Program Manager - FDIC Enterprise DevSecOps

About The Position

Requirements

• Bachelor's degree (BA/BS) in a technical or business discipline. A technical degree (Computer Science, Information Systems, Engineering, or related field) is preferred.
• In lieu of degree, additional experience may be required.
• Must be able to obtain and maintain a Public Trust clearance.
• 8+ years of program or project management experience in IT or technology services delivery (or a Master's degree with 6+ years).
• 4+ years of experience directly leading or supervising multi-disciplinary teams or projects in a program or project management capacity.
• Current experience (typically within the past 1-2 years) managing a federal IT program under a Firm-Fixed-Price (FFP) contract, including P&L accountability, burn rate tracking, and deliverable schedule management.
• Current experience (typically within the past 1-2 years) as program manager or delivery lead for a large, complex enterprise DevSecOps or CI/CD program, including complex coordination across multiple parallel Agile/Scrum teams.
• Current experience (typically within the past 1-2 years) as the prime client interface to a Federal Contracting Officer, COR, or Technical Monitor; accountable for all contractual communications and performance reporting.
• Current experience (typically within the past 1-2 years) managing SLA-driven delivery with formal monthly or quarterly performance reporting to the government client.
• Experience representing a program at formal Federal IT governance bodies, including change control boards, enterprise architecture review, or equivalent governance processes.
• Working familiarity with modern DevSecOps toolchains: GitHub Enterprise Server or GitHub Cloud, CI/CD pipeline frameworks (GitHub Actions or equivalent), and artifact/security scanning concepts (SAST, SCA, DAST, container scanning).
• Sufficient depth to engage credibly with engineering leads and translate technical risks into program-level reporting.
• Familiarity with ServiceNow or equivalent ITSM platform as the system of record for service requests, incident management, and SLA tracking in a federal environment.
• Working knowledge of FISMA moderate compliance requirements and NIST 800-53 control families as they affect program delivery timelines and security gate enforcement.
• As a named Key Personnel position, the candidate must be available to participate in client presentations conducted via Microsoft Teams.

Nice To Haves

• 8+ years of federal IT program management experience, given the scale and complexity of the FDIC DevSecOps program (large enterprise application portfolio, multiple active CI/CD pipelines, multiple parallel Agile teams).
• SAFe Program Consultant (SPC) or SAFe Agilist (SA) certification.
• ITIL v4 Foundation or higher; ITIL service management experience in a large federal IT environment.
• Direct FDIC, FFIEC-member agency, or federal financial-sector IT program management experience.
• Experience managing a program targeting CISA Zero Trust Maturity Model (ZTMM) 2.0 Optimal or OMB M-22-09 Zero Trust compliance roadmap.
• Experience at self-managed scale with FDIC toolchain components: GitHub Enterprise Server (self-managed), JFrog Artifactory/Xray, SonarQube, and Aqua Security (operating, not just consuming as SaaS).
• Experience with hybrid estates spanning Azure (AKS, ACR, Key Vault, App Gateway), AWS, and legacy mainframe (z/OS/Endevor) or middleware (WebLogic, WebSphere, Oracle) environments.
• Familiarity with FDIC Directive 1300.07 IT governance framework.
• Experience with Post-Quantum Cryptography (PQC) readiness planning (FIPS 203/204/205) or FIPS 140-2/3 compliance in a federal program context.
• Master's degree in a technical or business discipline.
• Experience with CyberArk Privileged Access Management in a federal DevSecOps environment.
• Familiarity with Azure Monitor, Splunk, and DynaTrace for SLA/availability monitoring and executive reporting.
• Prior Key Personnel designation on a federal IT contract with a successful performance period.

Responsibilities

• Serve as the single point of accountability to the FDIC Oversight Manager, Technical Monitor, and CO; own all contractual communications, deliverables, and performance reporting (REQ-C-217).
• Maintain program performance at or above SLA thresholds: >99.5% availability for Mission Essential/Critical systems; Critical/High vulnerability remediation <=30 days; Moderate <=90 days.
• Lead monthly Service Level Performance (SLP) reporting, including ServiceNow ticket trend analysis, pipeline health metrics, and security gate compliance data.
• Represent the program at FDIC governance bodies: CCB, enterprise architecture and change governance board (EA fitness gate), and OCISO engagements; manage action items and ensure program inputs meet required timelines.
• Oversee the onboarding and background-investigation pipeline for all staff; coordinate trust determinations with client Security to eliminate delivery gaps due to access delays.
• Direct multiple parallel Agile/Scrum project teams covering pipeline engineering, application security, platform operations, QA automation, and service desk functions; maintain a unified program backlog and sprint cadence aligned to FDIC priorities.
• Coordinate delivery across a hybrid estate: Azure (AKS, ACR, App Gateway, Key Vault), AWS, on-premises WebLogic/WebSphere/Oracle, z/OS mainframe (Endevor), and SaaS platforms (MuleSoft, Appian, Salesforce, Power Platform).
• Manage surge labor provisions under the FFP structure; forecast headcount needs against ServiceNow ticket volume trends and planned application onboarding.
• Track program risks, issues, and decisions in the program risk register; escalate blockers to FDIC leadership with mitigation options ready at the time of escalation.
• Ensure version strategy compliance (n/n-1) across toolchain components and coordinate upgrade windows with the client's CIO organization and impacted application teams.
• Translate FDIC IT governance requirements (FDIC Directive 1300.07, FISMA moderate, NIST 800-53/800-37/800-88/800-207, OMB M-22-09) into program controls, training requirements, and staff accountability frameworks.
• Monitor enforcement of BLOCKING security gates across the SDLC: secrets scan and peer review (Develop); SAST/SCA on Critical/High and IaC scan on Critical (Build); DAST on Critical (Test); container scan on Critical/High and SonarQube quality gate (Release).
• Manage the program's participation in the FDIC FISMA annual assessment cycle, continuous monitoring via Splunk and DynaTrace, and ISSM/ISSO-driven remediation efforts.
• Oversee GitHub Advanced Security (GHAS)/CodeQL pipeline integration health, GitHub Copilot (SaaS) rollout governance, and JFrog Artifactory/Xray and SonarQube license and capacity planning.
• Interface with FDIC OCISO and ISSM/ISSO on PQC readiness (FIPS 203/204/205), CyberArk secrets management operations, and Section 508 compliance milestones.
• Own program P&L for an FFP contract; track burn rate, EAC, and labor utilization monthly; identify variance root causes and recommend corrective actions to Leidos program leadership.
• Build and maintain staffing plans, transition/onboarding schedules, and Key Personnel availability records to satisfy FDIC Key Person substitution notification requirements.
• Coordinate with Leidos Recruiting and Subcontract Management to fill surge and backfill positions within FDIC security clearance lead times; maintain continuity of service with no SLA gaps.
• Prepare and present program reviews, QBRs, and ad-hoc executive briefings to Leidos and FDIC leadership.
• Drive the FDIC's DevSecOps maturity roadmap from current Level 2 toward Level 3 and beyond; own the maturity assessment schedule and present progress quarterly.
• Champion pipeline automation expansion (target: more than 1,000 active CI/CD pipelines) and application onboarding into the GitHub Enterprise/Cloud ecosystem.
• Identify process improvement opportunities in ServiceNow-based ticket workflows; reduce mean time to resolve (MTTR) and improve first-contact resolution rates.
• Establish and maintain program knowledge management artifacts (runbooks, SOPs, lessons learned) to reduce key-person dependency and ensure institutional continuity.

Benefits

• competitive compensation
• Health and Wellness programs
• Income Protection
• Paid Leave
• Retirement