Job Specifications
Job Description
As required by our governmental client, this position requires an active Public Trust to be considered.
A government contract requires that this position be restricted to U.S. citizens or legal permanent residents. You must provide documentation that you are a U.S. citizen or legal permanent resident to qualify.
As a Program Manager supporting a federal department OCIO, you will be responsible for managing cybersecurityprojects of various levels of risk and complexity. This role includes providing leadership, project oversight, and subject matter expertise for cybersecurity operations and information assurance activities.You will serve as the primary customer contact and be responsible for management, coordination and optimizing your team's performance. Responsible for oversight of program/project budget and schedules. You will collaborate with cross-functional teams to implement processes that improve operational efficiency and support the department's mission.
Compensation & Benefits
Estimated Starting Salary Range for Program Manager: Pay commensurate with experience.
Full time benefits include Medical, Dental, Vision, 401K, and other possible benefits as provided.Benefits are subject to change with or without notice.
Program Manager Responsibilities Include
Provide project oversight, coordination and management for each work task as required.
Develop and maintain a project plan(s) and schedules to support activities; project plan status reports shall follow a review schedule to track project progress, finances, risk and/or issues, status and resolutions.
Provide management and cybersecurity support following the Agile engineering model, focusing on delivery while supporting change and adhering to existing processing standards i.e. National Institute Standards and Technology (NIST) Special Publications, Binding Operating Directive, Executive Orders and mandates.
Provide Weekly Status Reports documenting activities of the previous week and identifying planned sprint activities for the following months. The reports must include, at a minimum, the following information:
Overview of work completed, in progress, and planned for each task, by subtask.
Personnel, labor categories and hours expended on each task, by subtask.
Status of individual deliverables and all planned activities for each task, by subtask.
Identification of risk areas with recommended remedial actions.
Status of all issues and risks identified during previous week's status reports.
Your team will be responsible for:
Provide support to the continuous monitoring process, assessing and evaluating Information System (Hardware and Software) inventory to detect vulnerabilities, identifying critical and high weakness via insecure application development techniques, inherited controls from Common Control Provider including FedRAMP cloud service providers (CSP), networked enclaves, and provide remediation or corrective actions to improve the security posture.
Provide support in tracking and ongoing evaluation of weakness, vulnerabilities in the agency's Continuous Diagnostic and Mitigation (CDM), other identified security tool suite or other detection reports, issued corrective action plans, re-mediating addressing issues affecting the security posture of applications information system infrastructure.
Provide cybersecurity expertise to support cybersecurity in the System's Development Life Cycle (SDLC) process, including supporting processing for requirements review in development phases (Agile, Spiral, DEVSECOPS or Waterfall model), annual Security Assessment and Authorization (SA&A), and Information System Continuous Monitoring (ISCM).
Develop / update information system's data for Privacy Impact Assessments (PIAs), Privacy Threshold Analyses (PTAs), and System of Record Notices (SORNs). This includes interfacing/coordinating with the System Owner (SO) that originates/has responsibility for the document to ensure the PIA/PTA/SORN contains appropriate information to be approved/adjudicated by the Privacy Office for inclusion in System Authorization package.
Assist the System Owner, Information Owner, Component Privacy Officer and Information System Security Manager (ISSM) in recording all known security weaknesses of assigned information systems in the Plans of Action and Milestones (POA&M's) in accordance with Federal policy, guides and procedures.
Develop Draft Plan of Action and Milestones (POA&M) for observed control level deficiencies or gaps control implementation(s) in accordance with the Department's policy, guides and procedures.
Conduct quality assurance reviews of existing POA&Ms to ensure completeness, accuracy and identified solutions are cost effective.
Support the information system contingency planning process in accordance with NIST SP 800-34 Revision (Current), Guide to Test, Training and Exercise Programs for Information Technology Plans and Capabilities and ensure contingency plan test exercises results
About the Company
Cherokee Federal, a division of Cherokee Nation Businesses, is a trusted team of government contracting professionals who can rapidly build innovative solutions. We work around the globe to help solve issues in national security and intelligence, information technology, health solutions, DoD logistics and humanitarian relief. Our businesses serve the Cherokee Nation tribe, where 100% of our profits support building a brighter future for tribal citizens.
Know more