InfoSec Manager

Overview: GDIT is seeking a highly experienced Cyber Security Manager to lead and unify two critical teams: Security Operations (SecOps) and Cyber Security Compliance (Risk Management). This leadership position supports GDIT’s contract with the Administrative Office of United States Courts – Administrative Office Technology Office (AOUSC-AOTO) in Washington, DC. The successful candidate will serve as the primary bridge between technical operations and governance, supervising a diverse team of Engineers and Analysts. You will be responsible for the strategic oversight of the AOTO enterprise-wide defense-in-depth posture, ensuring that daily security operations (Incident Response, Vulnerability Management) align seamlessly with federal compliance mandates (NIST RMF, JISF). Responsibilities: The Manager will provide direct supervision to the Security Operations and Compliance teams, fostering a collaborative environment that integrates real-time threat defense with long-term risk management. Leadership & Strategy: • Provide day-to-day leadership, mentorship, and resource management for the SecOps and Compliance teams. • Act as the primary liaison between the technical teams and the AOTO Information Security Officer (ISO) and Government Leads. • Develop and execute strategic security plans that align technical capabilities (SIEM, Firewalls) with policy requirements (NIST 800-53, JISF). • Synthesize data from Security Operations and Compliance activities to provide executive-level reporting on the organization's risk posture, security trends, and program health. Security Operations Oversight: • Oversee the 24/7/365 efficacy of security tools and operational activities, including Incident Response (IR), Intrusion Detection/Prevention, and SIEM management (Splunk). • Ensure timely triage, investigation, and remediation of security events, serving as the escalation point for critical incidents. • Direct the Vulnerability Management program, ensuring scans are conducted, analyzed, and remediation efforts are coordinated effectively across cross-functional IT teams. • Manage the implementation and maintenance of security infrastructure (Next-Gen Firewalls, Endpoint Protection, Web Gateways). Compliance & Risk Management Oversight: • Supervise the full lifecycle of Assessment & Authorization (A&A) activities, ensuring systems maintain Authority to Operate (ATO) in accordance with the Judiciary Information Security Framework (JISF) and NIST RMF. • Oversee the development and maintenance of System Security Plans (SSPs), POA&Ms, and other critical security documentation in the CSAM tool. • Ensure that new and existing systems integrate security controls early in the SDLC (Security by Design) and meet auditing requirements. • Review and approve policy updates, Standard Operating Procedures (SOPs), and Concept of Operations (CONOPS) documents. Program Management: • Manage the IT Security Awareness Training and Phishing Simulation program, ensuring continuous improvement and high user engagement. • Collaborate with AOTO project managers and system owners to ensure security resources are appropriately allocated to ongoing projects. • Maintain awareness of emerging threat intelligence and regulatory changes to proactively adapt the program’s defense and compliance strategies. Qualifications: REQUIRED SKILLS: • At least 10 years of progressive IT security experience, with a minimum of 3-5 years in a leadership or management role supervising teams. • Understanding of Security Operations architectures (SIEM, Firewall, IDS/IPS, Vulnerability Scanning) and Incident Response lifecycles. • Experience coordinating and overseeing the implementation of security projects. • Ability to manage diverse teams, prioritize conflicting demands, and drive performance towards meeting SLA/contractual requirements. • Excellent oral and written communication skills, with the ability to translate complex technical issues into business risks for senior management and government stakeholders. • Familiarity with enterprise tools such as Splunk, Nessus, CSAM, and Patch Management systems is a plus • Knowledge of risk management framework pertaining to IT Security a plus • Knowledge of general management and auditing techniques for identifying problems, gathering and analyzing pertinent information, forming conclusions, developing solutions and implementing plans consistent with management goals. EDUCATION/CERTIFICATIONS: • Bachelor’s degree required, Master’s degree preferred and a minimum of 10 years of progressive IT experience or equivalent experience. • One industry-recognized project management certification such as: Agile Certified Practitioner (ACP) or Project Management Professional (PMP) a plus • ITIL Foundations Certification a plus • Certifications relating to IT Security (CISSP, GIAC, Security+) a plus Apply tot his job Apply To this Job