Program Manager

About The Position

Requirements

• Minimum ten (10) years of progressively responsible program or project management experience, including at least five (5) years leading federal IT or cybersecurity programs with multiple stakeholders and cross-functional delivery teams.
• Minimum five (5) years of hands-on experience with FISMA compliance, NIST RMF, and federal security documentation (SSP, POA&M, SAR, PIA) in a civilian federal agency environment.
• Bachelor’s degree in Information Technology, Cybersecurity, Business, or a related discipline required; in lieu of a degree, fourteen (14) years of progressively responsible experience as described above.
• PMP (Project Management Professional) – Active, required.
• CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional), or CAP (Certified Authorization Professional) – at least one required.
• Demonstrated ability to manage contractor-side program execution, including staffing oversight, deliverable management, and FPM/COR coordination on a federal task order.
• Working knowledge of HHS/NIH security policy, including HHS ARS, NIH ISRM policies, and OMB M-21-31 logging and auditability requirements.
• Experience developing and maintaining NIST RMF documentation packages for civilian federal systems; familiarity with NIH RMF templates is a plus.
• Ability to communicate technical compliance requirements clearly to non-technical stakeholders, including written briefings, training materials, and executive summaries.
• Demonstrated experience operating in a multi-task contract environment where competing priorities must be managed concurrently.
• Must be able to obtain and maintain the applicable NIH/HHS Public Trust or clearance level prior to beginning work.
• Must complete all required HHS/NIH Contractor Information Security Awareness, Privacy, and Records Management training before performing work under the contract, and annually thereafter.
• Must comply with NIH Rules of Behavior for contractors and sign the applicable acknowledgment before accessing any Government data, systems, or networks.

Nice To Haves

• Master’s degree in Information Technology, Cybersecurity, or a related discipline.
• Prior experience supporting HHS, NIH, or NCATS programs, or other biomedical research agencies with complex IT security environments.
• Familiarity with FedRAMP authorization processes and cloud security requirements for federal systems.
• Experience producing FIPS-199 categorization packages and supporting ATO submissions in a civilian HHS/NIH environment.
• Experience with federal security training development and delivery, including role-based training programs under HHS policy.

Responsibilities

• Serve as the primary contractor point of contact for the FPM and COR; support overall administration of the CSS contract and all task areas under it.
• Develop and maintain program administration tools, including onboarding/offboarding tracking, staffing plans, org charts, and reporting dashboards with automated pipelines where applicable.
• Coordinate and communicate across all contractor staff and subcontractors; notify the CO and COR of any contract employee termination or resignation within five (5) business days.
• Provide periodic and ad-hoc reports related to contract execution, task status, and performance measures; support FPM quarterly briefings and data calls from NIH, HHS, and oversight bodies.
• Manage risk through a risk registry and risk management plan; track open action items and drive issue resolution with contractor staff and Federal task leads.
• Support the full task lifecycle, including requirements development, task initiation, execution oversight, and closeout in coordination with FTLs.
• Support FISMA compliance across NCATS information systems by advising project teams on NIST SP 800-53 Rev 5 control implementation throughout the SDLC.
• Develop and maintain compliance documentation, including written technical guidance, control implementation review summaries, and data call responses for NIH ISRM, HHS, and OMB requirements.
• Maintain a centralized knowledge management repository covering SOPs, security artifacts, process documentation, and training materials for contract staff and NCATS stakeholders.
• Coordinate and deliver security training and awareness activities for NCATS staff, system owners, and project teams; develop written materials, job aids, and reference guides in support of training programs.
• Monitor evolving federal security policy (Zero Trust, OMB M-21-31, HHS ARS, NIH ISRM) and update internal guidance and training content accordingly.
• Support collaborative problem-solving between contractor staff and Government stakeholders; facilitate knowledge transfer to maintain continuity of service during transitions.
• Guide system developers, engineers, and project stakeholders through NIST RMF phases (Prepare, Categorize, Select, Implement, Assess, Authorize, Monitor) for NCATS information systems.
• Develop, maintain, and refine core RMF artifacts in accordance with NIH templates and HHS ARS requirements: System Security Plan (SSP) and supporting artifacts Security Assessment Plan (SAP) and Security Assessment Report (SAR) Plan of Action and Milestones (POA&M) Continuous Monitoring Strategy Privacy Impact Assessment (PIA) support documents
• Produce and maintain FIPS-199 system categorization packages, control baseline tailoring documentation, and control mapping matrices (system functions to NIST 800-53 Rev 5 controls).
• Coordinate with system owners and the NCATS security team to prepare and submit ATO packages; support FedRAMP compliance where applicable.
• Provide privacy control implementation support, including data flow diagrams with integrated privacy requirements and data call responses for HHS/NIH privacy compliance.
• Integrate A&A advisory support into each SDLC phase; produce written recommendations and control implementation guidance per development iteration.
• Establish and maintain stakeholder engagement processes for contractor deliverables; manage routing and acceptance cycles with the NCATS Branch Chief, Federal leads, CO, and COR.
• Track Government review timelines; manage resubmission timelines and communicate status proactively to Federal leads.
• Develop and maintain SOPs supporting federally mandated cybersecurity and privacy policies; ensure SOPs remain current with applicable NIH and HHS policy changes.
• Respond to data calls and security inquiries from NCATS, NIH, HHS, and other oversight bodies in coordination with the Federal Program Manager.