Open to U.S. citizens or nationals (residents of American Samoa and Swains
Island). Subject to background check. Full information
Supervisory status: Supervisory
Job title: FedRAMP Program Lead: Vulnerability Management & Continuous Monitoring GS14
Official title in USAJOBS: 2210 IT Specialist (INFOSEC)
Number of vacancies: 1
Location: Anywhere in the U.S. (remote)
Salary range: GS-14 ($116,393 to $183,500)
Your salary, including base and locality, will be determined upon selection,
dependent on your actual duty location. Please note the maximum salary available
for the GS pay system is $183,500. For specific details on locality pay, please
visit OPM’s Salaries & Wages page
or for a salary calculator
OPM’s 2023 General Schedule (GS) Salary Calculator. You can find more
information in our
compensation and benefits section.
Occasional travel may be required up to 10%-20% per year.
This is a permanent position.
Learn more about the benefits of working at
The American people deserve to trust that their government is effectively securing their online interactions. Those agencies, in turn, trust FedRAMP to provide fair, accurate and unbiased assessments of cloud service offerings. FedRAMP is a government-wide program that promotes the adoption of secure cloud services across the federal government by providing a standardized approach to security and risk assessment and maintaining a centralized repository of security packages that agencies can request and reuse.
The FedRAMP Program Lead will unite vision and execution to lead an interdisciplinary team in delivering the IT/Cybersecurity vulnerability and continuous monitoring actions leveraging current industry and government cybersecurity laws and policies.
1. Own the product vision and lead end-to-end product/program development and management
Establish, operate, and maintain a FedRAMP Vulnerability Management program strategy and roadmap, including objectives, goals, and metrics, in support of federal cybersecurity and FedRAMP program policy.
Develop a communications strategy and training that includes internal/external government and commercial stakeholders supporting Vulnerability Management program goals and expectations.
Identify, proactively monitor and address program risks associated with cybersecurity and vulnerability management.
Work with the team to set and meet quality standards for vulnerability management deliverables.
Make program evidence-based program decisions through use of user research, analytics, and other tools.
Ensure FedRAMP Vulnerability Management program complies with federal regulations such as Authority to Operate, the Paperwork Reduction Act, and Section 508.
2. Work with agency partners to enable cybersecurity risk management
Work with partners and stakeholders to establish in-house Vulnerability Management program ownership and participation as part of the FedRAMP Continuous Monitoring Program.
Collaborate with partners to navigate complex bureaucratic relationships to bring stakeholders together around a common program vision and strategy to support the identification and remediation of suspected and reported vulnerabilities and other cybersecurity issues.
Work with partners to establish relationships with their security, operations, and IT teams that will help sustain the product in the long term.
3. Build institutional expertise around product/program management
Keep abreast of program management best practices and share with the TTS organization.
Stay on top of new technologies and how it can be used to help solve government problems.
Contribute to FedRAMP’s culture of transparency by publishing accounts of successes and challenges.
Continually seek out new tools that could improve the way we work.
Pay attention to well-supported open source product offerings that can be reused in a government context to solve common problems.
Provide as much detail as possible on your resume so that we can evaluate your
previous experience. Follow our
guidance on creating a federal style resume.
Failure to provide required information may result in disqualification.
For each job on your resume, provide:
- The exact dates you held each job (from month/year to month/year or “present”)
- Number of hours per week you worked (if part time)
SPECIALIZED EXPERIENCE REQUIREMENTS:
To qualify, you must have one (1) year of specialized experience at the next
lower GS-grade (or equivalent). Specialized experience is defined as follows:
- Experience implementing and evaluating cybersecurity and compliance standards, such as International Standards Organization (ISO), Health Insurance Portability and Accountability Act (HIPAA), Security Operations Center (SOC), Payment Card Industry (PCI), National Institute of Standards and Technology (NIST), or FedRAMP.
- Implementation of new tools, techniques or methodologies to support the reporting and mitigation of of security vulnerabilities
- Leading the planning, management, oversight and/or direction of a highly complex digital program, product or business
- Experience building and managing collaborative relationships with a complex set of stakeholders to achieve program goals.
How to Apply
Get notified when this position is
open for applications.