Sr. IT Project Manager – Cybersecurity Compliance

About The Position

Requirements

• Must be eligible for a Public Trust clearance. An active Treasury Minimum Background Investigation (MBI) is required or must be obtainable. Active MBI is strongly preferred.
• Active PMI Project Management Professional (PMP) certification – REQUIRED.
• Active ISC2 Certified Information Systems Security Professional (CISSP) certification – REQUIRED.
• Minimum of 10 years of IT Project Management experience, with at least 5 years managing cybersecurity compliance programs in a federal government environment.
• Demonstrated experience managing FISMA compliance programs, including A&A activities, SSP development, SAR preparation, and POA&M tracking for federal information systems.
• In-depth working knowledge of NIST Special Publications, including SP 800-37 (RMF), SP 800-53 (Security and Privacy Controls), SP 800-137 (Continuous Monitoring), and related FIPS publications.
• Experience overseeing IT General Controls (ITGC) assessments in support of Financial Statement Audits and A-123 compliance reviews.
• Proven ability to manage Time & Materials (T&M) and Firm-Fixed-Price (FFP) contracts, including financial management, staffing, and performance reporting.
• Awareness of Federal Acquisition Regulation (FAR), Treasury Acquisition Regulation (TAR), and federal contracting compliance requirements.
• Familiarity with Treasury Directives and Publications along with Treasury Security policies governing cybersecurity across Treasury bureaus.
• Experience with GRC tools and platforms (e.g., Archer, CSAM, XACTA, ServiceNow GRC) for managing system authorization packages and continuous monitoring workflows.
• Strong analytical and problem-solving skills with the ability to manage multiple competing priorities, complex issues, and high-priority deadlines.
• Demonstrated ability to effectively communicate with senior and executive-level government officials, both verbally and in writing.
• Proficiency in preparing professionally formatted deliverables using Microsoft Office Suite (Word, Excel, PowerPoint, Visio).
• Willingness to work onsite at the customer’s facility in Washington, DC as required per contract.

Nice To Haves

• Experience managing cybersecurity programs at U.S. Department of the Treasury bureaus (e.g., IRS, OCC, FinCEN, BFS).
• Knowledge of industrial control systems (ICS) / operational technology (OT) cybersecurity standards (e.g., NIST SP 800-82) relevant to Treasury bureau operations.
• Familiarity with FedRAMP authorization processes for cloud-hosted systems.

Responsibilities

• Direct and manage all cybersecurity compliance deliverables and milestones in accordance with the Treasury Cybersecurity Compliance Contract, ensuring adherence to scope, schedule, and budget.
• Serve as the primary point of contact (POC) for the Contracting Officer’s Representative (COR) and Treasury customer leadership on all project management and cybersecurity compliance matters.
• Lead the execution of the NIST Risk Management Framework (RMF) across Treasury information systems, including categorization, security control selection, implementation, assessment, authorization, and continuous monitoring.
• Oversee the preparation, review, and submission of Assessment and Authorization (A&A) packages, System Security Plans (SSPs), Security Assessment Reports (SARs), and Plans of Actions and Milestones (POA&Ms).
• Manage FISMA annual reporting requirements, including coordination of performance metrics, system inventory updates, and compilation of the annual FISMA report to Treasury.
• Direct cybersecurity compliance activities related to OMB Circular A-123 internal controls assessments and coordinate with internal and external auditors during IT General Controls (ITGC) audit engagements.
• Establish and maintain program management infrastructure including project plans, resource allocation, integrated master schedules (IMS), risk registers, and status reports.
• Provide oversight and coordination of Continuous Monitoring activities, including vulnerability scanning, configuration management, and security control testing.
• Lead transition-in and transition-out phases throughout the contract lifecycle, ensuring continuity of cybersecurity operations and seamless handoffs.
• Identify, assess, and communicate program risks and issues to stakeholders; develop and implement mitigation strategies to protect contract performance.
• Exercise broadly delegated authority for planning, directing, coordinating, and executing multiple contract requirements and expectations including management of both APTNEXUS staff and subcontractors.
• Deliver high-quality, on-time contractual deliverables including status reports, briefings, and technical documentation for executive and senior government leadership.
• Provide thought leadership on cybersecurity compliance best practices, federal regulatory changes, and emerging risk areas affecting the customer’s cybersecurity posture.
• Facilitate regular program reviews, stakeholder meetings, and executive briefings, communicating complex cybersecurity topics clearly to both technical and non-technical audiences.