What are the responsibilities and job description for the Program Manager position at Development InfoStructure?
Company Overview
Development InfoStructure LLC., (Devis) is a leading provider of innovative software development, management, and consulting services, specializing in cutting-edge technologies such as DevSecOps, AI, and Machine Learning. With over 30 years of experience, we have established ourselves as a trusted partner for government agencies, delivering tailored, mission-critical solutions that drive digital transformation and operational excellence. Our client-centric approach, coupled with our deep domain expertise and technical prowess, enables us to forge enduring relationships and consistently deliver high-impact, adaptive solutions that resonate with the unique needs of the public sector.
Job Overview
The Program Manager serves as the primary contractor-side lead for the NCATS CSS contract, responsible for contract administration, security compliance advisory, and Assessment and Authorization (A&A) coordination across all task areas. This is a senior individual contributor role with a scope that extends beyond traditional program management: the right candidate brings both the operational discipline to manage a federal task order and the technical depth to provide direct cybersecurity compliance and RMF support to the NCATS team.
This role will be a full-time position with work performed primarily onsite at the National Institute of Health (NIH) located at 9800 Medical Center Drive, Building B, Rockville, MD 20850. Core hours will be Monday-Friday: 8:00 AM - 6:00 PM EST, and after-hours support for emergency incidents will be required as needed by the client. Position is contingent upon award and client approval.
Primary Duties
Contract & Program Management
Security Compliance & Program Support
Certifications
Core Competencies
Preferred Qualifications
Salary Range
Development InfoStructure LLC., (Devis) is a leading provider of innovative software development, management, and consulting services, specializing in cutting-edge technologies such as DevSecOps, AI, and Machine Learning. With over 30 years of experience, we have established ourselves as a trusted partner for government agencies, delivering tailored, mission-critical solutions that drive digital transformation and operational excellence. Our client-centric approach, coupled with our deep domain expertise and technical prowess, enables us to forge enduring relationships and consistently deliver high-impact, adaptive solutions that resonate with the unique needs of the public sector.
Job Overview
The Program Manager serves as the primary contractor-side lead for the NCATS CSS contract, responsible for contract administration, security compliance advisory, and Assessment and Authorization (A&A) coordination across all task areas. This is a senior individual contributor role with a scope that extends beyond traditional program management: the right candidate brings both the operational discipline to manage a federal task order and the technical depth to provide direct cybersecurity compliance and RMF support to the NCATS team.
This role will be a full-time position with work performed primarily onsite at the National Institute of Health (NIH) located at 9800 Medical Center Drive, Building B, Rockville, MD 20850. Core hours will be Monday-Friday: 8:00 AM - 6:00 PM EST, and after-hours support for emergency incidents will be required as needed by the client. Position is contingent upon award and client approval.
Primary Duties
Contract & Program Management
- Serve as the primary contractor point of contact for the FPM and COR; support overall administration of the CSS contract and all task areas under it.
- Develop and maintain program administration tools, including onboarding/offboarding tracking, staffing plans, org charts, and reporting dashboards with automated pipelines where applicable.
- Coordinate and communicate across all contractor staff and subcontractors; notify the CO and COR of any contract employee termination or resignation within five (5) business days.
- Provide periodic and ad-hoc reports related to contract execution, task status, and performance measures; support FPM quarterly briefings and data calls from NIH, HHS, and oversight bodies.
- Manage risk through a risk registry and risk management plan; track open action items and drive issue resolution with contractor staff and Federal task leads.
- Support the full task lifecycle, including requirements development, task initiation, execution oversight, and closeout in coordination with FTLs.
Security Compliance & Program Support
- Support FISMA compliance across NCATS information systems by advising project teams on NIST SP 800-53 Rev 5 control implementation throughout the SDLC.
- Develop and maintain compliance documentation, including written technical guidance, control implementation review summaries, and data call responses for NIH ISRM, HHS, and OMB requirements.
- Maintain a centralized knowledge management repository covering SOPs, security artifacts, process documentation, and training materials for contract staff and NCATS stakeholders.
- Coordinate and deliver security training and awareness activities for NCATS staff, system owners, and project teams; develop written materials, job aids, and reference guides in support of training programs.
- Monitor evolving federal security policy (Zero Trust, OMB M-21-31, HHS ARS, NIH ISRM) and update internal guidance and training content accordingly.
