InfoSec Manager

Overview: GDIT is seeking a highly experienced Cyber Security Manager to lead and unify two critical teams: Security Operations (SecOps) and Cyber Security Compliance (Risk Management). This leadership position supports GDIT’s contract with the Administrative Office of United States Courts – Administrative Office Technology Office (AOUSC-AOTO) in Washington, DC. The successful candidate will serve as the primary bridge between technical operations and governance, supervising a diverse team of Engineers and Analysts. You will be responsible for the strategic oversight of the AOTO enterprise-wide defense-in-depth posture, ensuring that daily security operations (Incident Response, Vulnerability Management) align seamlessly with federal compliance mandates (NIST RMF, JISF). Responsibilities: The Manager will provide direct supervision to the Security Operations and Compliance teams, fostering a collaborative environment that integrates real-time threat defense with long-term risk management. Leadership & Strategy:

• Provide day-to-day leadership, mentorship, and resource management for the SecOps and Compliance teams.
• Act as the primary liaison between the technical teams and the AOTO Information Security Officer (ISO) and Government Leads.
• Develop and execute strategic security plans that align technical capabilities (SIEM, Firewalls) with policy requirements (NIST 800-53, JISF).
• Synthesize data from Security Operations and Compliance activities to provide executive-level reporting on the organization's risk posture, security trends, and program health.

Security Operations Oversight:

• Oversee the 24/7/365 efficacy of security tools and operational activities, including Incident Response (IR), Intrusion Detection/Prevention, and SIEM management (Splunk).
• Ensure timely triage, investigation, and remediation of security events, serving as the escalation point for critical incidents.
• Direct the Vulnerability Management program, ensuring scans are conducted, analyzed, and remediation efforts are coordinated effectively across cross-functional IT teams.
• Manage the implementation and maintenance of security infrastructure (Next-Gen Firewalls, Endpoint Protection, Web Gateways).

Compliance & Risk Management Oversight:

• Supervise the full lifecycle of Assessment & Authorization (A&A) activities, ensuring systems maintain Authority to Operate (ATO) in accordance with the Judiciary Information Security Framework (JISF) and NIST RMF.
• Oversee the development and maintenance of System Security Plans (SSPs), POA&Ms, and other critical security documentation in the CSAM tool.
• Ensure that new and existing systems integrate security controls early in the SDLC (Security by Design) and meet auditing requirements.
• Review and approve policy updates, Standard Operating Procedures (SOPs), and Concept of Operations (CONOPS) documents.

Program Management:

• Manage the IT Security Awareness Training and Phishing Simulation program, ensuring continuous improvement and high user engagement.
• Collaborate with AOTO project managers and system owners to ensure security resources are appropriately allocated to ongoing projects.
• Maintain awareness of emerging threat intelligence and regulatory changes to proactively adapt the program’s defense and compliance strategies.

Qualifications: REQUIRED SKILLS:

• At least 10 years of progressive IT security experience, with a minimum of 3-5 years in a leadership or management role supervising teams.
• Understanding of Security Operations architectures (SIEM, Firewall, IDS/IPS, Vulnerability Scanning) and Incident Response lifecycles.
• Experience coordinating and overseeing the implementation of security projects.
• Ability to manage diverse teams, prioritize conflicting demands, and drive performance towards meeting SLA/contractual requirements.
• Excellent oral and written communication skills, with the ability to translate complex technical issues into business risks for senior management and government stakeholders.
• Familiarity with enterprise tools such as Splunk, Nessus, CSAM, and Patch Management systems is a plus
• Knowledge of risk management framework pertaining to IT Security a plus
• Knowledge of general management and auditing techniques for identifying problems, gathering and analyzing pertinent information, forming conclusions, developing solutions and implementing plans consistent with management goals.

EDUCATION/CERTIFICATIONS:

• Bachelor’s degree required, Master’s degree preferred and a minimum of 10 years of progressive IT experience or equivalent experience.
• One industry-recognized project management certification such as: Agile Certified Practitioner (ACP) or Project Management Professional (PMP) a plus
• ITIL Foundations Certification a plus
• Certifications relating to IT Security (CISSP, GIAC, Security+) a plus

Apply tot his job Apply To this Job