Privacy and Security Program Lead with Security Clearance

---

Job description

Job Summary: The Privacy and Security Program Lead (PSPL) is responsible for spearheading initiatives to enhance and maintain the security and privacy of IT infrastructures. The PSPL will involve assisting the Government in designing and implementing security solutions that integrate the cloud IT infrastructure with the IT infrastructure, ensuring a seamless and secure environment. The PSPL will establish and manage security operations to comply with the Government's security assessment and authorization (A&A) criteria, maintaining the authorized security posture baseline. Additionally, The PSPL will ensure the integration and implementation of privacy regulatory rules as specified by HIPAA, the CARES Act, the 21st Century Cures Act, 42 CFR Part 2, and the Privacy Act. The PSPL leadership will be crucial in navigating the complex landscape of privacy and security regulations, safeguarding sensitive information, and ensuring compliance with all relevant standards. The PSPL will be responsible for reporting progress to the Program/Project Manager, and the customer, as well as inspire team members to see the big picture and push toward shared goals. Job Duties and Responsibilities: In support of the Indian Health Service (IHS), Privacy and Security Program Lead (PSPL) will be responsible for successful execution of the following tasks on the contract: The position is contingent upon contract award Design and implement the integration of Application Services with IHS Identity and Access Management (IAM) services, ensuring secure access to digital resources. Collaborate with Health IT Modernization team(s) to establish user identity and role-based access privileges, documenting standard operating procedures (SOPs) and approaches within the environment Administrator's Guide. Establish security controls that complement FedRAMP-authorized cloud computing services, following guidelines from the Indian Health Manual and RMF. Develop and deliver a comprehensive network environment System Security Plan (SSP) that includes specified security controls and methods for ensuring their effective employment and operation. Develop access control guidelines and SOPs for provisioning user access within environments and application services, incorporating these guidelines into the Environment Administrative Guide and SOP. Conduct technical analysis necessary for developing a Privacy Impact Assessment (PIA) to support obtaining Authority to Operate (ATO). Provide ongoing security engineering support for the program, including anticipating and satisfying all program and application-level security compliance needs. Support the Annual Security Assessment activities conducted by the Division of Information Security, responding to all necessary technical and programmatic questions. Support Security Control Assessments (SCA) and assist in the Government security assessment and authorization (A&A) process to maintain a compliant security posture. Perform periodic reviews of environment performance and security audit logs, document findings, and ensure all necessary compliance controls are configured and operating within required performance thresholds. Assist in establishing appropriate metrics for measuring key program criteria. Lead teams in determining client requirements and translating requirements into operational plans. Identifies and assembles the appropriate blend of resources to meet project/program needs and requirements. Identifies and communicates risks and issues and recommends contingency measures. Provides project status updates at predetermined time intervals to all stakeholders. Communicates routinely to management, customers, project team members, and other stakeholders, actively soliciting and addressing customer and project team feedback. Coaches and counsel members of cross-functional teams to accomplish project/program goals, to meet established schedules, and resolve technical/ operational issues. Responsible for training, managing, and motivating the project team, as well as resolving team conflicts. Job Requirements (Education/Skills/Experience): Required Qualifications: Certifications in either Security+ or CISSP Active Public Trust Level-4 or higher, or ability to obtain one through background investigation Minimum of 6+ years of experience as a PSPL overseeing project of similar size and complexity. Demonstrated experience in risk mitigation and contingency planning. Extensive experience in directing and overseeing project teams and managing conflicts within a group. Ability to perform team assessments and evaluations and identify and solve project issues efficiently and effectively. Ability to design and maintain technical and project documentation. Excellent organizational, presentation, and customer service skills. Ability to travel up to 5-10% (if needed) Preferred Qualifications: Live within commutable distance from the customer HQ's location, which is in ABQ, NM or Rockville, MD (or ability to perform short notice travel if remote work is approved). Prior experience managing multiple remote teams. Proven experience with complex IT projects. Bachelor's degree (or equivalent experience) in addition to required experience Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change. Experience in managing delivery of customer-facing and internally facing products or services. Ability to build strong relationships and communicate effectively with internal and external stakeholders. Knowledge and experience with different project management frameworks, including waterfall and agile and hybrid. Ability to quickly learn, understand and apply new technologies. Strong interpersonal skills including mentoring, coaching, collaborating, and team building. Experience in mentoring more junior team members and sharing knowledge. Strong knowledge and understanding of business needs with the ability to establish/maintain high level of customer trust and confidence. Diné Development Corporation (DDC) is a Navajo Nation owned family of companies that delivers IT, professional, and environmental solutions to advance the missions of federal, state, and tribal government agencies. As thought leaders and innovators, our team of specialists build client-centric solutions that solve critical challenges faced by defense, civilian, and healthcare organizations. Employing a mission-focused approach, we deliver value that not only enhances current operations, but also drives future change. Closely aligned with this approach is our commitment to advancing the Navajo Nation and its People. Through economic development and community empowerment, we elevate the Navajo Nation to provide lasting impact and sustainable growth for future generations. DDC's ability to unite legacy-inspired technologies, industry best practices, and proven methodologies has contributed to our success for twenty years. This contractor and subcontractor shall abide by the requirements of 41 CFR 60-1.4(a), 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity, national origin, or for inquiring about, discussing, or disclosing information about compensation, or any other basis prohibited by law. We participate in E-Verify.

<!– job description page –>