Project Manager

The National Institute of Allergy and Infectious Diseases (NIAID), a key component of the National Institutes of Health (NIH), leads research to understand, treat, and prevent infectious, immunologic, and allergic diseases. The Office of Cyber Infrastructure and Computational Biology (OCICB) provides IT and analytics solutions to support NIAID's mission, leveraging vendor expertise for advanced data engineering, system development, and cybersecurity.

The Cyber Security Program (CSP) provides system security risk management for the NIAID Authorizing Official and system risk owners, security operations support for the prevention, detection, and resolution of risks to Federal systems or data, as well as programmatic cybersecurity services for NIAID systems and processes.

As part of this mission, ECS is seeking a Project Manager to support NIAID's Cyber Security Program (CSP) in system security risk management, continuous monitoring, vulnerability management, and audit preparedness. The Project Manager will play a key role in identifying and mitigating cybersecurity risks, ensuring compliance with NIST Risk Management Framework (RMF), FedRAMP, and other federal cybersecurity policies, and maintaining an ongoing authorization within acceptable risk parameters. This position involves coordinating risk assessments, developing security documentation, and providing strategic guidance to ensure NIAID systems maintain a strong security posture against evolving cyber threats.

These duties include but are not limited to:

• Serve as a primary point of contact for the Government, overseeing all contract operational support functions and ensuring successful execution of tasks.
• Manage and direct multiple complex and inter-related project tasks, coordinating contractor personnel and monitoring performance across all areas.
• Serve as the primary liaison between the Government and project teams for technical and financial reporting, providing updates on project progress, risks, and resource allocation.
• Oversee daily operations, ensuring personnel are effectively assigned, managed, and supported to meet contractual obligations.
• Develop and maintain key project documentation, including a Task Order Management Plan, work schedules, spending plans, and compliance reports.
• Ensure all deliverables, reports, and analyses are developed and submitted in accordance with Government-specified formats and deadlines.
• Conduct and lead regular status and progress review meetings, tracking completed work, identifying issues, and recommending solutions.
• Direct cybersecurity projects, ensuring alignment with program schedules, cost requirements, and technical objectives.
• Implement risk and issue management plans, developing strategies to mitigate potential challenges and ensure continuous process improvements.
• Adhere to federal and agency-specific methodologies, including HHS Enterprise Performance Life Cycle (EPLC), to manage and oversee all task activities.

General Description of Benefits

• Minimum of six years of experience in cybersecurity. 10 years of experience is preferred.
• Minimum of six years of experience leading cybersecurity programs for comparably sized Federal agencies and security programs. Eight-plus years of experience is preferred.
• Currently possess and maintain at least one of the following (or equivalent) industry-recognized certifications:
  • Certified Information System Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Certified in Risk and Information Systems Control (CRISC)
• Familiarity with ITIL Foundations Certification concepts
• Demonstrated experience managing cybersecurity teams including personnel, workload, priorities, scheduling, and risks.
• Proven experience to consistently evaluate and convey risk using National Institute of Standards and Technology (NIST) risk assessment methodology, and to consult with federal risk executives, system and IT stakeholders on compliant risk management strategies and solutions.
• Knowledge of and experience with the current NIH GRC tool, CSAM, or comparable GRC tools used by other Federal agencies.
• Experience developing and using streamlined Assessment & Authorization (A&A) processes or tools that help greatly reduce the burden and time to complete authorizations.
• Knowledge of and experience managing leading software assurance activities including but not limited to using automated vulnerability scanning tools to ensure agency/customer software products are free of known defects before deployment and post-deployment.