Cybersecurity Project Manager

Aretum is a mission-driven organization committed to delivering innovative, technology-enabled solutions to our customers across defense, civilian, and homeland security sectors. Our teams work at the intersection of strategy, technology, and transformation, helping agencies solve their most critical challenges. We believe in investing in our people and creating a culture where collaboration, inclusion, and professional growth are at the forefront.

Join us to be part of meaningful work that drives national impact and grow your career alongside exceptional peers.

Job Summary

Due to the nature of our work as a federal consulting organization, employees may be expected to handle Controlled Unclassified Information (CUI) and must adhere to applicable safeguarding and compliance requirements. Additionally, all team members may be called upon to support proposal efforts as needed. This could include resume formatting, providing skills alignment summaries, participating in meetings, or contributing to solutioning activities based on subject matter expertise or functional experience.

Responsibilities

·       As the Cybersecurity Team Lead, support federal civilian clients in complying with Federal cybersecurity standards, policy, and regulations.

·       Serve as a skilled technical security advisor and security officer to business owners and stakeholders. Responsible for providing leadership, direction, and hands-on management for delivery of mission enabling cybersecurity

·       Lead and manage multiple Cyber related programs and oversee team of ISSOs and accessors.

·       Independently perform all aspects of the security controls assessment in alignment with NIST 800-53 Revision 5, from kickoff to submission of all assessment deliverables including the security assessment plan, security assessment report, and out-brief slides.

·       Ensure comprehensive understanding and application of ATO documentation requirements, including Business Impact Analysis, Contingency Plan, and FIPS 199, in all assessment activities.

·       Coordinate all aspects of testing with relevant stakeholders and team lead.

·       Develop a security assessment plan with input from stakeholders.

·       Develop and tailor evidence request lists.

• Conduct and lead assessment interviews and tests and manage evidence.

• Coordinate with team lead and client management to develop and maintain a project plan.

• Ensure all required deliverables are completed according to schedule and at a high quality with the understanding that deliverables will undergo independent review by client.

• Provide insightful recommendations to client to improve security posture.

• Support organizational capability and practice development by providing subject matter expertise on cybersecurity related threats, hazards, and risks.

• Develop documentation as the primary author on RMF A&A documents including but not limited to the System Security Plan, Privacy Threshold Analysis, Privacy Impact Assessment, Contingency Plan, Configuration Management Plan, and Incident Response Plan.

• Implement quality assurance procedures to ensure high level of quality in all deliverables submitted by the team.

• Provide tactical and strategic guidance to improve organizational security program.

• Provide security design and impact analysis for enterprise operations and solutions.

• Provide assistance in various assessment activities including A&A security control assessments.

• Coordinate and communicate with system stakeholders as required to complete all aspects of the A&A process.

• Understand and articulate security architecture of systems and how it integrates with the enterprise security stack.

• Provide security design and security impact analysis on agency systems.

• Perform both technical and documentation continuous monitoring tasks.

• Keep abreast of changing audit guidelines, Federal guidance, and regulations.

• Lead and advise on POA&M remediation and control finding closures using evidential matter or other required closure evidence.

• Support security controls assessment activities.

• Perform all required tasks in a timely and proficient manner while exercising sound time and task management.

• Work effectively with other team members to complete required tasks.

• Implement effective project management of all team initiatives.

• Manage and coordinate with other team members to effectively execute tasks to ensure high quality deliverables and timely delivery.

• Develop and maintain project plans.

• Develop status reports and provide briefings to both client and corporate management.

Requirements

Bachelor’s degree in information systems, Computer Science, or related field required.
• Security Certification: CISSP, CISM, CAP or equivalent certification highly preferred.
• Clearance: Must have Public Trust.
• 3+ years of technical experience in cybersecurity with three years in leadership for a Federal government agency
• 5+ years of experience with Federal Assessment & Authorization (A&A).
• 5+ years of experience with maintaining IT security policies, processes, and guidance.
• Experience with Federal Risk and Authorization Management Program (FedRAMP).
• Proficient understanding of the NIST Risk Management Framework (RMF) process, with specific expertise in NIST 800-53 Revision 5 security control set, including technical, administrative, and physical controls.
• Experience with developing and managing continuous monitoring and plans of action and milestones (POA&M).
• Strong communication (verbal and written) skills and experience.
• Strong attention to detail.
• Ability to effectively articulate and advise security requirements to various audiences including management, business stakeholders, and technical staff.
• Demonstrated ability to address and incorporate requirements from Emergency Directives and other evolving security mandates into the security posture and assessment processes.
• Minimum of (4) years leading assessments and serving as the primary assessor on general support systems.
• Experience performing assessments using Cyber Security Assessment and Management (CSAM).
• Able to appropriately articulate security concepts and requirements to different audiences.

Preferred Qualifications

·       CISSP, CISM, CAP or equivalent certification highly preferred

Work Environment & Physical Requirements

• This is a remote/work-from-home position. The employee is expected to maintain a professional and distraction-free home office environment with reliable internet access and the ability to participate in video and audio calls during standard working hours. Standard office equipment such as a computer, phone, and webcam will be used regularly. 

• The physical demands described here are representative of those that must be met to successfully perform the essential functions of this job: 
• Prolonged periods of sitting and working on a computer.
• Frequent use of hands and fingers to operate computer and telephone equipment.
• Must be able to lift up to 15 pounds occasionally (e.g., moving equipment).
• Ability to participate in virtual meetings and communicate clearly via video/audio platforms. 

Travel Requirement

This is a remote position; however, occasional travel may be required based on project needs, client meetings, team collaboration events, or training sessions. Travel is expected to be less than 10% and will be communicated in advance whenever possible. 

EEO & Pay Transparency Statement

Aretum is committed to fostering a workplace rooted in excellence, integrity, and equal opportunity for all. We adhere to merit-based hiring practices, ensuring that all employment decisions are made based on qualifications, skills, and ability to perform the job, without preference or consideration of factors unrelated to job performance.

As an Equal Opportunity Employer, Aretum complies with all applicable federal, state, and local employment laws.

We are proud to support our nation’s veterans and military families, providing career opportunities that honor their service and experience.

If you require a reasonable accommodation during the hiring process due to a disability, please contact our Talent Acquisition team for assistance.

In compliance with Executive Order 13665, Aretum will not discharge or otherwise discriminate against employees or applicants for inquiring about, discussing, or disclosing their own pay or that of another employee or applicant.

U.S. Work Authorization

Applicants must be U.S. citizens and currently authorized to work in the United States on a full-time basis. This position supports a federal government contract and therefore requires an active Public Trustclearance or the ability to obtain one. 

Benefits

·       Health Care Plan (Medical, Dental & Vision)

·       Retirement Plan (401k, IRA)

·       Life Insurance (Basic, Voluntary & AD&D)

·       Paid Time Off (Vacation, Sick & Public Holidays)

·       Family Leave (Maternity, Paternity)

·       Short Term & Long-Term Disability

·       Training & Development