Program Director Local to NC

Project Overview

The DHHS Privacy & Security Office is launching a large-scale cybersecurity initiative to conduct comprehensive Technical Security Risk Assessments and Penetration Testing across approximately 100 counties. The objective of this initiative is to evaluate and strengthen the security posture of county IT environments and ensure compliance with cybersecurity best practices and regulatory requirements.

This initiative will assess county infrastructure and security controls including:

• Servers and endpoint systems (desktops/laptops)

• Network architecture and segmentation

• Firewalls and perimeter security controls

• User access provisioning and identity management

• Multi-Factor Authentication (MFA)

• Virtual Private Networks (VPNs)

• System hardening standards and procedures

• Vulnerability management processes

• Patch management practices

Role: Program Director

The Lead Consultant will be responsible for planning executing and overseeing all technical security assessment and penetration testing activities across the participating counties. This role requires both deep technical expertise and strong leadership and communication skills.

Key Responsibilities

Assessment & Testing Execution

• Design and conduct technical security risk assessments for county IT environments.

• Perform penetration testing activities to identify vulnerabilities misconfigurations and security gaps.

• Validate security controls across infrastructure network identity and endpoint environments.

Methodology & Standardization

• Develop standardized assessment methodologies testing frameworks and reporting templates.

• Ensure consistency repeatability and quality across all county assessments.

• Define risk scoring models and remediation prioritization standards.

Program & Team Management

• Manage assessment team assignments scheduling and workload distribution.

• Track project milestones deliverables and timelines.

• Ensure timely completion of assessments across all counties.

Reporting & Stakeholder Communication

• Prepare executive-level and technical reports outlining findings risks and remediation recommendations.

• Translate complex technical security findings into clear non-technical language for business leaders CMS and stakeholders.

• Support presentations briefings and audit discussions as required.

Quality & Governance

• Ensure assessments align with cybersecurity best practices regulatory standards and organizational security policies.

• Maintain documentation audit trails and evidence for compliance and governance purposes.

Required/Desired Skills

Required Skills:

Experience in cybersecurity risk assessments and penetration and perform technical security risk assessments on county IT environments (serversdesktopsnetworksfirewallsIAMMFAVPNspatching proConduct internal/external penetration testingvulnerability identificationand exploit validationDevelop a repeatable assessment methodologytemplatestesting proceduresand reporting formats for use across 100 and coordinate assessment team workloadsassignmentsschedulesand and maintain project planstimelinesand progress with NISTCIS ControlsISO 27001and related frameworks.