Designation | Key Personnel |
GSA MAS Labor Category | Program Manager |
Level of Effort | 1.0 FTE (1,880 hours per period), all five performance periods |
Location / Hours | Remote -first; periodic on -site in Bethesda, MD; core hours |
Clearance | Tier 2 Public Trust (MBI -5B) — must obtain and maintain |
Key
Personnel designation under HHSAR 352.237 -75 (RFQ Section G.3). A signed Letter
of Commitment is required at quote submission (RFQ L.6.1, Factor 3, as
amended). The incumbent may not be diverted or replaced without Contracting
Officer written consent for the life of the task order (Base plus four option
periods, through August 2031). U.S. work authorization and the ability to
obtain and maintain a Tier 2 (Public Trust / MBI -5B) background investigation
are required (RFQ H.11.11). Performance is remote -first with periodic on -site
presence at NIH facilities in Bethesda, MD for meetings, exercises, and
incident response (SOW Section 7). Core coverage hours are 7:00 a.m. to 6:00
p.m. ET, Monday through Friday, with emergency after -hours availability (RFQ F.5).
Serves as the single accountable leader for a
~24 FTE cybersecurity services program protecting the NIH Office of the
Director's hybrid environment: approximately 165 FISMA Low/Moderate systems,
5,000 connected devices, and 4,000 supported users. Owns cost, schedule, and
technical performance across all ten SOW task areas — 24x7x365 security
operations, incident response and digital forensics, security architecture and
Zero Trust, vulnerability management, penetration testing, RMF/A&A, CDM,
security policy and training, and ISSO support — on a firm -fixed -price basis.
Directly accountable for a 30 -calendar -day
Transition -In with zero degradation of mission -critical cybersecurity services,
and for sustaining SLA performance for the life of the task order.
• Serve as primary interface to the NIH Contracting
Officer, COR, and OD Chief Information Technology Security Officer (CISO); lead
Quarterly Program Reviews and recurring program governance meetings.
• Own the Task Order Management Plan, Program Management
Plan, Integrated Master Schedule, Risk Register, and the full SOW Section 9
deliverables calendar — including the Weekly CIO & Executive Dashboard (due
7:00 a.m. each Monday), Monthly Status Reports, FISMA quarterly/annual
reporting, and the Cybersecurity Risk Profile.
• Direct the 30 -day Transition -In: staffing ramp, knowledge
transfer validation, tool and data access validation, Transition Risk Register,
and COR -approved Transition Completion Certification. Transition -In Plan is due
within 5 calendar days of award.
• Manage firm -fixed -price performance economics: labor
utilization across 42,500–47,740 annual hours, 24x7 shift coverage integrity,
surge and backfill, and subcontractor performance and security compliance (SOW
6.1).
• nforce SLA performance: 30 -minute investigation of
suspected intrusions, 1 -hour incident reporting, 95% monthly operational
availability of contractor -managed cybersecurity systems, and KEV/BOD
remediation timelines.
• Manage Key Personnel continuity obligations, NDA
submission timelines (RFQ H.13), personnel onboarding/offboarding notifications
(14 -day notice), and the Tier 2 background investigation pipeline.
• 10+ years managing
federal IT or cybersecurity services programs, including 5+ years as
Program Manager of record on contracts of $3M+ annual value (aligns to
the Government's past -performance size threshold).
• PMP (active) and CISSP or CISM.
• Demonstrated management of 24x7 security operations or
mission -critical O&M services under SLA -governed, firm -fixed -price or
performance -based contracts.
• Direct experience leading a contract transition -in of
30–60 days from an incumbent, with documented continuity of critical
services.
• Working command of FISMA, NIST SP 800 -53 Rev. 5, RMF, and
HHS/NIH security governance sufficient to brief a federal CISO without
technical escort.
• Bachelor's degree in a relevant field (per GSA labor
category minimums; allowable substitutions per Innosoft's awarded schedule
terms).
• Prior program delivery within HHS, NIH, or another HHS
OpDiv; familiarity with NIH A&A processes, JCAM, and ServiceNow/IRT
Portal workflows.
• Experience deploying automation or AI -assisted
reporting and SOAR -driven operations to reduce level of effort while
sustaining SLAs — directly supports the flat -rate, five -year zero -escalation
pricing strategy and the Government's stated interest in contractor -provided
automation (Q&A items 10, 162–164).
• ITIL v4 Foundation or PgMP.
Innosoft, Inc.
Innovate, implement, improve and inspire technology solutions with Innosoft
Read more about the companyCopyright © 2026 Grabjobs Pte.Ltd. All Rights Reserved.