Program Manager

• Serve as the primary contractor point of contact for the FPM and COR; support overall administration of the CSS contract and all task areas under it.
• Develop and maintain program administration tools including onboarding/offboarding tracking staffing plans org charts and reporting dashboards with automated pipelines where applicable.
• Coordinate and communicate across all contractor staff and subcontractors; notify the CO and COR of any contract employee termination or resignation within five (5) business days.
• Provide periodic and ad-hoc reports related to contract execution task status and performance measures; support FPM quarterly briefings and data calls from NIH HHS and oversight bodies.
• Manage risk through a risk registry and risk management plan; track open action items and drive issue resolution with contractor staff and Federal task leads.
• Support the full task lifecycle including requirements development task initiation execution oversight and closeout in coordination with FTLs.

• Support FISMA compliance across NCATS information systems by advising project teams on NIST SP 800-53 Rev 5 control implementation throughout the SDLC.
• Develop and maintain compliance documentation including written technical guidance control implementation review summaries and data call responses for NIH ISRM HHS and OMB requirements.
• Maintain a centralized knowledge management repository covering SOPs security artifacts process documentation and training materials for contract staff and NCATS stakeholders.
• Coordinate and deliver security training and awareness activities for NCATS staff system owners and project teams; develop written materials job aids and reference guides in support of training programs.
• Monitor evolving federal security policy (Zero Trust OMB M-21-31 HHS ARS NIH ISRM) and update internal guidance and training content accordingly.
• Support collaborative problem-solving between contractor staff and Government stakeholders; facilitate knowledge transfer to maintain continuity of service during transitions.

Assessment & Authorization Support

• Guide system developers engineers and project stakeholders through NIST RMF phases (Prepare Categorize Select Implement Assess Authorize Monitor) for NCATS information systems.
• Develop maintain and refine core RMF artifacts in accordance with NIH templates and HHS ARS requirements:

• System Security Plan (SSP) and supporting artifacts
• Security Assessment Plan (SAP) and Security Assessment Report (SAR)
• Plan of Action and Milestones (POA&M)
• Continuous Monitoring Strategy
• Privacy Impact Assessment (PIA) support documents

• Produce and maintain FIPS-199 system categorization packages control baseline tailoring documentation and control mapping matrices (system functions to NIST 800-53 Rev 5 controls).
• Coordinate with system owners and the NCATS security team to prepare and submit ATO packages; support FedRAMP compliance where applicable.
• Provide privacy control implementation support including data flow diagrams with integrated privacy requirements and data call responses for HHS/NIH privacy compliance.
• Integrate A&A advisory support into each SDLC phase; produce written recommendations and control implementation guidance per development iteration.

Stakeholder Engagement & Deliverables

• Establish and maintain stakeholder engagement processes for contractor deliverables; manage routing and acceptance cycles with the NCATS Branch Chief Federal leads CO and COR.
• Track Government review timelines; manage resubmission timelines and communicate status proactively to Federal leads.
• Develop and maintain SOPs supporting federally mandated cybersecurity and privacy policies; ensure SOPs remain current with applicable NIH and HHS policy changes.
• Respond to data calls and security inquiries from NCATS NIH HHS and other oversight bodies in coordination with the Federal Program Manager.

• Masters degree in Information Technology Cybersecurity or a related discipline.
• Prior experience supporting HHS NIH or NCATS programs or other biomedical research agencies with complex IT security environments.
• Familiarity with FedRAMP authorization processes and cloud security requirements for federal systems.
• Experience producing FIPS-199 categorization packages and supporting ATO submissions in a civilian HHS/NIH environment.
• Experience with federal security training development and delivery including role-based training programs under HHS policy.

• Must be able to obtain and maintain the applicable NIH/HHS Public Trust or clearance level prior to beginning work.
• Must complete all required HHS/NIH Contractor Information Security Awareness Privacy and Records Management training before performing work under the contract and annually thereafter.
• Must comply with NIH Rules of Behavior for contractors and sign the applicable acknowledgment before accessing any Government data systems or networks.

• $145000 - $160000

Devis is an AA/EOE/M/F/Disabled/VET Employer committed to providing equal employment opportunity without regard to an individuals race color religion age gender sexual orientation veteran status national origin or disability.