LCG, Inc. · 23 hours ago
Information Security Project Manager
Rockville, MD
Full-time
Hybrid
Mid, Senior Level
$100K/yr - $180K/yr
5+ years expLCG, Inc. is seeking an Information Security Project Manager who will be responsible for contractor performance supporting the Client’s cybersecurity and privacy program, emphasizing programmatic Quality Assurance. This role involves leading cybersecurity initiatives, managing risks, and ensuring compliance with federal mandates while driving improvements in security processes.
Health CareInformation Technology
Responsibilities
Own end-to-end delivery quality for SAMHSA’s cybersecurity and privacy support program, ensuring outputs meet FISMA, NIST, and HHS policy expectations and are audit-ready
Establish and enforce program QA practices (peer reviews, checklists, acceptance criteria, schedule control) across security engineering, compliance, and reporting workstreams
Drive program maturation toward formal, repeatable processes and measurable outcomes aligned to a risk-based posture
Lead program risk management: continuously identify, track, and mitigate risks/issues; maintain mitigation plans and validate closure evidence
Define and manage measurable, verifiable performance measures for cybersecurity initiatives and contract outcomes; report progress to leadership
Oversee governance workflows and ensure consistent execution of compliance, assessment, continuous monitoring, and reporting activities across all supported systems
Support CIO/CISO/SAOP strategic planning by translating federal/HHS mandates into executable roadmaps (people/process/technology) and sequencing improvements
Lead continuous improvement: recommend security program enhancements (process optimization, governance improvements, automation opportunities) and drive implementation through task leads
Direct oversight of security assessment & authorization (SA&A) execution and lifecycle tracking to ensure consistency and readiness for internal/external review
Ensure program artifacts and tracking align with agency repository/GRC usage (e.g., RSA Archer or successor GRC) for inventory, POA&Ms, findings, and compliance metrics
Ensure program supports required deliverables such as Information Security Program Plan, RMF/CSF methodology, and other mandated plans with annual review/update cadence
Oversee operational cadence for continuous monitoring and enterprise security reporting—ensuring the team produces timely, accurate metrics and evidence packages
Govern the program’s vulnerability management lifecycle: scanning coordination, results tracking in GRC, reporting, remediation coordination, and validation evidence expectations
Ensure reporting and dashboards support leadership decision-making and demonstrate cybersecurity efficacy (e.g., trends, gaps, control performance)
Own program readiness for internal/external audits and data calls (e.g., HHS, OIG, GAO): coordinate response development, evidence collection, quality control, and timely submission
Ensure evidence chains are complete, consistent, and traceable across artifacts, findings, corrective actions, and status reporting
Structure communications that clearly articulate security requirements, timelines, and expectations; coordinate delivery-quality communications and stakeholder updates
Oversee intake and responsiveness for stakeholder inquiries to the security/privacy program mailbox, ensuring acknowledgement and appropriate routing
Lead required governance cadence including kickoff planning and monthly status meetings, ensuring agendas, minutes, milestones, and actions are produced and tracked
Produce and quality-control the Monthly Status Report (MSR) with executive summary, risks/issues, R/Y/G project status, milestones, upcoming work, and staffing updates—delivered by the 5th of each month
Deliver the monthly Financial Dashboard (Planned/Actuals/Variance) to support CIO/COR oversight and budget execution
Manage annual planning deliverables and updates, including Plan of Performance cycles and mid-course corrections with COR/ACOR approval
Lead interdisciplinary teams (security engineering, compliance/RMF, privacy support, reporting/metrics) to ensure coordinated execution and clear handoffs between technical and governance functions
Ensure contractor personnel are aligned to task priorities, trained for tool/process execution, and able to operate in a high-compliance federal environment
Qualification
Required
Bachelor's degree in Cybersecurity, Information Assurance, Information Systems, Computer Science, Computer Engineering, Information Technology, or a closely related field is preferred
Required (one): CISSP or CAP or CISM and PMP
5+ years leading IT/cybersecurity project or program management efforts, including scheduling, scope control, staffing coordination, and delivery governance in a multi-stakeholder environment
7+ years hands-on experience supporting FISMA and NIST-based federal security programs, with demonstrated ability to translate statutory/policy requirements into repeatable processes, artifacts, and measurable outcomes
Proven experience managing or overseeing governance, risk, and compliance (GRC) activities, including program controls tracking, evidence collection, and quality review of compliance artifacts in a federal environment
Experience overseeing/leading activities aligned to NIST Risk Management Framework (RMF) such as coordination of security authorization lifecycle activities, continuous monitoring governance, and program improvement initiatives
Experience supporting internal/external audits and data calls, ensuring documentation, evidence, and responses are accurate, consistent, and delivered on time
Demonstrated experience running risk management for a security program: ability to identify, track, and mitigate risks/issues, maintain mitigation plans, and report status to leadership
Experience developing and managing measurable, verifiable performance measures for program execution and reporting progress toward objectives
Strong experience producing executive-facing reporting, including monthly status reporting and leadership dashboards that summarize risks, project health, milestones, upcoming work, and staffing updates
Experience leading contract/program cadence requirements including kickoff planning, recurring stakeholder meetings, agenda/minutes/action tracking, and follow-up execution to ensure delivery commitments are met
Experience managing delivery of formal program documentation and plans (e.g., annual plans, management plans, program strategies), including iterative review cycles with government stakeholders (COR/ACOR approvals, revisions, and updates)
Experience overseeing security operations support functions such as vulnerability/scanning programs, tool operations coordination, and remediation tracking—ensuring outputs and evidence are tracked through the agency's governance process and reporting mechanisms
Experience working in or coordinating with a GRC platform (e.g., RSA Archer or similar) to support governance workflows, inventories, metrics, and reporting
Strong proficiency with collaboration/reporting tooling (MS Office, SharePoint, dashboards) to support required monthly reporting format and cadence
Benefits
Medical, dental, and vision insurance
Life and disability insurance
Retirement plan contributions
Paid leave
Federal holidays
Professional development opportunities
Lifestyle benefits
Company
LCG, Inc.
LCG is an information technology company specializing in scientific research support, grants management, and health IT services.
201-500 employees
H1B Sponsorship
LCG, Inc. has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (7)
2024 (10)
2023 (4)
2022 (11)
2021 (4)
2020 (7)
Funding
Current Stage
Growth StageLeadership Team
Melissa McCullough
Executive Vice President and CFO
Carey Parrett, MBA
Vice President and Chief Delivery Officer
Company data provided by crunchbase