Security Compliance Manager

General Dynamics Information Technology (GDIT) is seeking a Security Manager who is innovative, dedicated, and highly motivated to lead our security team in solving challenging problems for our client, the Division of Federal Systems (DFS) for the Office of Child Support Services (OCSS).

Our team provides program support to DFS OCSS to manage and monitor the development, implementation, operation, maintenance, technical support, and enhancement of the division’s systems and services. Federal Parent Locator Service (FPLS) information is, by statute, made available to child support agencies and a limited number of federal and state agencies. These secure systems and services help child support agencies, employers, insurers, and financial institutions exchange information about child support cases; locate parents; establish paternity, custody and visitation; collect support; and identify fraud.

Currently, this role is remote. Once COVID restrictions are lifted, the work location for this position is the Department of Health and Human Services Mary Switzer Building near Federal Center Southwest in Washington, D.C.

The ideal candidate enjoys managing a team and will find satisfying the challenges and opportunities provided by a fast-paced, customer-oriented environment.  If you want to work with a dynamic group of dedicated, technical professionals on a collaborative team that supports a critical mission, we encourage you to apply. 

• Manage and lead security team to ensuring all security tasks and deliverables are completed on time.
• Lead security team meetings and represent security in Governance, Technical Operations, Change Advisory Board, and Technical Review Boards.
• Develop and enforce security policies and procedures in compliance with Federal mandates, OMB, NIST guidelines, HHS/ACF, and FPLS security requirements.
• Act as a Subject Matter Expert (SME) on application, network security, and emerging security technologies.

Security Task includes:

• Federal System Compliance: Serve as the subject matter expert on federal security compliance regulations, including but not limited to ZTA, Supply Chain NIST, FedRAMP, FISMA, and OMB guidelines. 
  • Evaluate security controls implement by O&M security team to ensure compliance with federal guidelines and safeguard sensitive data and systems.
  • Provide guidance to the design and development teams to ensure compliance with Federal mandates, OMB and NIST guidelines, Health and Human Services (HHS), Administration for Children and Families (ACF) and Federal Parent Locator Service (FPLS) security requirements.
  • Provide guidance to the design and development teams on security issues and assist as needed in the development of security documentation for Security Authorization.
  • Participate in the continuous monitoring of FPLS systems and applications in support of the security authorization process through system development life cycle, risk assessments, vulnerability testing, inventory and configuration audits, technical and physical assessments, and development of security documentation. 
  • Support the Office of Child Support Enforcement (OCSE) management, the ACF CISO, ACF Cyber Security Office, and HHS Chief Information Security Officer (CISO) to ensure FPLS compliance with ACF and HHS security requirements.
  • Assist the FPLS ISSO, FPLS ITSSO and Technical Manager to ensure that FPLS upholds all security requirements to maintain the ACF Authority to Operate.
     
• System Risk Assessment: Conduct comprehensive risk assessments of system portfolio to identify potential vulnerabilities and weaknesses in the organization's security posture.
  • Participate in routine and on-demand system and application vulnerability scanning, document findings and recommendations, and present analysis of results to stakeholders. 
  • Document and track internal POAMs for DFS systems and applications.
  • Conduct risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and protection needs.

• Audits & Compliance: Plan and execute regular audits to assess compliance with federal security standards and regulatory requirements.
  • Support the Security Team in responding to external audits conducted by the HHS Inspector General (IG), Internal Revenue Service (IRS) and other Federal agencies as required. 
  • Assess security events to determine impact and implements corrective actions. Conduct research pertaining to the latest security vulnerabilities. and the latest technological advances in combating unauthorized access to information.
  • Support systems security evaluations, audits, and reviews. Develop systems security contingency plans and disaster recovery procedures.
  • Participate in conducting security site assessments on data matching partner sites and FPLS contractor sites.
  • Security Site Assessments: Actively participate in security site assessments conducted on data-matching partner sites and FPLS contractor sites. This includes planning, reviewing relevant documents, writing comprehensive reports, and reviewing/responding to Plans of Action and Milestones (POAMs).
  • POAM Creation and Tracking: Create and maintain a system to track POAMs after each audit, ensuring that all identified security gaps and issues are properly documented and addressed within specified timelines.
  • Questionnaire Review: Review questionnaires submitted by our matching partners to assess their adherence to security controls and requirements. Conduct kickoff meetings and virtual audits to validate the implementation of appropriate security measures.
  • Security Control Monitoring: Continuously monitor the implementation of security controls by collaborating with stakeholders and conducting regular audits. Identify any deviations or vulnerabilities and recommend corrective actions as needed.

• Security Awareness Training: Develop and deliver training programs to educate employees on federal security compliance requirements and best practices.
  • Assist in the development and delivery of Security Awareness Training as required.
  • Promote awareness of security issues among management and ensures sound security principles are reflected in organizations’ visions and goals.
     
• Stakeholder Communication: Communicate effectively with various stakeholders, including senior management, IT teams, legal teams, and external auditors, to convey compliance issues, risks, and remediation plans. Support the client in publishing security alerts, advisories, and bulletins.
   
• Industry Knowledge: Stay abreast of emerging trends, technologies, and regulatory changes in the federal security compliance landscape and provide recommendations for adapting policies and procedures accordingly.
• Documentation: Maintain accurate and up-to-date documentation of compliance activities, audit findings, and remediation efforts. Proficiency or familiarity with project management tools, particularly Jira, is preferred. The ability to effectively utilize Jira for task tracking, issue management, and collaboration is highly desirable.

Required Skills:

• Bachelor's degree in Computer Science, Information Systems, or in a related field. Relevant certifications (e.g., CISSP, CISM, CRISC) are highly desirable. AWS Certified Security Specialty is a plus.
• Minimum of 5 years of experience working as a Federal Security Compliance Analyst with at least 3 years in a managerial role.
• 2 years security compliance experience NIST, FedRAMP, FISMA, OMB, ZTA, Supply Chain knowledge.
• 5 Years of experience handling sensitive data sources and distribution of data containing personally identifiable information related to a Federal system.

Desired Skills:

• Exceptional leadership and Managerial skills
• Excellent verbal and written communication skills, with the ability to effectively communicate complex security concepts to both technical and non-technical stakeholders.
• Strong analytical and problem-solving skills to identify compliance risks, evaluate controls, and recommend effective solutions.
• Meticulous attention to detail and the ability to maintain accurate and thorough documentation.
• Proven ability to work collaboratively in a team environment and establish positive relationships with cross-functional teams. Ability to adapt quickly to changing priorities, regulations, and compliance requirements.
• Relevant security certifications (e.g., CISSP, CISM, CISA) are highly desirable.

Scheduled Weekly Hours:

Travel Required:

Telecommuting Options:

Work Location: