ISSO PROJECT MANAGER (PM)

About The Position

Requirements

• Must have at least 10 years of experience managing IT Security programs with Information System Security Officers (ISSOs) for a minimum of 2,000+ users, 8,000+ assets, and numerous tools.
• Must have experience at least 5 years of experience leading teams, minimally, of 10 direct reports: and developing, implementing, and managing project schedules.
• Must have the ability to manage multiple projects, work under pressure and tight deadlines, work independently, and work in a team environment.
• Must have the ability to effectively communicate both orally (in common English narration) and in writing (to include technical documentation).
• Must have the ability to manage multiple projects, work under pressure and tight deadlines, work independently, and work in a team environment.
• Possess the ability to explain and breakdown technical details, and solutions to executive management and not technical parties - ability to explain the true business impact.
• Good understanding of network protocols, design, and operations.
• Strong analytical skills and efficient problem solving.
• Experienced writing security related procedures and guidelines.
• Experience with NIST Special Publications and guidance.
• Excellent report development and presentation skills.
• Strong problem solving and analysis skills, self-motivated, and able to work and communicate in a team environment.
• Proficient in Microsoft® Office suite to include MS Project, and other office automation products.
• Minimum of Bachelor's degree in Computer Science, IT, Engineering, or similar fields. Years of experience will be taken into consideration, in place of a degree.
• Years of experience may be substituted in lieu of a degree.
• At least one (1) IT Security certification for IAT II or IAT III, referenced in the DoD Approved 8570 Baseline Certification list, AND
• One (1) IT Security certification for IAM III referenced in the DoD Approved 8570 Baseline Certification list.
• A single industry certification may satisfy both requirements per the list.
• Public Trust
• Must be a United States citizen.

Nice To Haves

• Additional certifications preferred are:
• PMI PMP; and ITIL

Responsibilities

• Provide day-to-day management of the ISSO Team, develop project schedules, reports, and briefings in accordance with the contract requirements.
• Provide primary accountability to ensure the task orders receives the appropriate support and resources required to deliver quality results.
• Provide strategic direction, vision, leadership, and management to the team(s) assigned to the task order.
• Contribute to organizational direction through regular involvement with client leadership and team members.
• Maintain productive and effective client relationship with the most senior levels of the client organization.
• Manage numerous project schedules simultaneously.
• Develop, maintain and update project management plans, project schedules, and an Integrated Master Schedule (IMS).
• Develop, maintain and update Quality Assurance Surveillance Plans (QASP).
• Conduct assessments of threats and vulnerabilities, determine deviations from acceptable configurations, enterprise, or local policy, assess the level of risk, and develop and recommend appropriate mitigations.
• Ensure ISSO team meets contract requirements and client established KPI's and performance metrics.
• Provide risk analysis for vulnerabilities, incidents and change requests and advise on the impact of new or changing applicable federal policy changes.
• Conduct research and present analyses to evaluate and/or determine emerging industry technology trends, government agency best practices, and security issues.
• Determine security requirements by evaluating strategies / requirements; research IT security standards; conduct security and vulnerability analyses and risk assessments; review architecture/platform; identify integration issues; prepare cost estimates.
• Provide expertise and guidance to OCIO on DevSecOps / secure development, operational systems, and enhancements in support of the client's mission.
• Assist business owners, system owners, and system engineers with selecting and implementing controls that maintain a high level of security and protect patron privacy.
• Monitor and ensure compliance with standards, policies, and procedures; support IR activities; develop and conducting training programs.
• Prepare security reports by collecting, analyzing, and summarizing data and trends.
• Enhance company and client's reputation by accepting ownership for accomplishing new and different requests, exploring opportunities to add value to job accomplishments.
• Lead ISSOs for assigned systems in accordance with NIST RMF, FISMA, agency policy, directives, Zero Trust and cybersecurity requirements.
• Ensure quality requirements are met for system security documentation development and maintenance, including SSPs, Security Assessment Packages (SAP), SARs, POA&Ms, and continuous monitoring artifacts.
• Ensure all systems maintain ongoing authorization by implementing continuous monitoring, monthly artifact updates, vulnerability remediation, log review oversight, and risk tracking.
• Collaborate with technical teams to ensure security requirements are incorporated into system design, enhancements, and operational changes.
• Support audit readiness, respond to IG/OIG inquiries, and manage external assessment requests.
• Provide expert guidance on NIST SP 800-53, 800-37, 800-30, 800-137, 800-61, Zero Trust Architecture (800-207), and CISA Zero Trust Maturity Model.
• Manage project risks, issues, dependencies, timelines, and reporting across the lifecycle.
• Prepare and deliver weekly, monthly, and quarterly program status reports, dashboards, and executive briefings.