Cybersecurity Project Manager

ARETUM, a leading government contracting company specializing in technology-enabled mission support services, is seeking an experienced Cybersecurity Project Manager to join our team. As a Cybersecurity Project Manager at ARETUM, you will be responsible for overseeing the planning, execution, and successful completion of cybersecurity projects for our government clients.

ARETUM is known for providing cutting-edge solutions and outstanding service to Federal clients in various sectors, including Next Generation Analytics, Engineering Services, Training Services, IT Systems, Cyber Security, PMO Support, and Financial Consulting. Our mission is to deliver technology-driven solutions that meet the unique needs of our government clients, enabling them to achieve their objectives effectively and efficiently.

Responsibilities:

• As the Cybersecurity Team Lead, support federal civilian clients in complying with Federal cybersecurity standards, policy, and regulations.
• Serve as a skilled technical security advisor and security officer to business owners and stakeholders. Responsible for providing leadership, direction, and hands-on management for delivery of mission enabling cybersecurity
• Lead and manage multiple Cyber related programs and oversee team of ISSOs and accessors.
• Independently perform all aspects of the security controls assessment in alignment with NIST 800-53 Revision 5, from kickoff to submission of all assessment deliverables including the security assessment plan, security assessment report, and outbrief slides.
• Ensure comprehensive understanding and application of ATO documentation requirements, including Business Impact Analysis, Contingency Plan, and FIPS 199, in all assessment activities.
• •Coordinate all aspects of testing with relevant stakeholders and team lead.
• Develop a security assessment plan with input from stakeholders.
• Develop and tailor evidence request lists.
• Conduct and lead assessment interviews and tests and manage evidence.
• Coordinate with team lead and client management to develop and maintain a project plan.
• Ensure all required deliverables are completed according to schedule and at a high quality with the understanding that deliverables will undergo independent review by client.
• Provide insightful recommendations to client to improve security posture.
• Support organizational capability and practice development by providing subject matter expertise on cybersecurity related threats, hazards, and risks.
• Develop documentation as the primary author on RMF A&A documents including but not limited to the System Security Plan, Privacy Threshold Analysis, Privacy Impact Assessment, Contingency Plan, Configuration Management Plan, and Incident Response Plan.
• Implement quality assurance procedures to ensure high level of quality in all deliverables submitted by the team.
• Provide tactical and strategic guidance to improve organizational security program.
• Provide security design and impact analysis for enterprise operations and solutions.
• Provide assistance in various assessment activities including A&A security control assessments.
• Coordinate and communicate with system stakeholders as required to complete all aspects of the A&A process.
• Understand and articulate security architecture of systems and how it integrates with the enterprise security stack.
• Provide security design and security impact analysis on agency systems.
• Perform both technical and documentation continuous monitoring tasks.
• Keep abreast of changing audit guidelines, Federal guidance, and regulations.
• Lead and advise on POA&M remediations and control finding closures using evidential matter or other required closure evidence.
• Support security controls assessment activities.
• Perform all required tasks in a timely and proficient manner while exercising sound time and task management.
• Work effectively with other team members to complete required tasks.
• Implement effective project management of all team initiatives.
• Manage and coordinate with other team members to effectively execute tasks to ensure high quality deliverables and timely delivery.
• Develop and maintain project plans.
• Develop status reports and provide briefings to both client and corporate management.
• Responsible for financial, technical, administrative, contractual, and personnel aspects of the contract

Requirements

• Bachelor’s degree in information systems, Computer Science, or related field required.

• Security Certification: CISSP, CISM, CAP or equivalent certification highly preferred.

• Clearance: Must have Public Trust.

• 3+ years of technical experience in cybersecurity with three years in leadership for a Federal government agency

• 5+ years of experience with Federal Assessment & Authorization (A&A).

• 5+ years of experience with maintaining IT security policies, processes, and guidance.

• Experience with Federal Risk and Authorization Management Program (FedRAMP).

• Proficient understanding of the NIST Risk Management Framework (RMF) process, with specific expertise in NIST 800-53 Revision 5 security control set, including technical, administrative, and physical controls.

• Experience with developing and managing continuous monitoring and plans of action and milestones (POA&M).
• Strong communication (verbal and written) skills and experience.
• Strong attention to detail.
• Ability to effectively articulate and advise security requirements to various audiences including management, business stakeholders, and technical staff.
• Demonstrated ability to address and incorporate requirements from Emergency Directives and other evolving security mandates into the security posture and assessment processes.
• Minimum of (4) years leading assessments and serving as the primary assessor on general support systems.
• Experience performing assessments using Cyber Security Assessment and Management (CSAM).
• Able to appropriately articulate security concepts and requirements to different audiences.
• Strong task management skills.
• Must be a US Citizen