Program Manager III

Job Title: Program Manager III
Location: Washington, DC , USA 20001
Duration: 6+ months contract to hire
Security Clearance Required: PUBLIC TRUST (able to obtain/ maintain)

WORK ENVIRONMENT / OTHER
Operational Support
This contract requires support of Mission Essential/Critical systems with >99.5% availability SLAs.
The Program Manager must be reachable during standard Eastern Time business hours and available for critical incident escalations outside normal hours when required.
Participation in Continuity of Operations (COOP) and Disaster Recovery exercises may be required.

Location:
Washington DC Metro Area. Must reside within commuting distance of the client headquarters to support on-site meetings on short notice; primarily remote otherwise.

Travel:
Estimated 10% or less.
Primarily for client program reviews, governance meetings, and occasional visits to offices.
Scheduled Weekly Hours
40 hours per week, Day Shift.

The Program Manager is the prime interface between and the Client Oversight Manager, Technical Monitor, and Contracting Officer, and is accountable for the full scope of DevSecOps support across a large, complex enterprise DevSecOps environment spanning hundreds of applications, CI/CD pipelines, and ServiceNow service requests per year. This role governs a hybrid Federal estate spanning Azure/AKS, AWS, z/OS mainframe, and on-premises middleware, operating at FISMA-moderate compliance and targeting CISA Zero Trust Maturity Model (ZTMM) Optimal. The PM drives SLA-governed delivery (>99.5% availability for Mission Essential systems), coordinates change control and enterprise architecture governance bodies, and manages Firm-Fixed-Price delivery inclusive of surge labor. Technical credibility is required: the PM must engage fluently with the client's self-managed GitHub Enterprise/Cloud, JFrog Artifactory, SonarQube, and Aqua toolchain and translate security gate outcomes into program-level risk posture and client reporting.

PRIMARY RESPONSIBILITIES
Program Oversight and Client Interface
Serve as the single point of accountability to the Client Oversight Manager, Technical Monitor, and Contracting Officer; own all contractual communications, deliverables, and performance reporting.
Maintain program performance at or above SLA thresholds: >99.5% availability for Mission Essential/Critical systems; Critical/High vulnerability remediation within 30 days; Moderate vulnerabilities within 90 days.
Lead monthly Service Level Performance (SLP) reporting, including ServiceNow ticket trend analysis, pipeline health metrics, and security gate compliance data.
Represent the program at client governance bodies, including Change Control Boards (CCB), enterprise architecture and change governance boards, and cybersecurity governance engagements; manage action items and ensure program inputs meet required timelines.
Oversee the onboarding and background investigation pipeline for all staff; coordinate trust determinations with client security personnel to eliminate delivery gaps due to access delays.
Delivery Management and Multi-Team Coordination

Direct multiple parallel Agile/Scrum project teams covering pipeline engineering, application security, platform operations, QA automation, and service desk functions; maintain a unified program backlog and sprint cadence aligned to client priorities.
Coordinate delivery across a hybrid estate: Azure (AKS, ACR, App Gateway, Key Vault), AWS, on-premises WebLogic/WebSphere/Oracle, z/OS mainframe (Endevor), and SaaS platforms (MuleSoft, Appian, Salesforce, Power Platform).
Manage surge labor provisions under the FFP structure; forecast headcount needs against ServiceNow ticket volume trends and planned application onboarding.
Track program risks, issues, and decisions in the program risk register; escalate blockers to client leadership with mitigation options prepared at the time of escalation.
Ensure version strategy compliance (n/n-1) across toolchain components and coordinate upgrade windows with the client's organization and impacted application teams.
DevSecOps Program Governance and Security Posture

Translate client IT governance requirements, including FISMA Moderate controls, NIST 800-53, NIST 800-37, NIST 800-88, NIST 800-207, and OMB M-22-09, into program controls, training requirements, and staff accountability frameworks.
Monitor enforcement of blocking security gates across the SDLC: secrets scanning and peer review (Develop); SAST/SCA on Critical/High findings and IaC scanning on Critical findings (Build); DAST on Critical findings (Test); container scanning on Critical/High findings and SonarQube quality gates (Release).
Manage the program's participation in the client FISMA annual assessment cycle, continuous monitoring activities, and ISSM/ISSO-driven remediation efforts.
Oversee GitHub Advanced Security (GHAS)/CodeQL pipeline integration health, GitHub Copilot governance, and JFrog Artifactory/Xray and SonarQube licensing and capacity planning.
Interface with client cybersecurity leadership and ISSM/ISSO personnel on post-quantum cryptography readiness, privileged access management operations, and Section 508 compliance milestones.
Financial Management and Staffing

