Cybersecurity Program Manager – Controls Testing

Position Summary

The Cybersecurity Program Manager will oversee and coordinate the execution of a cybersecurity program focused on both controls testing and penetration testing for a government client. This role requires extensive experience in managing programs aligned with NIST 800-53, NIST 800-37, and FISMA requirements. The ideal candidate will bring 10 years of experience in cybersecurity program management, with expertise in managing control assessments, penetration testing, and overall security evaluations. Strong leadership, communication, and organizational skills are essential, as well as a deep understanding of federal cybersecurity compliance.

Key Responsibilities

• Lead and manage a cybersecurity program that encompasses controls testing and penetration testing to evaluate the client’s security posture comprehensively.
• Ensure compliance with NIST 800-53 v5, NIST 800-37, and FISMA requirements throughout the program lifecycle.
• Oversee the Risk Management Framework (RMF) process and Security Assessment and Authorization (SA&A), ensuring timely and accurate documentation.
• Supervise and support penetration testing activities, including scoping, execution, and reporting, to uncover vulnerabilities in applications, networks, and systems.
• Develop and maintain the program schedule, ensuring tasks are completed on time and deliverables meet quality standards.
• Act as the primary point of contact for the client, providing regular updates, addressing concerns, and managing expectations.
• Oversee the creation and delivery of key artifacts such as System Security Plans (SSPs), Security Assessment Reports (SARs), penetration testing reports, and Plan of Action and Milestones (POA&Ms).
• Provide strategic guidance on risk mitigation, remediation planning, and improving the client’s cybersecurity posture.
• Monitor program performance, track milestones, and deliver comprehensive progress reports to stakeholders.
• Stay current on regulatory changes, cybersecurity standards, and emerging threats to ensure the program remains effective and up to date.

Qualifications

Required Experience and Skills:

• MUST BE A U.S. CITIZEN
• 10 years of experience in program or project management within the cybersecurity field, particularly in federal government environments.
• Proven ability to manage both controls testing and penetration testing programs, ensuring alignment with NIST and federal requirements.
• Extensive knowledge of NIST 800-53 v5, NIST 800-37, and FISMA requirements.
• Demonstrated experience in managing the Risk Management Framework (RMF) process and Security Assessment and Authorization (SA&A) lifecycle.
• Strong understanding of penetration testing methodologies and tools, including PTES, NIST 800-115, and automated/manual testing techniques.
• Ability to manage large-scale cybersecurity programs, including resource allocation, risk management, and stakeholder engagement.
• Exceptional organizational and leadership skills with the ability to manage multiple priorities and meet tight deadlines.
• Strong verbal and written communication skills, including experience briefing senior executives and government stakeholders.
• Bachelor’s degree in Cybersecurity, Information Technology, Business Administration, or a related field.

Preferred Qualifications:

• Certifications such as PMP, CISSP, CISM, OSCP, or CEH.
• Experience managing cybersecurity programs for federal clients, particularly within defense, financial, or regulatory environments.
• Familiarity with privacy regulations and their integration with security controls and penetration testing programs.