RCG is a growing federal contracting company and Certified™ as a Great Place to Work®. We are looking for strongly qualified people to support our clients. This is a PROPOSAL EFFORT. We are currently seeking a Deputy Program Manager (DPM) to lead the IT Security team, to include the Program Management Office (PMO) team, in support of Cybersecurity Operations at our Government client site in Suitland, MD (this will be a Hybrid position).
Due to security requirements, all successful candidates will be a U.S. Citizen or Lawful Permanent Resident and be able to successfully pass the required background check.
Job Responsibilities/Duties (not limited to):
The main responsibilities of the DPM are providing central oversight and support of multiple teams of security professionals, coordinating large-scale projects, coordinating data call responses, managing a team of security professionals, planning and delivering reports/presentations to the government customer, along with other duties as they arise.
The successful candidate shall demonstrate the ability to lead the PMO team in achieving the following specific goals:
A) Provide quality review of Plan of Action and Milestones (POA&M) artifacts that are submitted for closure by the ISSOs;
B) Provide timely feedback for remediating artifacts and avoiding repeat POA&M findings, while exceeding POA&M on-time closure rate of 90%; and
C) Perform internal Security Test and Evaluations (ST&E) for the most important security controls and ad-hoc significant changes in addition to fielding the annual independent Security Control Assessments for all security controls provided by another vendor, while maintaining a schedule for updating IT Security documentation (Policies and Procedures, IR Plan, CM Plan, POA&M Standard Operating Procedures (SOPs) and other site- wide SOPs).
- Provide security program management policies, processes, procedures, and standards.
- Develop and apply enterprise-level security procedures, checklists, and program metrics.
- Communicate changes to security requirements to all necessary parties.
- Ensure compliance with downward directed enterprise security policies, procedures, checklists, and requirements.
- Manage security awareness & training support.
- Manage production and delivery of training documentation on new security products and/or applications to client-specified Government and Contractor employees.
- Oversee development and update of the Security Education, Training, and Awareness (SETA) plan and publish semi-annually.
- Track completion of required annual Role-Based Security Training for client personnel (Government, Contractor and Partner) and ensure training is completed 30 days before the required deadline.
- Maintain electronically, security training status for all client personnel.
- Provide executive support to the client Cybersecurity Division Manager.
- Prepare briefing material, talking points, and conduct dry runs for quarterly Authorizing Official (AO) briefings (as required) and annual ATO briefings for FISMA systems and record and track action items.
- Generate ad-hoc reports and metrics upon request and maintain the PMO tracker.
- Collect documentation and provide project management and other support needed for the annual penetration testing and High Value Asset (HVA) testing (if required).
- Prepare and disseminate security-related status reporting 24 hours before meetings
- Manage quality control support for all deliverables before the Government conducts Quality Assurance.
- Provide quality controls to include technical editing according to Government policy as well as the client IT Security Handbook.
- Review security core documentation
- Provide quality control reviews of POA&M artifacts before closure including a POA&M closure report attached to the client QA milestone.
- Provide Internal Security Test and Evaluation (ST&E) annually and ad hoc for significant changes using NIST 800-53A and other Government standards.
Requirements:
- US Citizenship with the ability to obtain a SECRET clearance is minimally required.
- Requires BS/BA in appropriate field (or equivalent) and 8 to 10 years' experience, as well as a current Project Management Professional (PMP) certification.
- Eight (8) or more years directly related to Cybersecurity.
- Excellent English language communication skills, both verbal and written.
- Must be able to work in hybrid work environment including both on-site and telework.
Desired:
- ArcSight;
- Tenable SecurityCenter/Nessus;
- WebInspect;
- IBM BigFix Suite;
- Tripwire Enterprise and Log Center;
- Nipper Studio;
- Altiris (legacy);
- FireEye
- CSAM;
- AWS, Azure and GCP native security tools;
- Splunk;
- IBM QRadar;
- Fortify; and
- Diagrams.net (future); and
- Elastic SIEM (future).
Physical Demands: Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.
RCG, Inc. does not discriminate against qualified individuals based on their status as protected veterans or individuals with disabilities and prohibits discrimination against all individuals based on their race, color, religion, sex, sexual orientation/gender identity, or national origin.