Program Manager - FDIC Enterprise DevSecOps

Responsibilities Program Oversight and FDIC Client Interface Serve as the single point of accountability to the FDIC Oversight Manager, Technical Monitor, and CO; own all contractual communications, deliverables, and performance reporting (REQ-C-217). Maintain program performance at or above SLA thresholds: >99.5% availability for Mission Essential/Critical systems; Critical/High vulnerability remediation Lead monthly Service Level Performance (SLP) reporting, including ServiceNow ticket trend analysis, pipeline health metrics, and security gate compliance data. Represent the program at FDIC governance bodies: CCB, enterprise architecture and change governance board (EA fitness gate), and OCISO engagements; manage action items and ensure program inputs meet required timelines. Oversee the onboarding and background‑investigation pipeline for all staff; coordinate trust determinations with client Security to eliminate delivery gaps due to access delays. Direct multiple parallel Agile/Scrum project teams covering pipeline engineering, application security, platform operations, QA automation, and service desk functions; maintain a unified program backlog and sprint cadence aligned to FDIC priorities. Coordinate delivery across a hybrid estate: Azure (AKS, ACR, App Gateway, Key Vault), AWS, on‑premises WebLogic/WebSphere/Oracle, z/OS mainframe (Endevor), and SaaS platforms (MuleSoft, Appian, Salesforce, Power Platform). Manage surge labor provisions under the FFP structure; forecast headcount needs against ServiceNow ticket volume trends and planned application onboarding. Track program risks, issues, and decisions in the program risk register; escalate blockers to FDIC leadership with mitigation options ready at the time of escalation. Ensure version strategy compliance (n/n‑1) across toolchain components and coordinate upgrade windows with the client’s CIO organization and impacted application teams. DevSecOps Program Governance and Security Posture Translate FDIC IT governance requirements (FDIC Directive 1300.07, FISMA moderate, NIST 800‑53/800‑37/800‑88/800‑207, OMB M-22‑09) into program controls, training requirements, and staff accountability frameworks. Monitor enforcement of BLOCKING security gates across the SDLC: secrets scan and peer review (Develop); SAST/SCA on Critical/High and IaC scan on Critical (Build); DAST on Critical (Test); container scan on Critical/High and SonarQube quality gate (Release). Manage the program’s participation in the FDIC FISMA annual assessment cycle, continuous monitoring via Splunk and DynaTrace, and ISSM/ISSO‑driven remediation efforts. Oversee GitHub Advanced Security (GHAS)/CodeQL pipeline integration health, GitHub Copilot (SaaS) rollout governance, and JFrog Artifactory/Xray and SonarQube license and capacity planning. Interface with FDIC OCISO and ISSM/ISSO on PQC readiness (FIPS 203/204/205), CyberArk secrets management operations, and Section 508 compliance milestones. Own program P&A for an FFP contract; track burn rate, EAC, and labor utilization monthly; identify variance root causes and recommend corrective actions to Leidos program leadership. Build and maintain staffing plans, transition/onboarding schedules, and Key Personnel availability records to satisfy FDIC Key Person substitution notification requirements. Coordinate with Leidos Recruiting and Subcontract Management to fill surge and backfill positions within FDIC security clearance lead times; maintain continuity of service with no SLA gaps. Prepare and present program reviews, QBRs, and ad‑hoc executive briefings to Leidos and FDIC leadership. Drive the FDIC’s DevSecOps maturity roadmap from current Level 2 toward Level 3 and beyond; own the maturity assessment schedule and present progress quarterly. Champion pipeline automation expansion (target: more than 1,000 active CI/CD pipelines) and application onboarding into the GitHub Enterprise/Cloud ecosystem. Identify process improvement opportunities in ServiceNow‑based ticket workflows; reduce mean time to resolve (MTTR) and improve first‑contact resolution rates. Establish and maintain program knowledge management artifacts (runbooks, SOPs, lessons learned) to reduce key‑person dependency and ensure institutional continuity. Required Qualifications Bachelor’s degree (BA/BS) in a technical or business discipline, preferably Computer Science, Information Systems, Engineering, or related field. In lieu of degree, additional experience may be required. Must be able to obtain and maintain a Public Trust clearance. 8+ years of program or project management experience in IT or technology services delivery (or a Master’s degree with 6+ years). 4+ years of experience directly leading or supervising multi‑disciplinary teams or projects in a program or project management capacity. Current experience (typically within the past 1‑2 years) managing a federal IT program under a Firm‑Fixed‑Price (FFP) contract, including P&L accountability, burn rate tracking, and deliverable schedule management. Current experience (typically within the past 1‑2 years) as program manager or delivery lead for a large, complex enterprise DevSecOps or CI/CD program, including complex coordination across multiple parallel Agile/Scrum teams. Current experience (typically within the past 1‑2 years) as the prime client interface to a Federal Contracting Officer, COR, or Technical Monitor; accountable for all contractual communications and performance reporting. Current experience (typically within the past 1‑2 years) managing SLA‑driven delivery with formal monthly or quarterly performance reporting to the government client. Experience representing a program at formal Federal IT governance bodies, including change control boards, enterprise architecture review, or equivalent governance processes. Working familiarity with modern DevSecOps toolchains: GitHub Enterprise Server or GitHub Cloud, CI/CD pipeline frameworks (GitHub Actions or equivalent), and artifact/security scanning concepts (SAST, SCA, DAST, container scanning). Sufficient depth to engage credibly with engineering leads and translate technical risks into program‑level reporting. Familiarity with ServiceNow or equivalent ITSM platform as the system of record for service requests, incident management, and SLA tracking in a federal environment. Working knowledge of FISMA moderate compliance requirements and NIST 800‑53 control families as they affect program delivery timelines and security gate enforcement. Project Management Professional (PMP) certification strongly preferred (PgMP or FAC‑P/PM Senior accepted as equivalent). As a named Key Personnel position, the candidate must be available to participate in client presentations conducted via Microsoft Teams. Preferred Qualifications 8+ years of federal IT program management experience, given the scale and complexity of the FDIC DevSecOps program. SAFe Program Consultant (SPC) or SAFe Agilist (SA) certification. ITIL v4 Foundation or higher; ITIL service management experience in a large federal IT environment. Direct FDIC, FFIEC‑member agency, or federal financial‑sector IT program management experience. Experience managing a program targeting CISA Zero Trust Maturity Model (ZTMM) 2.0 Optimal or OMB M‑22‑09 Zero Trust compliance roadmap. Experience at self‑managed scale with FDIC toolchain components: GitHub Enterprise Server (self‑managed), JFrog Artifactory/Xray, SonarQube, and Aqua Security (operating, not just consuming as SaaS). Experience with hybrid estates spanning Azure (AKS, ACR, Key Vault, App Gateway), AWS, and legacy mainframe (z/OS/Endevor) or middleware (WebLogic, WebSphere, Oracle) environments. Familiarity with FDIC Directive 1300.07 IT governance framework. Experience with Post‑Quantum Cryptography (PQC) readiness planning (FIPS 203/204/205) or FIPS 140‑2/3 compliance in a federal program context. Master’s degree in a technical or business discipline. Experience with CyberArk Privileged Access Management in a federal DevSecOps environment. Familiarity with Azure Monitor, Splunk, and DynaTrace for SLA/availability monitoring and executive reporting. Prior Key Personnel designation on a federal IT contract with a successful performance period. All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws. #J-18808-Ljbffr Leidos