Cybersecurity Program Manager – Controls Testing

The Cybersecurity Program Manager will oversee and coordinate the execution of a cybersecurity program focused on both controls testing and penetration testing for a government client. This role requires extensive experience in managing programs aligned with NIST 800-53, NIST 800-37, and FISMA requirements. The ideal candidate will bring 10+ years of experience in cybersecurity program management, with expertise in managing control assessments, penetration testing, and overall security evaluations. Strong leadership, communication, and organizational skills are essential, as well as a deep understanding of federal cybersecurity compliance.

• Lead and manage a cybersecurity program that encompasses controls testing and penetration testing to evaluate the client’s security posture comprehensively.
• Ensure compliance with NIST 800-53 v5, NIST 800-37, and FISMA requirements throughout the program lifecycle.
• Oversee the Risk Management Framework (RMF) process and Security Assessment and Authorization (SA&A), ensuring timely and accurate documentation.
• Supervise and support penetration testing activities, including scoping, execution, and reporting, to uncover vulnerabilities in applications, networks, and systems.
• Develop and maintain the program schedule, ensuring tasks are completed on time and deliverables meet quality standards.
• Act as the primary point of contact for the client, providing regular updates, addressing concerns, and managing expectations.
• Oversee the creation and delivery of key artifacts such as System Security Plans (SSPs), Security Assessment Reports (SARs), penetration testing reports, and Plan of Action and Milestones (POA&Ms).
• Provide strategic guidance on risk mitigation, remediation planning, and improving the client’s cybersecurity posture.
• Monitor program performance, track milestones, and deliver comprehensive progress reports to stakeholders.
• Stay current on regulatory changes, cybersecurity standards, and emerging threats to ensure the program remains effective and up to date.

Required Experience and Skills:

• MUST BE A U.S. CITIZEN
• 10+ years of experience in program or project management within the cybersecurity field, particularly in federal government environments.
• Proven ability to manage both controls testing and penetration testing programs, ensuring alignment with NIST and federal requirements.
• Extensive knowledge of NIST 800-53 v5, NIST 800-37, and FISMA requirements.
• Demonstrated experience in managing the Risk Management Framework (RMF) process and Security Assessment and Authorization (SA&A) lifecycle.
• Strong understanding of penetration testing methodologies and tools, including PTES, NIST 800-115, and automated/manual testing techniques.
• Ability to manage large-scale cybersecurity programs, including resource allocation, risk management, and stakeholder engagement.
• Exceptional organizational and leadership skills with the ability to manage multiple priorities and meet tight deadlines.
• Strong verbal and written communication skills, including experience briefing senior executives and government stakeholders.
• Bachelor’s degree in Cybersecurity, Information Technology, Business Administration, or a related field.

Preferred Qualifications:

• Certifications such as PMP, CISSP, CISM, OSCP, or CEH.
• Experience managing cybersecurity programs for federal clients, particularly within defense, financial, or regulatory environments.
• Familiarity with privacy regulations and their integration with security controls and penetration testing programs.