Program Manager with Security Clearance

ATS Job ID 23100166 Arlluk Technology Solutions, LLC, a Koniag Government Services company, is seeking a Program Manager with a Secret Clearance to support ATS and our government customer in Washington, DC. We offer competitive compensation and an extraordinary benefits package including health, dental and vision insurance, 401K with company matching, flexible spending accounts, paid holidays, three weeks paid time off, and more. Essential Functions, Responsibilities & Duties may include, but are not limited to: * Analyze agency's current cybersecurity strategic plan, operations, and challenges. Document findings and make recommendations that align with cybersecurity guidelines and best practices, including Executive Order 14028. * Support system owners and stakeholders in completing a Zero Trust maturity model assessment. * Review existing and planned cyber response technologies including EDR, VA, SIEM and logging solutions and make recommendations. * Review SDLC and current processes as it relates to Software Supply Chain Security and make recommendations. * Review ICAM program Access Controls procedures, Multifactor authentication, automated access management, Just in Time access, and encryption and make recommendations. * Deliver requirements for multi-factor authentication mapped to Digital Identity Risk Assessment. * Support development of implementation plans to support MFA across all FSA applications focusing on quick wins as part of a longer-term enterprise roadmap. * Support Mobile Application MFA Proof of Concept (PoC) solutions. * Develop enhanced Multi-Factor Authentication mechanisms to provide increased security for user authentication across multiple device platforms. * Perform technical reviews in evaluating work products and deliverables for quality, accuracy, and comprehensiveness, especially as they pertain to the security architecture domain. * Provide guidance, strategies, and techniques on encryption of data-at-rest and data movement software, including bulk application transfers into the cloud. * Review current system security measures, conduct system security and vulnerability analyses and risk assessments; recommend and support the implementation of security enhancements. * Research emerging security practices and standards threats; develop recommended threat mitigation and/or prevention strategies. * Advise and audit enterprise systems security throughout the development life cycle. * Translate technology and environmental conditions (e.g., law and regulation) into security designs and processes. * Lead the planning, design, implementation, and maintenance of cloud security solutions and IT security frameworks, including identity credential access and management (ICAM) and multi-factor authentication solutions. * Develop cloud-agnostic policies and tools while educating application teams on the security benefits of each cloud environment. * Design standards for vulnerability and penetration testing, secure network architecture design, build and implementation processes, standards and processes for intrusion detection, and processes and standards for logging and monitoring. * Develop cloud systems documentation to support compliance reporting against enterprise architectural and cybersecurity policies as well as remediate and harden cloud environments to bring them into compliance with security standards. * Create a well-informed security architecture strategy that ensures alignment with technology standards, frameworks, and information security standards and requirements. * Evaluate business requirements and design secure technical solutions that balance business requirements with technical and cybersecurity requirements. * Evaluate cloud applications, hardware, software, IT architectures, and technology platforms; identifies integration issues; analyzes costs and benefits of security solutions and prepares cost estimates. * Augment security practices sustaining an integrated Enterprise Architecture to develop and maintain operational, technical, infrastructure and application systems security architectures. * Monitor and assess systems to ensure compliance to standards, policies, and procedures, including NIST Special Publications, FISMA, FIPS, OMB standards and mandates, and IRS Publication 1075; identify potential security gaps in existing and proposed architectures; and recommend changes or enhancements to become compliant. * Respond to security incidents and provide thorough post-event analyses; conduct incident response analyses and create an incident response plan. * Ensure continuous monitoring and verification of system security by developing and implementing test scripts and conducting regular system tests. * Design security architecture elements to mitigate threats as they emerge. * Ensure users and systems have access to cloud technologies, hardware, software, systems, and applications limited by need and role. * Participate in architecture and/or governance related review boards and working groups, reviewing change requests, and providing impact analysis support. * Prepare and present recurring and special reports, technical papers, and briefings for use in management decisions and IT operations for both business and technical audiences. * Support the preparation of system security reports by collecting, analyzing, and summarizing data, processes, and trends. * Collaborate with senior staff to resolve problems, analyze alternatives, negotiate differences, and make improvements. * Support government stakeholders, business representatives and system owners in managing multiple projects within an IT modernization program. * Understand and communicate complex technical issues in simple terms to executive staff. * Track and manage IT projects, including management of project plans, schedules, budgets, briefings, and risks. * Formulate and refine plans, including adjustments to project scope, timing, and budgets as needed by applying established governance mechanisms, best practices, and government project management principles. * Develop communication plans and interface with cross-functional teams, IT leadership, business leadership, and external vendors/partners. * Track and monitor the progress of key projects and their associated milestones and recommend adjustments as necessary. * Identify, assess, document, and report potential programmatic risk and provide risk mitigation recommendations to ensure uninterrupted continuation of IT systems. * Provide technical thought leadership including assessing, researching, and proposing IT enhancements and modernization approaches to optimize current or future systems. * Provide acquisition modeling, planning and support coupled with supporting the technical government CIO Roadmap * Provide budget and cost modeling and management through pre- and post-investment analysis. * Recommend commercial-off-the-shelf (COTS) or custom tools that provide visibility into project status and support geographically dispersed teams. * Provide analysis and problem solving for various mission-critical IT systems through a strong knowledge of IT hardware, software, and standard concepts, practices, and procedures. * Manage expectations of customers, timelines for deliverables, and project scope * Coordinate software application development and deployment of systems between various clients * Use appropriate verification techniques to manage changes in project scope, schedule, and costs. * Analyze customer business processes and workflows, requirements, and provide end-to-end solutions. * Define the business case for objectives of new cybersecurity projects, including identification of business needs. * Interface between client business units and technical IT staff on projects * Track project issues and risks by developing and maintaining a risk register. * Obtain and provide visibility into progress and impediments, escalating concerns where appropriate. * Solid understanding of DevSecOps tools and concepts * Ability to write and review detailed documentation (requirements documents, weekly/monthly reports, meeting notes, etc.) * Strong organizational skills with excellent communication (written and verbal), excellent time management skills. * Familiarity with application lifecycle management (ALM), information management and content management applications * Strong leadership and personnel management skills Work Experience, Knowledge, Skills & Abilities: * Must be a US Citizen able to obtain a Public Trust level clearance. * 5 + years of experience in Cybersecurity * 10 + years of experience supporting federal government or large enterprise IT projects and initiatives. * Active CISSP or CISM certification preferred. * Active Project Management Professional (PMP) certification preferred. * Demonstrated information technology expertise and direct hands-on experience in the areas of Information Assurance, Cybersecurity, and project management. * Demonstrated communication skills to be able to interface with all levels of management, strong project management skills in addition to interpersonal, writing, and presentation skills. * Experience supervising and managing projects of at least 15 personnel, subordinate groups, and diverse locations. * Must be available to the COR via telephone between the hours of 0800 and 1600 EST ( UTC -5 ), Monday through Friday, excluding Federal holidays, and must respond to a request for discussion or resolution of technical problems within 2 hours of notification. Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. * Knowledge of cybersecurity principles. * Knowledge of cyber threats and vulnerabilities. * Knowledge of computer networking concepts and protocols, and network secu