Own program P&L for an FFP contract; track burn rate, estimate-at-completion (EAC), and labor utilization monthly; identify variance root causes and recommend corrective actions.
Build and maintain staffing plans, transition/onboarding schedules, and Key Personnel availability records to satisfy client Key Personnel substitution notification requirements.
Coordinate with Recruiting and Subcontract Management to fill surge and backfill positions within client security onboarding timelines; maintain continuity of service with no SLA gaps.
Prepare and present program reviews, quarterly business reviews (QBRs), and executive briefings to corporate and client leadership.
Continual Service Improvement and Maturity Advancement

Drive the New Program maturity roadmap from current Level 2 toward Level 3 and beyond; own the maturity assessment schedule and present progress quarterly.
Champion pipeline automation expansion (target: more than 1,000 active CI/CD pipelines) and application onboarding into the GitHub Enterprise/Cloud ecosystem.
Identify process improvement opportunities in ServiceNow-based workflows; reduce mean time to resolve (MTTR) and improve first-contact resolution rates.
Establish and maintain program knowledge management artifacts (runbooks, SOPs, lessons learned) to reduce key-person dependency and ensure institutional continuity.

REQUIRED QUALIFICATIONS:
Education:
Bachelor's degree in a technical or business discipline. Technical degrees in Computer Science, Information Systems, Engineering, or related fields are preferred.
Four additional years of directly applicable experience may be substituted for a bachelor's degree.

Experience:
8+ years of program or project management experience in IT or technology services delivery (or a Master's degree with 6+ years).
4+ years of experience leading or supervising multidisciplinary teams or projects.
Recent experience managing a federal IT program under a Firm-Fixed-Price (FFP) contract, including P&L accountability, burn-rate tracking, and schedule management.
Recent experience serving as Program Manager or Delivery Lead for a large enterprise DevSecOps or CI/CD program with multiple Agile/Scrum teams.
Recent experience as the primary client interface to a Federal Contracting Officer, COR, Technical Monitor, or equivalent government representative.
Recent experience managing SLA-driven delivery with formal performance reporting to a government client.
Experience representing programs at formal federal governance bodies, including change control boards and enterprise architecture reviews.

Technical Fluency:
Working familiarity with GitHub Enterprise, GitHub Cloud, GitHub Actions or equivalent CI/CD frameworks, and security scanning concepts including SAST, SCA, DAST, container scanning, and infrastructure-as-code scanning.
Familiarity with ServiceNow or comparable ITSM platforms supporting incident management, service requests, and SLA tracking.
Working knowledge of FISMA Moderate compliance requirements and NIST 800-53 controls as they affect program delivery.

Certifications:
PMP certification strongly preferred. PgMP or FAC-P/PM Senior accepted as equivalent.
Location and Availability.

PREFERRED QUALIFICATIONS:
8+ years of federal IT program management experience supporting large enterprise application portfolios, extensive CI/CD environments, and multiple Agile delivery teams.
SAFe Program Consultant (SPC) or SAFe Agilist (SA) certification.
ITIL v4 Foundation or higher.
Direct federal financial-sector, civilian agency, or highly regulated federal IT program experience.
Experience supporting programs aligned to CISA Zero Trust Maturity Model (ZTMM) 2.0 Optimal and OMB M-22-09.
Experience operating at scale with GitHub Enterprise Server, JFrog Artifactory/Xray, SonarQube, Aqua Security, and related DevSecOps platforms.
Experience with hybrid environments spanning Azure, AWS, mainframe, middleware, and SaaS ecosystems.
Familiarity with federal IT governance frameworks.
Experience supporting Post-Quantum Cryptography (PQC) readiness initiatives and FIPS compliance programs.
Master's degree in a technical or business discipline.
Experience with CyberArk Privileged Access Management.
Familiarity with Azure Monitor, Splunk, and Dynatrace for operational monitoring and executive reporting.
Prior Key Personnel designation on a successful federal IT contract.