ISSO PROJECT MANAGER (PM)

Military Friendly & Preferred - Hoh Sponsor

Zermount, Inc has a requirement for an ISSO PM who will support our client by providing project management and Information Security expertise for our ISSO Team. The ISSO PM is expected to provide advisory in securing enterprise information and systems, by determining security requirements; planning, designing, implementing, and testing systems and security technologies; developing security standards, policies, and procedures; and mentoring team members.

The ISSO Program Manager serves as the senior cybersecurity lead responsible for managing all security compliance, RMF activities, and continuous monitoring for all systems within the client's enterprise while also providing full lifecycle program management support. This role integrates IT and Information Security subject matter expertise with project management responsibilities to ensure secure, compliant, and mission-aligned delivery for our federal client. The ISSO PM manages security operations, reporting, deliverables, stakeholder communication, resources, schedules and technical oversight of cybersecurity governance, risk, and compliance (GRC) activities to meet agency and contract requirements.

DUTIES & RESPONIBILTIES

• Provide day-to-day management of the ISSO Team, develop project schedules, reports, and briefings in accordance with the contract requirements.
• Provide primary accountability to ensure the task orders receives the appropriate support and resources required to deliver quality results.
• Provide strategic direction, vision, leadership, and management to the team(s) assigned to the task order.
• Contribute to organizational direction through regular involvement with client leadership and team members.
• Maintain productive and effective client relationship with the most senior levels of the client organization.
• Manage numerous project schedules simultaneously.
• Develop, maintain and update project management plans, project schedules, and an Integrated Master Schedule (IMS).
• Develop, maintain and update Quality Assurance Surveillance Plans (QASP).
• Conduct assessments of threats and vulnerabilities, determine deviations from acceptable configurations, enterprise, or local policy, assess the level of risk, and develop and recommend appropriate mitigations.
• Ensure ISSO team meets contract requirements and client established KPI's and performance metrics.
• Provide risk analysis for vulnerabilities, incidents and change requests and advise on the impact of new or changing applicable federal policy changes.
• Conduct research and present analyses to evaluate and/or determine emerging industry technology trends, government agency best practices, and security issues.
• Determine security requirements by evaluating strategies / requirements; research IT security standards; conduct security and vulnerability analyses and risk assessments; review architecture/platform; identify integration issues; prepare cost estimates.
• Provide expertise and guidance to OCIO on DevSecOps / secure development, operational systems, and enhancements in support of the client's mission.
• Assist business owners, system owners, and system engineers with selecting and implementing controls that maintain a high level of security and protect patron privacy.
• Monitor and ensure compliance with standards, policies, and procedures; support IR activities; develop and conducting training programs.
• Prepare security reports by collecting, analyzing, and summarizing data and trends.
• Enhance company and client's reputation by accepting ownership for accomplishing new and different requests, exploring opportunities to add value to job accomplishments.
• Lead ISSOs for assigned systems in accordance with NIST RMF, FISMA, agency policy, directives, Zero Trust and cybersecurity requirements.
• Ensure quality requirements are met for system security documentation development and maintenance, including SSPs, Security Assessment Packages (SAP), SARs, POA&Ms, and continuous monitoring artifacts.
• Ensure all systems maintain ongoing authorization by implementing continuous monitoring, monthly artifact updates, vulnerability remediation, log review oversight, and risk tracking.
• Collaborate with technical teams to ensure security requirements are incorporated into system design, enhancements, and operational changes.
• Support audit readiness, respond to IG/OIG inquiries, and manage external assessment requests.
• Provide expert guidance on NIST SP 800-53, 800-37, 800-30, 800-137, 800-61, Zero Trust Architecture (800-207), and CISA Zero Trust Maturity Model.
• Manage project risks, issues, dependencies, timelines, and reporting across the lifecycle.
• Prepare and deliver weekly, monthly, and quarterly program status reports, dashboards, and executive briefings.
  
  

Qualifications

• Must have at least 7 years of experience managing IT Security programs with for a minimum of 5000 users, 10,000 assets, and numerous tools.
• Must have experience at least 5 years of experience leading teams, minimally, of 10 direct reports: and developing, implementing, and managing project schedules.
• Must have the ability to manage multiple projects, work under pressure and tight deadlines, work independently, and work in a team environment.
• Must have the ability to effectively communicate both orally (in common English narration) and in writing (to include technical documentation).
• Must have the ability to manage multiple projects, work under pressure and tight deadlines, work independently, and work in a team environment.
• Possess the ability to explain and breakdown technical details, and solutions to executive management and not technical parties - ability to explain the true business impact.
• Good understanding of network protocols, design, and operations.
• Strong analytical skills and efficient problem solving.
• Experienced writing security related procedures and guidelines.
• Experience with NIST Special Publications and guidance.
• Excellent report development and presentation skills.
• Strong problem solving and analysis skills, self-motivated, and able to work and communicate in a team environment.
• Proficient in Microsoft® Office suite to include Project, and other office automation products.
  
  

Education

• Minimum of Bachelor's degree in Computer Science, IT, Engineering, or similar fields. Years of experience will be taken into consideration, in place of a degree.
• Years of experience may be substituted in lieu of a degree.
  

Certifications

• At least one (1) IT Security certification for IAT II or IAT III, referenced in the DoD Approved 8570 Baseline Certification list, AND
• One (1) IT Security certification for IAM III referenced in the DoD Approved 8570 Baseline Certification list.
• A single industry certification may satisfy both requirements per the list.
• Additional certifications preferred are:
• PMI PMP; and ITIL
  

Clearance

• Public Trust
• Must be a United States citizen.
  
  

WORK LOCATION and HOURS:

• Location: Primary location is Zermount HQ (Arlington, VA) and Washington, DC. Remote is authorized. Occasional travel to the primary location may be required.
• Core Hours: 8:30 am ET - 5:30 pm ET