Information Security Project Manager

Location: Rockville, MD

Work Type: Hybrid Work (Minimum 2 days onsite - may extend based on client meetings, delivery needs, and proposal support)

Job Title: Information Security Project Manager

Clearance: Public Trust

Job Summary: LCG is seeking a Information Security Program Manager will have overall responsibility for contractor performance supporting the Client's cybersecurity and privacy program, with a particular emphasis on programmatic Quality Assurance (QA). This role supports maturing a risk-based cybersecurity and privacy program that meets federal and HHS mandates and is characterized by repeatable processes and high-quality customer service.

Key Responsibilities

Cybersecurity Program Leadership & Quality Assurance

• Own end-to-end delivery quality for SAMHSA's cybersecurity and privacy support program, ensuring outputs meet FISMA, NIST, and HHS policy expectations and are audit-ready.
• Establish and enforce program QA practices (peer reviews, checklists, acceptance criteria, schedule control) across security engineering, compliance, and reporting workstreams.
• Drive program maturation toward formal, repeatable processes and measurable outcomes aligned to a risk-based posture.

Governance, Risk Management, and Performance Management

• Lead program risk management: continuously identify, track, and mitigate risks/issues; maintain mitigation plans and validate closure evidence.
• Define and manage measurable, verifiable performance measures for cybersecurity initiatives and contract outcomes; report progress to leadership.
• Oversee governance workflows and ensure consistent execution of compliance, assessment, continuous monitoring, and reporting activities across all supported systems.

Strategic Planning Support to CIO/CISO/SAOP

• Support CIO/CISO/SAOP strategic planning by translating federal/HHS mandates into executable roadmaps (people/process/technology) and sequencing improvements.
• Lead continuous improvement: recommend security program enhancements (process optimization, governance improvements, automation opportunities) and drive implementation through task leads.

RMF, Compliance, and Authorization Oversight (Program-Level)

• Direct oversight of security assessment & authorization (SA&A) execution and lifecycle tracking to ensure consistency and readiness for internal/external review.
• Ensure program artifacts and tracking align with agency repository/GRC usage (e.g., RSA Archer or successor GRC) for inventory, POA&Ms, findings, and compliance metrics.
• Ensure program supports required deliverables such as Information Security Program Plan, RMF/CSF methodology, and other mandated plans with annual review/update cadence.

Continuous Monitoring, Vulnerability Management, and Reporting Governance

• Oversee operational cadence for continuous monitoring and enterprise security reporting-ensuring the team produces timely, accurate metrics and evidence packages.
• Govern the program's vulnerability management lifecycle: scanning coordination, results tracking in GRC, reporting, remediation coordination, and validation evidence expectations.
• Ensure reporting and dashboards support leadership decision-making and demonstrate cybersecurity efficacy (e.g., trends, gaps, control performance).

Audit, Data Call, and Evidence Readiness

• Own program readiness for internal/external audits and data calls (e.g., HHS, OIG, GAO): coordinate response development, evidence collection, quality control, and timely submission.
• Ensure evidence chains are complete, consistent, and traceable across artifacts, findings, corrective actions, and status reporting.

Security Awareness, Communications, and Stakeholder Engagement

• Structure communications that clearly articulate security requirements, timelines, and expectations; coordinate delivery-quality communications and stakeholder updates.
• Oversee intake and responsiveness for stakeholder inquiries to the security/privacy program mailbox, ensuring acknowledgement and appropriate routing.

Program Management Cadence, Deliverables, and Reporting

• Lead required governance cadence including kickoff planning and monthly status meetings, ensuring agendas, minutes, milestones, and actions are produced and tracked.
• Produce and quality-control the Monthly Status Report (MSR) with executive summary, risks/issues, R/Y/G project status, milestones, upcoming work, and staffing updates-delivered by the 5th of each month.
• Deliver the monthly Financial Dashboard (Planned/Actuals/Variance) to support CIO/COR oversight and budget execution.
• Manage annual planning deliverables and updates, including Plan of Performance cycles and mid-course corrections with COR/ACOR approval.

