Designation
| Key Personnel
|
GSA MAS Labor Category
| Program Manager
|
Level of Effort
| 1.0 FTE (1,880 hours per period), all five performance periods
|
Location / Hours
| Remote-first; periodic on-site in Bethesda, MD; core hours 7:00 a.m.?6:00 p.m. ET M?F plus emergency after-hours
|
Clearance
| Tier 2 Public Trust (MBI-5B) ? must obtain and maintain
|
Key Personnel Conditions
Key Personnel designation under HHSAR 352.237-75 (RFQ Section G.3). A signed Letter of Commitment is required at quote submission (RFQ L.6.1, Factor 3, as amended). The incumbent may not be diverted or replaced without Contracting Officer written consent for the life of the task order (Base plus four option periods, through August 2031). U.S. work authorization and the ability to obtain and maintain a Tier 2 (Public Trust / MBI-5B) background investigation are required (RFQ H.11.11). Performance is remote-first with periodic on-site presence at NIH facilities in Bethesda, MD for meetings, exercises, and incident response (SOW Section 7). Core coverage hours are 7:00 a.m. to 6:00 p.m. ET, Monday through Friday, with emergency after-hours availability (RFQ F.5).
Role Summary
Serves as the single accountable leader for a ~24 FTE cybersecurity services program protecting the NIH Office of the Director's hybrid environment: approximately 165 FISMA Low/Moderate systems, 5,000 connected devices, and 4,000 supported users. Owns cost, schedule, and technical performance across all ten SOW task areas ? 24x7x365 security operations, incident response and digital forensics, security architecture and Zero Trust, vulnerability management, penetration testing, RMF/A&A, CDM, security policy and training, and ISSO support ? on a firm-fixed-price basis.
Directly accountable for a 30-calendar-day Transition-In with zero degradation of mission-critical cybersecurity services, and for sustaining SLA performance for the life of the task order.
Key Responsibilities
? Serve as primary interface to the NIH Contracting Officer, COR, and OD Chief Information Technology Security Officer (CISO); lead Quarterly Program Reviews and recurring program governance meetings.
? Own the Task Order Management Plan, Program Management Plan, Integrated Master Schedule, Risk Register, and the full SOW Section 9 deliverables calendar ? including the Weekly CIO & Executive Dashboard (due 7:00 a.m. each Monday), Monthly Status Reports, FISMA quarterly/annual reporting, and the Cybersecurity Risk Profile.
? Direct the 30-day Transition-In: staffing ramp, knowledge transfer validation, tool and data access validation, Transition Risk Register, and COR-approved Transition Completion Certification. Transition-In Plan is due within 5 calendar days of award.
? Manage firm-fixed-price performance economics: labor utilization across 42,500?47,740 annual hours, 24x7 shift coverage integrity, surge and backfill, and subcontractor performance and security compliance (SOW 6.1).
? nforce SLA performance: 30-minute investigation of suspected intrusions, 1-hour incident reporting, 95% monthly operational availability of contractor-managed cybersecurity systems, and KEV/BOD remediation timelines.
? Manage Key Personnel continuity obligations, NDA submission timelines (RFQ H.13), personnel onboarding/offboarding notifications (14-day notice), and the Tier 2 background investigation pipeline.
Requirements
Minimum Qualifications
? 10+ years managing federal IT or cybersecurity services programs, including 5+ years as Program Manager of record on contracts of $3M+ annual value (aligns to the Government's past-performance size threshold).
? PMP (active) and CISSP or CISM.
? Demonstrated management of 24x7 security operations or mission-critical O&M services under SLA-governed, firm-fixed-price or performance-based contracts.
? Direct experience leading a contract transition-in of 30?60 days from an incumbent, with documented continuity of critical services.
? Working command of FISMA, NIST SP 800-53 Rev. 5, RMF, and HHS/NIH security governance sufficient to brief a federal CISO without technical escort.
? Bachelor's degree in a relevant field (per GSA labor category minimums; allowable substitutions per Innosoft's awarded schedule terms).
Preferred Qualifications
? Prior program delivery within HHS, NIH, or another HHS OpDiv; familiarity with NIH A&A processes, JCAM, and ServiceNow/IRT Portal workflows.
? Experience deploying automation or AI-assisted reporting and SOAR-driven operations to reduce level of effort while sustaining SLAs ? directly supports the flat-rate, five-year zero-escalation pricing strategy and the Government's stated interest in contractor-provided automation (Q&A items 10, 162?164).
? ITIL v4 Foundation or PgMP.