Program Manager (Sr RMF Advisor)

An Active Public Trust Clearance is required for these positions.

Summary: Risk Management Framework and Cloud Security Operations Support Service

Key Duties:

• Serve as the primary contractor Point of Contact (POC) and single point of accountability to the Contracting Officer's Representative (COR).
• Oversee all contractual performance, deliverable quality, schedule compliance, and performance metric reporting against contract AQLs
• Provide senior-level advisory support to the NCHS ISSO/SSPO on RMF strategy, cloud security governance, FISMA compliance, and CIPSEA obligations.
• Lead coordination with CDC/CSPO, NCHS business/technical/security stewards, and HHS/OCIO personnel on information security matters.
• Direct development and on-time submission of the weekly Project Management/Status Report, Monthly RMF Status Report, Security Authorization Boundary Inventory & Strategy Report, and Annual Final Report
• Oversee EPLC security reviews, IT acquisition security reviews, and cloud migration security governance activities.
• Monitor contract performance metrics against established AQLs; escalate risks, issues, and remediation plans to the COR promptly

Manage contract staffing, subcontractor oversight, and quality assurance processes.

Qualifications:

10+ years of federal information security / RMF experience; 5+ years in a supervisory or program management lead role on federal contracts

• Demonstrated experience managing federal RMF/FISMA compliance programs at the enterprise level within complex multi-system environments.
• Deep knowledge of NIST SP 800-37 (RMF), 800-53/53A, 800-30, 800-18, OMB Circular A-130, FISMA, CIPSEA, and applicable HHS/CDC security policy.
• Experience with HHS Enterprise Performance Lifecycle (EPLC), SA&A processes, and cloud security governance in federal civilian environments.
• Strong written and verbal communication skills; proven ability to brief senior Government officials and produce independently accepted deliverables.
• Demonstrated ability to manage multiple concurrent assignments and meet 100% on-time delivery requirements

Certifications:

• Certified Information Systems Security Professional (CISSP) — strongly preferred
• Certified Authorization Professional (CAP / ISC²) — preferred
• Certified Information Security Manager (CISM) — preferred
• Project Management Professional (PMP) — preferred for program management role
• Certified Cloud Security Professional (CCSP) — a plus