Deputy CISO (Program)

About The Position

Requirements

• Bachelor's degree in Cybersecurity, Information Assurance, or related field (or equivalent experience).
• 10+ years of progressive experience in information security, including GRC leadership roles.
• Proven track record managing Archer GRC platforms, POA&M programs, and RMF-based compliance frameworks.
• Hands-on experience with vulnerability assessment, remediation tracking, and managing high-visibility risks in federal environments.
• Strong knowledge of NIST 800-53, NIST 800-171, and related federal guidance (FISMA, FedRAMP).
• U.S. Citizenship and eligibility to obtain a Public Trust clearance.
• Must be able to obtain and maintain a Public Trust Level 5 clearance.
• Ability to travel up to 25% of the year, if needed.

Nice To Haves

• CISSP, CISM, or equivalent certification.
• Experience working with Oracle Cloud or similar government-authorized cloud environments.
• Experience working DOD with Cerner/Oracle products.
• Experience guiding large cyber teams with governance, risk, and compliance
• Prior experience managing incident response, customer-facing security reviews, and federal audit processes.
• Familiarity with healthcare IT environments, HIPAA compliance, and Indian Health Service (IHS) systems.
• Ability to communicate and interact effectively with internal/external teams including key stakeholders and customers.
• Ability to produce high-quality documentation that contributes to the overall success of our program.

Responsibilities

• Act as the primary advisor and backup to the program CISO.
• Support the implementation of the security strategy, focusing on continuous improvement and federal compliance.
• Provide leadership on all matters related to risk posture, security governance, and authorization strategy.
• Drive all aspects of the ATO lifecycle using the Risk Management Framework (RMF).
• Lead the development, review, and submission of artifacts, including SSPs, POA&Ms, SARs, and Continuous Monitoring reports.
• Track and ensure timely delivery of Oracle-provided security documentation and artifacts.
• Collaborate directly with IHS and federal oversight bodies to meet regulatory requirements.
• Leverage deep expertise in Archer GRC to track controls, automate assessments, manage POA&Ms, and produce executive-level reporting.
• Maintain compliance with NIST 800-53, NIST 800-171, and other relevant standards.
• Oversee risk mitigation efforts, vulnerability management programs, and incident response plans.
• Guide the integration of security into SDLC and cloud/on-premise architectures, particularly Oracle Cloud Infrastructure (OCI).
• Support the development of zero-day and vulnerability response protocols, policy exception handling, and federal reporting requirements.
• Act as a security liaison across internal GDIT teams, federal stakeholders, and third-party vendors.
• Lead communication for audits, customer due diligence, and security reviews.
• Provide security briefings and updates to executive leadership and customer stakeholders.

Benefits

• Full-flex work week to own your priorities at work and at home.
• 401K with company match.
• Comprehensive health and wellness packages.
• Internal mobility team dedicated to helping you own your career.
• Professional growth opportunities including paid education and certifications.
• Cutting-edge technology you can learn from.
• Rest and recharge with paid vacation and holidays.