Clearance:- Must be eligible for a Public Trust clearance. An active Treasury Minimum Background Investigation (MBI) is required or must be obtainable. Active MBI is strongly preferred.
Position Overview:APTNEXUS is seeking a Senior IT Project Manager - Cybersecurity Compliance to support our contract with the U.S. Department of the Treasury. In this critical role, you will serve as the primary project manager responsible for directing and coordinating all aspects of cybersecurity compliance activities for the Treasury customer. You will lead a highly skilled team of cybersecurity professionals responsible for ensuring the customer's information systems maintain compliance with federal mandates, including FISMA, NIST Risk Management Framework (RMF), and Treasury-specific cybersecurity policies. The ideal candidate brings deep expertise in cybersecurity governance, risk, and compliance (GRC) within a federal environment and possesses both the PMP and CISSP certifications. Your job responsibilities will include:
- Direct and manage all cybersecurity compliance deliverables and milestones in accordance with the Treasury Cybersecurity Compliance Contract, ensuring adherence to scope, schedule, and budget.
- Serve as the primary point of contact (POC) for the Contracting Officer's Representative (COR) and Treasury customer leadership on all project management and cybersecurity compliance matters.
- Lead the execution of the NIST Risk Management Framework (RMF) across Treasury information systems, including categorization, security control selection, implementation, assessment, authorization, and continuous monitoring.
- Oversee the preparation, review, and submission of Assessment and Authorization (A&A) packages, System Security Plans (SSPs), Security Assessment Reports (SARs), and Plans of Actions and Milestones (POA&Ms).
- Manage FISMA annual reporting requirements, including coordination of performance metrics, system inventory updates, and compilation of the annual FISMA report to Treasury.
- Direct cybersecurity compliance activities related to OMB Circular A-123 internal controls assessments and coordinate with internal and external auditors during IT General Controls (ITGC) audit engagements.
- Establish and maintain program management infrastructure including project plans, resource allocation, integrated master schedules (IMS), risk registers, and status reports.
- Provide oversight and coordination of Continuous Monitoring activities, including vulnerability scanning, configuration management, and security control testing.
- Lead transition-in and transition-out phases throughout the contract lifecycle, ensuring continuity of cybersecurity operations and seamless handoffs.
- Identify, assess, and communicate program risks and issues to stakeholders; develop and implement mitigation strategies to protect contract performance.
- Exercise broadly delegated authority for planning, directing, coordinating, and executing multiple contract requirements and expectations including management of both APTNEXUS staff and subcontractors.
- Deliver high-quality, on-time contractual deliverables including status reports, briefings, and technical documentation for executive and senior government leadership.
- Provide thought leadership on cybersecurity compliance best practices, federal regulatory changes, and emerging risk areas affecting the customer's cybersecurity posture.
- Facilitate regular program reviews, stakeholder meetings, and executive briefings, communicating complex cybersecurity topics clearly to both technical and non-technical audiences.
Education:- Bachelor's degree in Computer Science, Information Technology, Business, or Management from an accredited institution with 10 or more years of progressively responsible experience in IT project management.
Minimum Qualifications:- Active PMI Project Management Professional (PMP) certification - REQUIRED.
- Active ISC2 Certified Information Systems Security Professional (CISSP) certification - REQUIRED.
- Minimum of 10 years of IT Project Management experience, with at least 5 years managing cybersecurity compliance programs in a federal government environment.
- Demonstrated experience managing FISMA compliance programs, including A&A activities, SSP development, SAR preparation, and POA&M tracking for federal information systems.
- In-depth working knowledge of NIST Special Publications, including SP 800-37 (RMF), SP 800-53 (Security and Privacy Controls), SP 800-137 (Continuous Monitoring), and related FIPS publications.
- Experience managing cybersecurity compliance contracts for U.S. Department of the Treasury or equivalent federal agencies is strongly preferred.
- Experience overseeing IT General Controls (ITGC) assessments in support of Financial Statement Audits and A-123 compliance reviews.
- Proven ability to manage Time & Materials (T&M) and Firm-Fixed-Price (FFP) contracts, including financial management, staffing, and performance reporting.
- Awareness of Federal Acquisition Regulation (FAR), Treasury Acquisition Regulation (TAR), and federal contracting compliance requirements.
- Familiarity with Treasury Directives and Publications along with Treasury Security policies governing cybersecurity across Treasury bureaus.
- Experience with GRC tools and platforms (e.g., Archer, CSAM, XACTA, ServiceNow GRC) for managing system authorization packages and continuous monitoring workflows.
- Strong analytical and problem-solving skills with the ability to manage multiple competing priorities, complex issues, and high-priority deadlines.
- Demonstrated ability to effectively communicate with senior and executive-level government officials, both verbally and in writing.
- Proficiency in preparing professionally formatted deliverables using Microsoft Office Suite (Word, Excel, PowerPoint, Visio).
- Willingness to work onsite at the customer's facility in Washington, DC as required per contract.
Preferred Qualifications:- Experience managing cybersecurity programs at U.S. Department of the Treasury bureaus (e.g., IRS, OCC, FinCEN, BFS).
- Knowledge of industrial control systems (ICS) / operational technology (OT) cybersecurity standards (e.g., NIST SP 800-82) relevant to Treasury bureau operations.
- Familiarity with FedRAMP authorization processes for cloud-hosted systems.
