Job Description :
We are GDIT. We support and secure some of the most complex government, defense, and intelligence projects across the country. At GDIT, cyber security is not just a singular part of our mission—it connects every one of us because it’s embedded into every aspect of what we do.
GDIT is your place. You make it your own by bringing your ideas and unique perspective to our culture. By owning your opportunity at GDIT, you are helping us ensure today is safe and tomorrow is smarter. As a Security Compliance Manager , you will lead our security team in solving challenging problems for our client, the Division of Federal Systems (DFS) for the Office of Child Support Services (OCSS) under Health and Human Services (HHS) Administration for Children & Families (ACF).
Our team provides program support to DFS OCSS to manage and monitor the development, implementation, operation, maintenance, technical support, and enhancement of the division’s systems and services. Federal Parent Locator Service (FPLS) information is, by statute, made available to child support agencies and a limited number of federal and state agencies. These secure systems and services help child support agencies, employers, insurers, and financial institutions exchange information about child support cases; locate parents; establish paternity, custody and visitation; collect support; and identify fraud.
Currently, this role is hybrid. When on-site traveling is required, the work location for this position is the Department of Health and Human Services Mary Switzer Building near Federal Center Southwest in Washington, D.C.
This role’s core responsibilities consist of the following but not limited to :
People Management :
- Lead and develop a high-performing security team of 3-4 FTEs to ensure compliance with security standards, while maintaining strong, proactive relationships with customers to meet their unique needs effectively
- Serve as the primary point of contact for all client interactions, emphasizing strategic oversight and exemplary service to align with both organizational goals and customer expectations
- Lead team meetings and represent security in Governance, Technical Operations, Change Advisory Board, and Technical Review Boards
Federal Systems, Security & Compliance Governance :
Develop and enforce security policies and procedures in compliance with Federal mandates, OMB, NIST standards, HHS / ACF & FPLS security requirements, and customer guidance regarding zero trust, supply chain, risk management, vulnerability management, etc.Industry Knowledge : Stay abreast of emerging trends, technologies, and regulatory changes in the federal security compliance landscape and provide recommendations for adapting policies and procedures accordinglySecurity Authorization :
Security Control Monitoring : Continuously monitor the implementation of security controls by collaborating with stakeholders, conducting regular internal assessments / audits, and recommend corrective actions as needed.Provide guidance to the design and development teams on security issues and assist as needed in the development of security documentation (specifically, System Security Plan (SSP)) for Security AuthorizationAssist the FPLS ISSO, FPLS ITSSO and Technical Manager to ensure that FPLS upholds all security requirements to maintain the ACF Authority to OperateRisk Management :
Provide oversight to ensure comprehensive risk assessments and vulnerability scanning is performed of system portfolio to identify potential vulnerabilities and weaknesses in the organization's security postureParticipate in routine and on-demand system and application vulnerability scanning, document findings and recommendations, and present analysis of results to stakeholdersDocument and track internal POAMs for DFS systems and applicationsIncident Response & Reporting :
Maintain Incident Response (IR) PlanDevelop comprehensive reports detailing the nature and impact of each data incident and ensure timely notification to senior management and relevant government officialsMonitor and track data incidents through remediation and closureCollaborate with internal teams and external stakeholders to effectively manage and resolve data incidents, ensuring adherence to established protocols and regulatory requirementsUtilize root cause analyses to enhance incident response procedures, mitigate risks, and improve overall data security posture and to minimize the risk of recurring incidentsMaintain accurate and comprehensive records of all data incidents, including incident details, response actions, and outcomesEnsure proper documentation of incident resolution, lessons learned, and recommended preventive measuresAudits & Compliance :
Plan and execute regular audits to assess compliance with federal security standards and regulatory requirementsSupport the Security Team in responding to external audits conducted by the HHS Inspector General (IG), Internal Revenue Service (IRS) and other Federal agencies as requiredSupport systems security evaluations, audits, and reviews.Prioritize and coordinate the resolution of audit findings.Contingency Planning / Disaster Recovery :
Maintain and update IT contingency plans and disaster recovery procedures.Support DR exercises (tabletop, functional, etc.)Security Site Assessments :
Lead security site assessments conducted on data-matching partner sites and FPLS contractor sites. This includes planning, reviewing relevant documents, writing comprehensive reports, and reviewing / responding to Plans of Action and Milestones (POAMs)Questionnaire Review : Review questionnaires submitted by our matching partners to assess their adherence to security controls and requirements.Conduct kickoff meetings and virtual audits to validate the implementation of appropriate security measuresSecurity Awareness Training :
Manage security trainings to educate staff on federal security requirements and best practices, ensuring that all training meets the compliance standards set by ACF, HHS, and the IRSAssist in the development and delivery of Security Awareness Training as requiredStakeholder Communication :
Communicate effectively with various stakeholders, including senior management, IT teams, legal teams, and external auditors, to convey compliance issues, risks, and remediation plans.Support the client in communicating and publishing security alerts, advisories, and bulletins as necessaryDocumentation : Maintain accurate and up-to-date documentation of compliance activities, audit findings, and remediation efforts.Technology :
Proficiency or familiarity with project management tools, particularly Jira, is preferred. The ability to effectively utilize Jira for task tracking, issue management, and collaboration is highly desirable.WHAT YOU’LL NEED TO SUCCEED :
Bachelor's degree in Computer Science, Information Systems, or in a related fieldMinimum of 5 years of experience working as a Federal Security Compliance Analyst with at least 5 years leadership experience in managing teams2 years security compliance experience NIST, FedRAMP, FISMA, OMB, ZTA, Supply Chain knowledgePREFERRED QUALIFICATIONS :
Relevant security certifications (e.g., CISSP, CISM, CISA) are highly desirableGDIT IS YOUR PLACE :
401K with company matchComprehensive health and wellness packagesInternal mobility team dedicated to helping you own your careerProfessional growth opportunities including paid education and certificationsCutting-edge technology you can learn fromRest and recharge with paid vacation and holidaysThe likely salary range for this position is $140,250 - $189,750. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.
Scheduled Weekly Hours :
Travel Required :
Less than 10%
T elecommuting Options :
Hybrid
Work Location :
USA DC Home Office (DCHOME)
