OneMain Financial Jobs

Company Overview

Development InfoStructure LLC., (Devis) is a leading provider of innovative software development, management, and consulting services, specializing in cutting-edge technologies such as DevSecOps, AI, and Machine Learning. With over 30 years of experience, we have established ourselves as a trusted partner for government agencies, delivering tailored, mission-critical solutions that drive digital transformation and operational excellence. Our client-centric approach, coupled with our deep domain expertise and technical prowess, enables us to forge enduring relationships and consistently deliver high-impact, adaptive solutions that resonate with the unique needs of the public sector.

Job Overview

The Program Manager serves as the primary contractor-side lead for the NCATS CSS contract, responsible for contract administration, security compliance advisory, and Assessment and Authorization (A&A) coordination across all task areas. This is a senior individual contributor role with a scope that extends beyond traditional program management: the right candidate brings both the operational discipline to manage a federal task order and the technical depth to provide direct cybersecurity compliance and RMF support to the NCATS team. 

This role will be a full-time position with work performed primarily onsite at the National Institute of Health (NIH) located at 9800 Medical Center Drive, Building B, Rockville, MD 20850. Core hours will be Monday-Friday: 8:00 AM - 6:00 PM EST, and after-hours support for emergency incidents will be required as needed by the client.  Position is contingent upon award and client approval.

Primary Duties

Contract & Program Management

• Serve as the primary contractor point of contact for the FPM and COR; support overall administration of the CSS contract and all task areas under it.

• Develop and maintain program administration tools, including onboarding/offboarding tracking, staffing plans, org charts, and reporting dashboards with automated pipelines where applicable.

• Coordinate and communicate across all contractor staff and subcontractors; notify the CO and COR of any contract employee termination or resignation within five (5) business days.

• Provide periodic and ad-hoc reports related to contract execution, task status, and performance measures; support FPM quarterly briefings and data calls from NIH, HHS, and oversight bodies.

• Manage risk through a risk registry and risk management plan; track open action items and drive issue resolution with contractor staff and Federal task leads.

• Support the full task lifecycle, including requirements development, task initiation, execution oversight, and closeout in coordination with FTLs.

  Security Compliance & Program Support

• Support FISMA compliance across NCATS information systems by advising project teams on NIST SP 800-53 Rev 5 control implementation throughout the SDLC.

• Develop and maintain compliance documentation, including written technical guidance, control implementation review summaries, and data call responses for NIH ISRM, HHS, and OMB requirements.

• Maintain a centralized knowledge management repository covering SOPs, security artifacts, process documentation, and training materials for contract staff and NCATS stakeholders.

• Coordinate and deliver security training and awareness activities for NCATS staff, system owners, and project teams; develop written materials, job aids, and reference guides in support of training programs.

• Monitor evolving federal security policy (Zero Trust, OMB M-21-31, HHS ARS, NIH ISRM) and update internal guidance and training content accordingly.

• Support collaborative problem-solving between contractor staff and Government stakeholders; facilitate knowledge transfer to maintain continuity of service during transitions.

    Assessment & Authorization Support

• Guide system developers, engineers, and project stakeholders through NIST RMF phases (Prepare, Categorize, Select, Implement, Assess, Authorize, Monitor) for NCATS information systems.

• Develop, maintain, and refine core RMF artifacts in accordance with NIH templates and HHS ARS requirements:

• System Security Plan (SSP) and supporting artifacts

• Security Assessment Plan (SAP) and Security Assessment Report (SAR)

• Plan of Action and Milestones (POA&M)

• Continuous Monitoring Strategy

• Privacy Impact Assessment (PIA) support documents

• Produce and maintain FIPS-199 system categorization packages, control baseline tailoring documentation, and control mapping matrices (system functions to NIST 800-53 Rev 5 controls).

• Coordinate with system owners and the NCATS security team to prepare and submit ATO packages; support FedRAMP compliance where applicable.

• Provide privacy control implementation support, including data flow diagrams with integrated privacy requirements and data call responses for HHS/NIH privacy compliance.

• Integrate A&A advisory support into each SDLC phase; produce written recommendations and control implementation guidance per development iteration.

    Stakeholder Engagement & Deliverables

• Establish and maintain stakeholder engagement processes for contractor deliverables; manage routing and acceptance cycles with the NCATS Branch Chief, Federal leads, CO, and COR.

• Track Government review timelines; manage resubmission timelines and communicate status proactively to Federal leads.

• Develop and maintain SOPs supporting federally mandated cybersecurity and privacy policies; ensure SOPs remain current with applicable NIH and HHS policy changes.

• Respond to data calls and security inquiries from NCATS, NIH, HHS, and other oversight bodies in coordination with the Federal Program Manager.

  Required Qualifications

  Education and Experience

• Minimum ten (10) years of progressively responsible program or project management experience, including at least five (5) years leading federal IT or cybersecurity programs with multiple stakeholders and cross-functional delivery teams.

• Minimum five (5) years of hands-on experience with FISMA compliance, NIST RMF, and federal security documentation (SSP, POA&M, SAR, PIA) in a civilian federal agency environment.

• Bachelor’s degree in Information Technology, Cybersecurity, Business, or a related discipline required; in lieu of a degree, fourteen (14) years of progressively responsible experience as described above.

  Certifications

• PMP (Project Management Professional) – Active, required.

• CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional), or CAP (Certified Authorization Professional) – at least one required.

  Core Competencies

• Demonstrated ability to manage contractor-side program execution, including staffing oversight, deliverable management, and FPM/COR coordination on a federal task order.

• Working knowledge of HHS/NIH security policy, including HHS ARS, NIH ISRM policies, and OMB M-21-31 logging and auditability requirements.

• Experience developing and maintaining NIST RMF documentation packages for civilian federal systems; familiarity with NIH RMF templates is a plus.

• Ability to communicate technical compliance requirements clearly to non-technical stakeholders, including written briefings, training materials, and executive summaries.

• Demonstrated experience operating in a multi-task contract environment where competing priorities must be managed concurrently.

  Preferred Qualifications

• Master’s degree in Information Technology, Cybersecurity, or a related discipline.

• Prior experience supporting HHS, NIH, or NCATS programs, or other biomedical research agencies with complex IT security environments.

• Familiarity with FedRAMP authorization processes and cloud security requirements for federal systems.

• Experience producing FIPS-199 categorization packages and supporting ATO submissions in a civilian HHS/NIH environment.

• Experience with federal security training development and delivery, including role-based training programs under HHS policy.

  Clearance

• Must be able to obtain and maintain the applicable NIH/HHS Public Trust or clearance level prior to beginning work.

• Must complete all required HHS/NIH Contractor Information Security Awareness, Privacy, and Records Management training before performing work under the contract, and annually thereafter.

• Must comply with NIH Rules of Behavior for contractors and sign the applicable acknowledgment before accessing any Government data, systems, or networks.

  Salary Range

• $145,000 - $160,000

  Devis is an AA/EOE/M/F/Disabled/VET Employer committed to providing equal employment opportunity without regard to an individual’s race, color, religion, age, gender, sexual orientation, veteran status, national origin or disability.

Powered by JazzHR