Security Compliance Manager

We are GDIT. We support and secure some of the most complex government, defense, and intelligence projects across the country. At GDIT, cyber security is not just a singular part of our mission—it connects every one of us because it’s embedded into every aspect of what we do.

GDIT is your place. You make it your own by bringing your ideas and unique perspective to our culture. By owning your opportunity at GDIT, you are helping us ensure today is safe and tomorrow is smarter. As a Security Compliance Manager, you will lead our security team in solving challenging problems for our client, the Division of Federal Systems (DFS) for the Office of Child Support Services (OCSS) under Health and Human Services (HHS) Administration for Children & Families (ACF).

Our team provides program support to DFS OCSS to manage and monitor the development, implementation, operation, maintenance, technical support, and enhancement of the division’s systems and services. Federal Parent Locator Service (FPLS) information is, by statute, made available to child support agencies and a limited number of federal and state agencies. These secure systems and services help child support agencies, employers, insurers, and financial institutions exchange information about child support cases; locate parents; establish paternity, custody and visitation; collect support; and identify fraud.

Currently, this role is hybrid. When on-site traveling is required, the work location for this position is the Department of Health and Human Services Mary Switzer Building near Federal Center Southwest in Washington, D.C.

This role’s core responsibilities consist of the following but not limited to:

People Management:

• Lead and develop a high-performing security team of 3-4 FTEs to ensure compliance with security standards, while maintaining strong, proactive relationships with customers to meet their unique needs effectively.
• Serve as the primary point of contact for all client interactions, emphasizing strategic oversight and exemplary service to align with both organizational goals and customer expectations.
• Lead team meetings and represent security in Governance, Technical Operations, Change Advisory Board, and Technical Review Boards.

Federal Systems, Security & Compliance Governance:

• Develop and enforce security policies and procedures in compliance with Federal mandates, OMB, NIST standards, HHS / ACF & FPLS security requirements, and customer guidance regarding zero trust, supply chain, risk management, vulnerability management, etc.
• Stay abreast of emerging trends, technologies, and regulatory changes in the federal security compliance landscape and provide recommendations for adapting policies and procedures accordingly.

Security Authorization:

• Continuously monitor the implementation of security controls by collaborating with stakeholders, conducting regular internal assessments/audits, and recommend corrective actions as needed.
• Provide guidance to the design and development teams on security issues and assist as needed in the development of security documentation (specifically, System Security Plan (SSP)) for Security Authorization.
• Assist the FPLS ISSO, FPLS ITSSO, and Technical Manager to ensure that FPLS upholds all security requirements to maintain the ACF Authority to Operate.
• Provide oversight to ensure comprehensive risk assessments and vulnerability scanning is performed of the system portfolio to identify potential vulnerabilities and weaknesses in the organization's security posture.
• Participate in routine and on-demand system and application vulnerability scanning, document findings and recommendations, and present analysis of results to stakeholders.
• Document and track internal POAMs for DFS systems and applications.
• Maintain Incident Response (IR) Plan.
• Develop comprehensive reports detailing the nature and impact of each data incident and ensure timely notification to senior management and relevant government officials.
• Monitor and track data incidents through remediation and closure.
• Collaborate with internal teams and external stakeholders to effectively manage and resolve data incidents, ensuring adherence to established protocols and regulatory requirements.
• Utilize root cause analyses to enhance incident response procedures, mitigate risks, and improve overall data security posture and to minimize the risk of recurring incidents.
• Maintain accurate and comprehensive records of all data incidents, including incident details, response actions, and outcomes.
• Ensure proper documentation of incident resolution, lessons learned, and recommended preventive measures.

Audits & Compliance:

• Plan and execute regular audits to assess compliance with federal security standards and regulatory requirements.
• Support the Security Team in responding to external audits conducted by the HHS Inspector General (IG), Internal Revenue Service (IRS), and other Federal agencies as required.
• Support systems security evaluations, audits, and reviews.
• Prioritize and coordinate the resolution of audit findings.
• Maintain and update IT contingency plans and disaster recovery procedures.

Security Site Assessments:

• Lead security site assessments conducted on data-matching partner sites and FPLS contractor sites. This includes planning, reviewing relevant documents, writing comprehensive reports, and reviewing/responding to Plans of Action and Milestones (POAMs).
• Review questionnaires submitted by our matching partners to assess their adherence to security controls and requirements.
• Conduct kickoff meetings and virtual audits to validate the implementation of appropriate security measures.

Security Awareness Training:

• Manage security trainings to educate staff on federal security requirements and best practices, ensuring that all training meets the compliance standards set by ACF, HHS, and the IRS.
• Assist in the development and delivery of Security Awareness Training as required.

Stakeholder Communication:

• Communicate effectively with various stakeholders, including senior management, IT teams, legal teams, and external auditors, to convey compliance issues, risks, and remediation plans.
• Support the client in communicating and publishing security alerts, advisories, and bulletins as necessary.
• Maintain accurate and up-to-date documentation of compliance activities, audit findings, and remediation efforts.
• Proficiency or familiarity with project management tools, particularly Jira, is preferred. The ability to effectively utilize Jira for task tracking, issue management, and collaboration is highly desirable.

WHAT YOU’LL NEED TO SUCCEED:

• Bachelor's degree in Computer Science, Information Systems, or in a related field.
• Minimum of 5 years of experience working as a Federal Security Compliance Analyst with at least 5 years leadership experience in managing teams.
• 2 years security compliance experience NIST, FedRAMP, FISMA, OMB, ZTA, Supply Chain knowledge.

PREFERRED QUALIFICATIONS:

• Relevant security certifications (e.g., CISSP, CISM, CISA) are highly desirable.

GDIT IS YOUR PLACE:

• 401K with company match.
• Comprehensive health and wellness packages.
• Internal mobility team dedicated to helping you own your career.
• Professional growth opportunities including paid education and certifications.
• Cutting-edge technology you can learn from.
• Rest and recharge with paid vacation and holidays.

The likely salary range for this position is $140,250 - $189,750. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.

Scheduled Weekly Hours:

Travel Required:

Less than 10%

Telecommuting Options:

Hybrid

Work Location:

USA DC Home Office (DCHOME)