p>Manage the full lifecycle of ATO documentation and SSPs, ensuring annual reviews, continuous monitoring activities, and updates in response to evolving programmatic, threat, and regulatory requirements Lead vulnerability assessment and penetration testing programs, presenting findings to senior leadership and government officials and managing enterprise-wide remediation activities Provide technical security guidance to development teams, advising on secure architecture design, application security reviews, and full SDLC security integration Lead cloud security operations across AWS, GC, and Azure platforms, including advanced IAM administration, cloud security posture management, and monitoring of cloud resource efficiency and security effectiveness Develop, review, and maintain Incident and Breach Response Plans (IRP) in accordance with HHS/NIH, OMB, and US-CERT requirements Coordinate with ISSOs, CISOs, and federal security officials on security posture, risk assessments, and compliance activities Lead privacy governance activities, overseeing PIA and PTA processes and ensuring compliance with Privacy Act, HIPAA Rules, and applicable HHS policies Oversee the integration of security controls within CI/CD pipelines, IaC frameworks, and containerized environments, ensuring DevSecOps principles are embedded throughout the software delivery lifecycle Contribute to the development and delivery of role-based cybersecurity training programs in accordance with HHS policy and the HHS Role-Based Training Memorandum Provide technical mentorship to Security Specialist I staff, reviewing security assessments and coordinating security activities across cross-functional teams Support records management and data governance activities, ensuring compliance with NARA policies, HHS Agency Records Control Schedules, and applicable federal records management laws. 8+ years of progressive, senior-level information security or cybersecurity experience, with a significant portion in a federal government or government contracting environment Bachelors degree or other degree(s) in Computer Science, Information Security, Cybersecurity, Information Technology, or related fields; Masters degree strongly preferred Expert-level knowledge and demonstrated leadership in FISMA compliance, including strategic oversight of ATO lifecycle management, SSP development, and continuous monitoring programs across enterprise-level federal information systems Expert knowledge of NIST Special Publications including SP 800-53, SP 800-64, SP 800-88, SP 800-171, and FIPS 199/200, with demonstrated ability to apply these frameworks to complex, multi-system environments Demonstrated experience leading enterprise vulnerability management programs, including the design and oversight of vulnerability assessment methodologies, penetration testing programs, and threat identification strategies Proven leadership in cybersecurity incident response at the enterprise level, including coordination with federal agencies such as the NIH CSIRC IRT, US-CERT, and HHS OCIO Senior-level experience architecting and securing enterprise multi-cloud environments across AWS, GC, and Microsoft Azure, including advanced IAM strategy, cloud security posture management, and FedRAMP compliance oversight Demonstrated ability to brief and advise senior government officials, CORs, Contracting Officers, ISSOs, and CISOs on enterprise security posture, risk, and strategic remediation approaches Proven experience leading and mentoring teams of security professionals and coordinating cross-functional security activities across large, complex IT programs.