Project Manager V

Overview

Empower AI is AI for government. Empower AI gives federal agency leaders the tools to elevate the potential of their workforce with a direct path for meaningful transformation. Headquartered in Reston, Va., Empower AI leverages three decades of experience solving complex challenges in Health, Defense, and Civilian missions. Our proven Empower AI Platform® provides a practical, sustainable path for clients to achieve transformation that is true to who they are, what they do, how they work, with the resources they have. The result is a government workforce that is exponentially more creative and productive. For more information, visit www.Empower.ai.

 

Empower AI is proud to be recognized as a 2024 Military Friendly Employer by Viqtory, the publisher of G.I. Jobs. This designation reflects the company’s commitment to hiring and supporting active-duty and veteran employees.

Responsibilities

POSITION SUMMARY

As the Deputy Director of Enterprise Security, the purpose of this role is to assist the DIGIT Director of Enterprise Security in the management and performance of GSA IT Enterprise Security Management and IT Continuity Management Services.  The DIGIT Deputy Director of Enterprise Security shall directly supervise the DIGIT Security Operations Team and support the Director of Enterprise Security in the performance of overall strategy, staff management, training, and organization and will serve as Director of Enterprise Security in his absence.

 

POSITION RESPONSIBILITIES:

The DIGIT Deputy Director of Enterprise Security will assist the DIGIT Director of Enterprise Security with duties that include, but are not limited to the following:

Develop strategy & program for the delivery of security services in support of the IS Governance, Risk, and Compliance function within GSA IT.

Ensure all technological and informational assets under DIGIT contractor management are adequately protected in accordance with applicable laws, regulations, standards, and policies.

Integrate cyber security strategy & program into all DIGIT management, projects, and work practices.

Redefine, build, and/or maintain metrics to add transparency into operations, facilitate risk-based decision making, and to measure and manage security program effectiveness.  This includes security patching, incidents, risks, compliance, vulnerabilities, and system availability with status within the Enterprise IT Dashboard (Section C.5.7.2 of the TOR).

Ensure GSA IT executive leadership is proactively briefed on risks and status of critical security items.

Maintain standard OS, hardening, and baseline configurations in compliance with GSA security standards.

Provide support and assistance to GSA IS for applicable audits, Assessment and Authorizations (A&A), and continuous monitoring to validate that required security controls are properly documented/implemented, operating as intended, and producing the desired outcome in accordance with GSA policy and defined requirements.

Provide support and collaboration to GSA IS for security relevant documentation requirements using the GSA processes and templates. This includes documenting and maintaining security diagrams, plans, procedures, policies, logs, vulnerabilities, gaps, exceptions, assets, and reports for relevant systems and system components.

Continuously monitor policy and compliance changes to ensure proactive implementation across the program.

Partner with GSA IS Risk and Compliance teams to ensure regulatory compliance and unified visibility into enterprise risk.

Enhance communication and work across business lines to ensure security best practices and consistent implementation\integration.

Respond, as necessary, to all potentially adverse events within all GSA networks and platforms under this TO, in coordination with and as advised by the CISO and applicable directives.

Identify specific security weaknesses on target systems, especially variances from baseline hardening and configurations, and provide recommended techniques and/or improvements to strengthen the security of the target system.

Ensure all systems logs are properly captured and included in security monitoring activities per GSA security standards.

Utilize GSA’s vulnerability assessment capability to identify unauthorized access points or potential implementation weaknesses.

Monitor, prevent, detect, respond, report, and correct the unauthorized release of GSA data utilizing provided and developed tools, processes, and sound security practices.

Support Enclaving/Network segregation with a focus on implementations via a holistic, automated, and repeatable process with known parameters for security related inheritance by guest systems.

Review investigations after breaches or incidents, including impact analysis, lessons learned, and recommendations.  

Provide  guidance, implementation recommendations and assistance in the developing  the security aspect of the DevSecOps and CI efforts for GSA IDT.

