Previous Job
Senior Project Manager / SME
Ref No.: 18-02895
Location: Rockville, Maryland
Start Date / End Date: 07/01/2018 to 06/30/2023

Job Description
Job Title Senior Project Manager / SME
Client Department of Health and Human Services, The National Cancer Institute
Place of Performance 9609 Medical Center Dr, Rockville, MD 20850 and remote work depending upon CBIIT program requirements.
Resume Due 05/01/2018
Number of Positions 1
No of Resumes 1
Period of performance 5 years (07/01/2018 - 06/31/2023)
Working Hours 8:00 am to 5:00 pm Monday through Friday, exclusive of government holidays
US Citizen Yes
Security Clearance Not required

Scope of Work:
The purpose of this requirement is to acquire several classes of management and enterprise Information Technology (IT) security support services including but not limited to delivery order management, IT Security project management support, IT security policy and compliance support, and IT security outreach and awareness support.

The scope of the NCI ESP is to plan, promote and coordinate the execution of security related activities across the NCI enterprise leading to the goal of protecting confidentiality, integrity, and availability for NCI IT systems and data, as well as the protection of NCI's intellectual property and reputation pertaining to matters of security.

The ESP requires support in two areas:

· Security Policy and Compliance
  • Develop procedures and standards for effective implementation of the NCI Information Security Plan;
  • Assist in incorporating security policies and control processes in the CBIIT IT environment;
  • Determine security models in terms of confidentiality, integrity and availability;
  • Assist in the incorporation of security policies and control processes into the software development life cycle (SDLC);
  • Assist in the design, development, documentation and implementation of security guidance, standards, and procedures to implement and validate the security policy;
  • Assist the security program in defining new security related technologies and
  • processes to advance the existing trust framework. (e.g., defining security as services, defining access control policies and models, etc.);
  • Assist in the tracking of Plan of Actions and Milestone (PO&AM) items;
  • Provide process development and documentation for contingency planning, disaster recovery, and business continuity planning;
  • Provide documentation for NCI's configuration management program;
  • Provide documentation for NCI's vulnerability management program;
  • Assist in the implementation of security policies as directed by the ISSO;
  • Prepare or assist in the preparation of security-related documents such as policy waivers and Risk Acceptance Memos.

· Security Outreach and Awareness
  • Enhance the NCI Web Security Presence (e.g., development of web content to promote security awareness and training materials as well as general security relate information);
  • Develop communications from Program Office/CIO/ISSO; and
  • Develop security awareness material and outreach sessions for both internal NCI users and the extramural community.

Job Duties
The Contractor's Project Manager shall meet with the CO/COR as necessary to maintain satisfactory performance and to resolve other issues pertaining to Government/Contractor procedures. At these meetings, a mutual effort shall be made to resolve any and all problems identified. Action items stemming from these meetings shall be prepared by the Contractor, ownership assigned and timeframe proposed, and furnished to the Government within two (2) workdays of the subject meeting.

The Project Managers must demonstrate knowledge of Project Management Institute methodologies. Knowledge of and experience with the HHS Enterprise Performance Life Cycle
(EPLC) management methodology is highly desirable.

The Project Manager shall:
· Follow the HHS EPLC project management methodology and implement Project Management Institute (PMI) best practices;
· Deliver full project management life-cycle solutions including planning, tracking implementation, and completion of assigned projects and tasks;
· Develop effective plans and minimize changes by setting realistic objectives;
· Facilitate communication and consensus building among various project groups;
· Use NCI provided Commercial of the Shelf (COTS) project management software to track projects;
· Develop and maintain operational plans and procedures and records of status, risks, issues, and completed projects;
· Contribute to performance reporting to CBIIT management; and
· Continuously assess the ongoing performance of programs, processes, and systems to determine the overall effectiveness and efficiency of each to the NCI.

C.5.2.2 Project Management Plans
For significant tasks, the Project Manager shall prepare and deliver Project Management Plans
(PMP) as requested by the COR. PMPs shall generally follow HHS EPLC template content and presentation unless modified and approved by the COR.

PMPs shall, as a minimum include:
· A work breakdown structure (WBS) in MS Project format encompassing planning, tracking, execution, and completion activities for all subtasks and activities;
· Milestones and deliverable due dates;
· Descriptions of the technical approach, organizational resources and management controls employed to meet the cost, performance, and schedule requirements for the task;
· Products and/or methods for producing deliverables, allocation of staff and other resources necessary to produce deliverables, and timelines; and
· Outlines of the risk management and issue management plans to be used.


Minimum Project Management Experience: Ten years' experience managing projects including eight years managing IT security-related projects of a scope and complexity similar to that specified in this statement of work.

Project Management Functional Responsibility: Responsible for overall management of the project. Plans all project activities. Supervises contractor personnel. Assigns contractor duties and schedules. Communicates policies, purposes, and goals of the NCI to subordinates.

Minimum SME Experience: Twelve years of progressive technical experience in the area of Information Systems, with at least ten years of specialized experience in the area of Federal Information Systems Security.

SME Functional Responsibility: Analyzes and/or establishes processes and technologies to ensure comprehensive protection exists on computer systems to prevent unauthorized entry to computer systems or compromise of data integrity or secrecy. Security development for computer systems includes designing, prototyping, implementing, conducting independent verification and validation, and maintaining security for enterprise systems. Performs support activities for security assessment and accreditation activities on IT systems and applications, including review or preparation of required documents (FIPS 199, Risk Acceptance Memos, etc.) security audits (i.e., FISMA), risk assessments, security plans, and system test and evaluations. Develops or reviews security policies, standards and procedures. Provides up-to-date working knowledge in areas such as computer viruses, intrusion detection systems, encryption systems, firewalls, access and authentication technologies, etc. Responsible for vulnerability analysis, and contingency/disaster recovery planning and testing. Provides training to project managers and system owners in FISMA compliance.

Minimum Education: Bachelor's Degree in Computer Science, Information Systems, Electrical Engineering, or other related scientific or technical discipline.