cyber Security Incident Response Center (CSIRC).
4. Minimum of one year experience managing a CSIRC type operation for a government or commercial client with a staff of at least 25 persons.
5. Experience with Capability Maturity Models (CMM)
6. Knowledgeable of current security trends to include DHS's Continuous Monitoring (CDM) Click Here to Apply