- Support collaborative problem-solving between contractor staff and Government stakeholders; facilitate knowledge transfer to maintain continuity of service during transitions.
Assessment & Authorization Support
- Guide system developers, engineers, and project stakeholders through NIST RMF phases (Prepare, Categorize, Select, Implement, Assess, Authorize, Monitor) for NCATS information systems.
- Develop, maintain, and refine core RMF artifacts in accordance with NIH templates and HHS ARS requirements:
- System Security Plan (SSP) and supporting artifacts
- Security Assessment Plan (SAP) and Security Assessment Report (SAR)
- Plan of Action and Milestones (POA&M)
- Continuous Monitoring Strategy
- Privacy Impact Assessment (PIA) support documents
- Produce and maintain FIPS-199 system categorization packages, control baseline tailoring documentation, and control mapping matrices (system functions to NIST 800-53 Rev 5 controls).
- Coordinate with system owners and the NCATS security team to prepare and submit ATO packages; support FedRAMP compliance where applicable.
- Provide privacy control implementation support, including data flow diagrams with integrated privacy requirements and data call responses for HHS/NIH privacy compliance.
- Integrate A&A advisory support into each SDLC phase; produce written recommendations and control implementation guidance per development iteration.
Stakeholder Engagement & Deliverables
- Establish and maintain stakeholder engagement processes for contractor deliverables; manage routing and acceptance cycles with the NCATS Branch Chief, Federal leads, CO, and COR.
- Track Government review timelines; manage resubmission timelines and communicate status proactively to Federal leads.
- Develop and maintain SOPs supporting federally mandated cybersecurity and privacy policies; ensure SOPs remain current with applicable NIH and HHS policy changes.
- Respond to data calls and security inquiries from NCATS, NIH, HHS, and other oversight bodies in coordination with the Federal Program Manager.
Required Qualifications
Education and Experience
Education and Experience
- Minimum ten (10) years of progressively responsible program or project management experience, including at least five (5) years leading federal IT or cybersecurity programs with multiple stakeholders and cross-functional delivery teams.
- Minimum five (5) years of hands-on experience with FISMA compliance, NIST RMF, and federal security documentation (SSP, POA&M, SAR, PIA) in a civilian federal agency environment.
- Bachelor’s degree in Information Technology, Cybersecurity, Business, or a related discipline required; in lieu of a degree, fourteen (14) years of progressively responsible experience as described above.
Certifications
- PMP (Project Management Professional) – Active, required.
- CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional), or CAP (Certified Authorization Professional) – at least one required.
Core Competencies
- Demonstrated ability to manage contractor-side program execution, including staffing oversight, deliverable management, and FPM/COR coordination on a federal task order.
- Working knowledge of HHS/NIH security policy, including HHS ARS, NIH ISRM policies, and OMB M-21-31 logging and auditability requirements.
- Experience developing and maintaining NIST RMF documentation packages for civilian federal systems; familiarity with NIH RMF templates is a plus.
- Ability to communicate technical compliance requirements clearly to non-technical stakeholders, including written briefings, training materials, and executive summaries.
- Demonstrated experience operating in a multi-task contract environment where competing priorities must be managed concurrently.
Preferred Qualifications
- Master’s degree in Information Technology, Cybersecurity, or a related discipline.
- Prior experience supporting HHS, NIH, or NCATS programs, or other biomedical research agencies with complex IT security environments.
- Familiarity with FedRAMP authorization processes and cloud security requirements for federal systems.
- Experience producing FIPS-199 categorization packages and supporting ATO submissions in a civilian HHS/NIH environment.
- Experience with federal security training development and delivery, including role-based training programs under HHS policy.
Clearance
- Must be able to obtain and maintain the applicable NIH/HHS Public Trust or clearance level prior to beginning work.
- Must complete all required HHS/NIH Contractor Information Security Awareness, Privacy, and Records Management training before performing work under the contract, and annually thereafter.
- Must comply with NIH Rules of Behavior for contractors and sign the applicable acknowledgment before accessing any Government data, systems, or networks.
Salary Range
- $145,000 - $160,000
Devis is an AA/EOE/M/F/Disabled/VET Employer committed to providing equal employment opportunity without regard to an individual’s race, color, religion, age, gender, sexual orientation, veteran status, national origin or disability.
Salary : $145,000 - $160,000