Job Information
General Dynamics Information Technology Security Compliance Manager in Falls Church, Virginia
Req ID: RQ176979
Type of Requisition: Regular
Clearance Level Must Be Able to Obtain: None
Public Trust/Other Required: NACI (T1)
Job Family: Cyber Security
Skills:
Compliance Requirements,Information Security,Security Policies
Experience:
5 + years of related experience
Job Description:
We are GDIT. We support and secure some of the most complex government, defense, and intelligence projects across the country. At GDIT, cyber security is not just a singular part of our mission—it connects every one of us because it’s embedded into every aspect of what we do.
GDIT is your place. You make it your own by bringing your ideas and unique perspective to our culture. By owning your opportunity at GDIT, you are helping us ensure today is safe and tomorrow is smarter. As a Security Compliance Manager , you will lead our security team in solving challenging problems for our client, the Division of Federal Systems (DFS) for the Office of Child Support Services (OCSS) under Health and Human Services (HHS) Administration for Children & Families (ACF).
Our team provides program support to DFS OCSS to manage and monitor the development, implementation, operation, maintenance, technical support, and enhancement of the division’s systems and services. Federal Parent Locator Service (FPLS) information is, by statute, made available to child support agencies and a limited number of federal and state agencies. These secure systems and services help child support agencies, employers, insurers, and financial institutions exchange information about child support cases; locate parents; establish paternity, custody and visitation; collect support; and identify fraud.
Currently, this role is hybrid. When on-site traveling is required, the work location for this position is the Department of Health and Human Services Mary Switzer Building near Federal Center Southwest in Washington, D.C.
This role’s core responsibilities consist of the following but not limited to:
People Management:
Lead and develop a high-performing security team of 3-4 FTEs to ensure compliance with security standards, while maintaining strong, proactive relationships with customers to meet their unique needs effectively
Serve as the primary point of contact for all client interactions, emphasizing strategic oversight and exemplary service to align with both organizational goals and customer expectations
Lead team meetings and represent security in Governance, Technical Operations, Change Advisory Board, and Technical Review Boards
Federal Systems, Security & Compliance Governance:
Develop and enforce security policies and procedures in compliance with Federal mandates, OMB, NIST standards, HHS/ACF & FPLS security requirements, and customer guidance regarding zero trust, supply chain, risk management, vulnerability management, etc.
Industry Knowledge: Stay abreast of emerging trends, technologies, and regulatory changes in the federal security compliance landscape and provide recommendations for adapting policies and procedures accordingly
Security Authorization:
Security Control Monitoring: Continuously monitor the implementation of security controls by collaborating with stakeholders, conducting regular internal assessments/audits, and recommend corrective actions as needed.
Provide guidance to the design and development teams on security issues and assist as needed in the development of security documentation (specifically, System Security Plan (SSP)) for Security Authorization
Assist the FPLS ISSO, FPLS ITSSO and Technical Manager to ensure that FPLS upholds all security requirements to maintain the ACF Authority to Operate
Risk Management:
Provide oversight to ensure comprehensive risk assessments and vulnerability scanning is performed of system portfolio to identify potential vulnerabilities and weaknesses in the organization's security posture
Participate in routine and on-demand system and application vulnerability scanning, document findings and recommendations, and present analysis of results to stakeholders
Document and track internal POAMs for DFS systems and applications
Incident Response & Reporting:
Maintain Incident Response (IR) Plan
Proactively monitor the security mailbox for incidents reported involving federal data.
Develop comprehensive reports detailing the nature and impact of each data incident and ensure timely notification to senior management and relevant government officials
Monitor and track data incidents through remediation and closure
Collaborate with internal teams and external stakeholders to effectively manage and resolve data incidents, ensuring adherence to established protocols and regulatory requirements
Utilize root cause analyses to enhance incident response procedures, mitigate risks, and improve overall data security posture and to minimize the risk of recurring incidents
Maintain accurate and comprehensive records of all data incidents, including incident details, response actions, and outcomes
Ensure proper documentation of incident resolution, lessons learned, and recommended preventive measures
Audits & Compliance:
Plan and execute regular audits to assess compliance with federal security standards and regulatory requirements
Support the Security Team in responding to external audits conducted by the HHS Inspector General (IG), Internal Revenue Service (IRS) and other Federal agencies as required
Support systems security evaluations, audits, and reviews.
Prioritize and coordinate the resolution of audit findings.
Contingency Planning/Disaster Recovery:
Maintain and update IT contingency plans and disaster recovery procedures.
Support DR exercises (tabletop, functional, etc.)
Security Site Assessments:
Lead security site assessments conducted on data-matching partner sites and FPLS contractor sites. This includes planning, reviewing relevant documents, writing comprehensive reports, and reviewing/responding to Plans of Action and Milestones (POAMs)
Questionnaire Review: Review questionnaires submitted by our matching partners to assess their adherence to security controls and requirements.
Conduct kickoff meetings and virtual audits to validate the implementation of appropriate security measures
Security Awareness Training :
Manage security trainings to educate staff on federal security requirements and best practices, ensuring that all training meets the compliance standards set by ACF, HHS, and the IRS
Assist in the development and delivery of Security Awareness Training as required
Stakeholder Communication:
Communicate effectively with various stakeholders, including senior management, IT teams, legal teams, and external auditors, to convey compliance issues, risks, and remediation plans.
Support the client in communicating and publishing security alerts, advisories, and bulletins as necessary
Documentation: Maintain accurate and up-to-date documentation of compliance activities, audit findings, and remediation efforts.
Technology:
- Proficiency or familiarity with project management tools, particularly Jira, is preferred. The ability to effectively utilize Jira for task tracking, issue management, and collaboration is highly desirable.
WHAT YOU’LL NEED TO SUCCEED:
Bachelor's degree in Computer Science, Information Systems, or in a related field
Minimum of 5 years of experience working as a Federal Security Compliance Analyst with at least 5 years leadership experience in managing teams
2 years security compliance experience NIST, FedRAMP, FISMA, OMB, ZTA, Supply Chain knowledge
PREFERRED QUALIFICATIONS:
- Relevant security certifications (e.g., CISSP, CISM, CISA) are highly desirable
GDIT IS YOUR PLACE:
401K with company match
Comprehensive health and wellness packages
Internal mobility team dedicated to helping you own your career
Professional growth opportunities including paid education and certifications
Cutting-edge technology you can learn from
Rest and recharge with paid vacation and holidays
The likely salary range for this position is $140,250 - $189,750. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.
Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match.To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available.We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.
We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 30,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 30 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology.
We connect people with the most impactful client missions, creating an unparalleled work experience that allows them to see their impact every day. We create opportunities for our people to lead and learn simultaneously. From securing our nation’s most sensitive systems, to enabling digital transformation and cloud adoption, our people are the ones who make change real.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.