Team Leadership Across Technical & Compliance Workstreams

• Lead interdisciplinary teams (security engineering, compliance/RMF, privacy support, reporting/metrics) to ensure coordinated execution and clear handoffs between technical and governance functions.
• Ensure contractor personnel are aligned to task priorities, trained for tool/process execution, and able to operate in a high-compliance federal environment.

Requirements

Education: Bachelor's degree in Cybersecurity, Information Assurance, Information Systems, Computer Science, Computer Engineering, Information Technology, or a closely related field is preferred.

Certification: Required (one): CISSP or CAP or CISM and PMP.

Experience - Minimum Required:

• 5+ years leading IT/cybersecurity project or program management efforts, including scheduling, scope control, staffing coordination, and delivery governance in a multi-stakeholder environment.
• 7+ years hands-on experience supporting FISMA and NIST-based federal security programs, with demonstrated ability to translate statutory/policy requirements into repeatable processes, artifacts, and measurable outcomes.

Cybersecurity Governance & Compliance Program Experience

• Proven experience managing or overseeing governance, risk, and compliance (GRC) activities, including program controls tracking, evidence collection, and quality review of compliance artifacts in a federal environment.
• Experience overseeing/leading activities aligned to NIST Risk Management Framework (RMF) such as coordination of security authorization lifecycle activities, continuous monitoring governance, and program improvement initiatives.
• Experience supporting internal/external audits and data calls, ensuring documentation, evidence, and responses are accurate, consistent, and delivered on time.

Risk, Performance, and Executive Reporting

• Demonstrated experience running risk management for a security program: ability to identify, track, and mitigate risks/issues, maintain mitigation plans, and report status to leadership.
• Experience developing and managing measurable, verifiable performance measures for program execution and reporting progress toward objectives.
• Strong experience producing executive-facing reporting, including monthly status reporting and leadership dashboards that summarize risks, project health, milestones, upcoming work, and staffing updates.

Program Cadence & Deliverables Management

• Experience leading contract/program cadence requirements including kickoff planning, recurring stakeholder meetings, agenda/minutes/action tracking, and follow-up execution to ensure delivery commitments are met.
• Experience managing delivery of formal program documentation and plans (e.g., annual plans, management plans, program strategies), including iterative review cycles with government stakeholders (COR/ACOR approvals, revisions, and updates).

Security Operations Oversight (Managerial Governance vs. Hands-on Ops)

• Experience overseeing security operations support functions such as vulnerability/scanning programs, tool operations coordination, and remediation tracking-ensuring outputs and evidence are tracked through the agency's governance process and reporting mechanisms.

Tools / Working Environment

• Experience working in or coordinating with a GRC platform (e.g., RSA Archer or similar) to support governance workflows, inventories, metrics, and reporting.
• Strong proficiency with collaboration/reporting tooling (MS Office, SharePoint, dashboards) to support required monthly reporting format and cadence.

Compensation and Benefits

The projected compensation range for this position is $100,000 to $180,000 per year, benchmarked in the Washington, D.C. metropolitan area. Salary at LCG is determined by various factors, including but not limited to role, location, education/training, skills, certifications, and experience.

LCG offers a competitive and comprehensive benefits package including medical, dental, and vision insurance, life and disability insurance, retirement plan contributions, paid leave, federal holidays, professional development opportunities, and lifestyle benefits.

Devoted to Fair and Inclusive Practices

All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law.

If you are interested in applying for employment with LCG and need special assistance or an accommodation to apply for a posted position, contact Human Resources at hr@lcginc.com.

Securing Your Data

Beware of fraudulent job offers using LCG's name. LCG will never request payment-related details or advance payment during the application process. Legitimate communication will only come from lcginc.com or system@hirebridgemail.com email addresses.