Senior Project Manager II (FedRAMP)

About The Position

Requirements

• 5+ years experience leading technical projects, with a significant portion of that time focused specifically on information security or cloud infrastructure.
• Possess a deep understanding of Agile and Scrum methodologies, allowing you to manage security sprints and adapt to rapidly changing priorities.
• Proficiency in Waterfall project management is required for long-term infrastructure deployments that require rigid sequencing and fixed milestones.
• Skilled in Kanban workflows to visualize security operations tasks and optimize the flow of work for the Engineering team.
• Experience with Lean Six Sigma principles is highly valued for streamlining complex security processes and eliminating operational waste.
• Adept at Critical Path Method (CPM) analysis to identify the most efficient timeline for high-stakes security remediation projects.
• A strong grasp of the Software Development Life Cycle (SDLC) is essential for integrating security checkpoints into the continuous integration/continuous deployment (CI/CD) pipeline.
• Competent in Resource Capacity Planning to ensure the Infosec team is not over-leveraged across multiple global initiatives.
• Knowledge of Change Management frameworks is vital to ensure that security updates do not disrupt the production environment of our SaaS products.
• Demonstrate advanced proficiency in Jira, specifically in creating custom workflows, boards, and automation rules for security tracking.
• Highly skilled in using Google Sheets for complex data manipulation, pivot tables, and real-time project financial tracking.
• Expertise in Google Docs and Slides is necessary for drafting high-quality executive summaries and security posture presentations.
• Comfortable navigating configuration dashboards, such as the Amazon Web Services (AWS) console, which aggregates key metrics, logs, and data from various AWS services (e.g., CloudWatch) to track the status of infrastructure-based security projects.
• Familiarity with Vulnerability Management tools (e.g., Tenable, Qualys) is important for understanding the technical data generated by the Operations team.
• Experience using Slack for real-time incident coordination and cross-departmental project communication is essential.
• Foundational understanding of Cloud Security Posture Management (CSPM) to better manage projects related to cloud misconfigurations.
• A working knowledge of Identity and Access Management (IAM) protocols, such as SAML and OAuth, is required to manage authentication initiatives.
• Understand the technical requirements of Zero Trust Architecture to effectively lead the transition toward a perimeter-less security model.
• Partner with Platform and DevOps TPMs to weave security tasks into existing backlogs, ensuring alignment on shared engineering capacity and priorities.
• Maintain a high-velocity cadence focused on reducing Mean Time to Remediate (MTTR) and aggressively unblocking technical stalls.
• Break complex mandates into "Minimum Viable Controls" to deliver immediate risk reduction while long-term architecture is finalized.
• Drive momentum in ambiguous situations by identifying and executing the immediate 10% of work that moves the needle forward today.
• Specialized training in Agile/Scrum (e.g., CSM or PMI-ACP) is beneficial given the fast-paced nature of SaaS delivery cycles and sprint-based security remediations.
• Demonstrate a history of training in Global Compliance standards, such as SOC 2, GDPR, or HIPAA, to support our GRC team’s objectives effectively.
• Familiarity with the NIST Cybersecurity Framework (CSF) or ISO 27001, gained through formal training or practical application, is essential.
• Prior experience or certification in Cloud Security (e.g., CCSP or AWS Certified Security) will be a major differentiator, ensuring you can manage technical dependencies within our cloud-based ecosystem.

Nice To Haves

• Bachelor’s degree in Computer Science, Information Technology, Management Information Systems, or a closely related business field.
• An active Project Management Professional (PMP) certification from the Project Management Institute (PMI). This PMP requirement ensures you have a verified mastery of the PMBOK Guide standards, including project initiation, planning, execution, and closing processes.
• In addition to the PMP, advanced cybersecurity certifications such as CISSP (Certified Information Systems Security Professional) or CISM (Certified Information Security Manager) are highly preferred to demonstrate technical depth.
• Active, transferable U.S. Security clearance at the Public Trust level or higher preferred.

Responsibilities

• Lead the end-to-end planning and execution of high-priority cybersecurity projects from initial discovery through final closure.
• Maintain direct reporting lines to the Technical Project Management (TPM) team while upholding dotted-line accountability to the Infosec leadership.
• Facilitate regular synchronization meetings to ensure project milestones remain aligned with the overarching global security strategy.
• Manage the communication of security project roadmaps and progress updates to both executive leadership and various business units.
• Serve as the primary advocate for security-by-design principles, ensuring they are integrated into every technical project lifecycle across the organization.
• Partner closely with the Global Cybersecurity GRC team to ensure all projects adhere to internal policies and international regulatory standards.
• Responsible for documenting and tracking project alignment with frameworks such as FedRAMP, HITRUST, ISO 27001, SOC 2, and PCI.
• Support the GRC team during internal and external audits by providing comprehensive project documentation and evidence of control implementation.
• Manage the lifecycle of risk remediation projects, ensuring that identified vulnerabilities are addressed within established SLAs.
• Collaborate with compliance analysts to refine project requirements based on evolving global data protection laws.
• Work in tandem with the Global Cybersecurity Operations and Engineering team to deploy advanced defense tools.
• Coordinate technical resources to implement infrastructure upgrades, such as firewall refreshes and endpoint protection enhancements.
• Manage the scheduling and prioritization of security patches and vulnerability remediations across cloud environments.
• Oversee projects related to Identity and Access Management (IAM) and Zero Trust architecture implementation.
• Support the Incident Response team by managing post-incident remediation projects and the acquisition of new forensic capabilities.
• Expected to develop and maintain detailed project plans, including resource allocation, budget tracking, and critical path analysis.
• Identify, log, and mitigate project-related risks that could potentially impact the company’s operational resilience.
• Monitor project performance against key performance indicators (KPIs) and report any variances to the TPM and Infosec management.
• Manage relationships with third-party security vendors to ensure that all deliverables meet contractual and technical specifications.
• Facilitate post-implementation reviews to capture lessons learned and continuously improve the efficiency of the security project management process.
• Perform other duties and responsibilities as required, assigned, or requested. Consensus reserves the right to add or change duties at any time.

Benefits

• annual performance bonus
• ESPP
• enhanced time off packages
• benefits