Provide guidance, implementation recommendations and assistance to move to more modern and proactive remediation approaches for system and network devices, the security process necessary to support the shift toward IaC and compliance support services to maintain production system security posture for all managed systems

Be fluent with the RMF and NIST special publications; specifically SP-800-128, SP-800-60, 800-53 and STIGS

Coordinate with program/project stakeholders, technical teams, the Information Systems Security Officer (ISSO), Information Systems Security Manager (ISSM) and other team members to define, implement and maintain an acceptable information systems security posture

Performs analysis to validate established security requirements and to recommend additional security requirements and safeguards

Translate operational requirements into technical requirements to meet program objectives and have the ability to assist in documenting those requirements

Reviewing and evaluating information technology software, hardware and networks and the overall cyber security posture of information technology systems

Provide timely status updates/reporting on assessments and assigned projects

Qualifications

 

CONTRACT REQUIRED QUALIFICATIONS:

• Public Trust Clearance by start date.
• ITILv4 Foundation Training and ITILv4 Foundation Certification, may be obtained within 120 days after hire.
• 7 years of direct experience or equivalent in a technical information security role
• Knowledge of and experience keeping up with changes to common information security management frameworks, such as NIST, SSAE, ISO/IEC 27001, CMMC and FedRamp, as well as regulations such as HIPAA, GDPR, PCI/DSS
• Experience in agile development practices.
• Develops and maintains deliverables and performance metrics where applicable.
• Accomplished in working with senior leadership while balancing organizational needs and risks.
• Extensive knowledge of information security concepts, such as identity and access, risk analysis, vulnerability management, data loss prevention, intrusion detection,  governance, DevSecOps, CI/CD .

 

CONTRACT DESIRED QUALIFICATIONS:Direct experience performing the following functions:

• 10+ years of experience or equivalent in a technical information security role.
• 5+ years of direct experience or equivalent expertise leading information security teams.

• Demonstrated ability Managing an enterprise-wide information security program for a government or health related organization.
• Demonstrated ability developing enterprise-wide IT policies, standards, and procedures for a government organization to follow.
• Direct experience with IT risk management practices.
• Possess the ability to communicate in both oral and written forms, demonstrating an ability to communicate effectively with all levels of staff as well as key stakeholders.
• Demonstrated ability to apply comprehensive knowledge across key tasks and high impact assignments.
• Demonstrated ability to meet goals spanning multiple divisions with shifting timelines, staffing, and dependencies.
• Familiarity with the following technologies: Active Directory, Windows, ServiceNow, Network Monitoring Systems (Solarwinds), Cisco Prime, LAN/WAN control protocols.
• ITILv4 Foundation certification. 
• CISSP Certification.

 

EDUCATION AND EXPERIENCE

• Bachelor’s degree or equivalent experience in computer science, information technology, or a related field. 
• Minimum 10-15 years of related experience.
• Experience supporting federal stakeholders from an enterprise level.
• Experience as a remote worker demonstrating time management and self-discipline.

 

PHYSICAL REQUIREMENTS

The physical demands described below are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.  While performing the duties of this job, the employee is regularly required to do the following: 

 

• As a remote position, personnel are expected to maintain their home workspace in a safe manner, free from safety hazards.
• Personnel are expected to ensure the protection of proprietary company and customer information accessible from their home office consistent with the company’s expectations of information security.
• Communicate verbally and respond to verbal communications in person, over the phone or by video chat.
• Communicate clearly and succinctly in writing, primarily utilizing a keyboard. 
• Sitting for long periods.
• Viewing computer screens for long periods of time. 

• Travel is not required.

 

About Empower AI

All hiring and promotion decisions at Empower AI are based on merit to bring the best talent available to contribute to our firm’s overall success. It is the policy of Empower AI not to discriminate against any applicant for employment, or employee because of age, color, sex, disability, national origin, race, religion, or veteran status. Empower AI is a VEVRAA Federal Contractor.