Federal Security Governance & Policy Lead (PM-Focused)

Blu Omega is seeking a Federal Security Governance & Policy Lead (PM-Focused) to oversee security operations and documentation efforts within the software development lifecycle. The ideal candidate will have experience working with Centers for Medicare & Medicaid Services (CMS), understanding security operations documentation, and managing interagency data exchanges. This role requires strong leadership in integrating security operations across multiple systems and providing executive-level briefings on progress, risks, and key decisions.Responsibilities:Security Operations: Experience with security operations across the Software Development Lifecycle (SDLC), including Authorization to Operate (ATO), penetration testing, and Plan of Action and Milestones (POAM) tracking.Provide expertise on security release testing and system development security guidance to CMS.Documentation and Interagency Coordination:Develop or collaborate on creating security operations documentation related to interagency data exchange agreements.Experience with documenting processes such as Security Impact Assessments (SIA) and track CMS-related security operations activities.Project Management Planning:Develop and manage security operations and documentation project plans using JIRA, ensuring the consensus-based execution of plans.Coordinate between multiple teams to ensure security efforts are aligned with project goals and deliverables.Represent security operations as part of the larger program implementation, keeping workstreams on track and anticipating client needs.Risk Management:Identify, manage, and mitigate security risks throughout the project lifecycle.Collaborate with clients and external partners (where applicable) to develop and agree upon risk mitigation strategies.Stakeholder Engagement:Manage multiple client and stakeholder perspectives, ensuring that deliverables are accurate, on time, and meet the project’s objectives.Serve as a primary advisor for stakeholders on security operations matters, providing executive-level briefings and updates.Workgroup Facilitation:Develop agendas for security workgroup meetings, capturing key takeaways and action items to drive actionable progress.Maintain security documentation and project artifacts in tools like JIRA and Confluence.System Integration and Delivery:Lead the integration of security operations across multiple teams and resources.Coordinate, Collaborate, and Integrate the work of technical and cybersecurity resources to solve complex security challenges.Process Optimization:Champion continuous improvement in security operations, ensuring that processes are aligned with broader marketplace development goals.Oversee marketplace-wide process changes and ensure technical dependencies are managed.Advanced Technical Leadership:Apply advanced technical principles and innovative security solutions to complex problems.Work closely across client-based and external contractor teams to integrate on the development and delivery of security capabilities and system requirements.Executive-Level Communication:Provide regular executive briefings, maintain stakeholder matrices, integrated roadmaps, and highlight risks and issues.Required Qualifications7+ years of experience in Security Operations, Cybersecurity, or Information Assurance, with demonstrated responsibility across the full Software Development Lifecycle (SDLC).Hands-on experience supporting Authorization to Operate (ATO) processes, including penetration testing coordination, POA&M development and tracking, and security release testing.Strong working knowledge of federal security and privacy frameworks, including NIST SP 800-53, NIST RMF, and CMS security requirements.Proven experience developing and maintaining security operations documentation, including Security Impact Assessments (SIAs), system security plans, and interagency data exchange artifacts.Demonstrated ability to lead and manage security-related project plans using tools such as JIRA and Confluence, including dependency tracking and milestone management.Experience identifying, assessing, and mitigating security risks across complex, multi-team environments.Strong stakeholder management skills, with experience advising senior government and executive-level audiences on security posture, risks, and mitigation strategies.Ability to coordinate across technical, programmatic, and external partner teams to deliver integrated security solutions.Excellent written and verbal communication skills, including experience preparing executive briefings, status reports, and risk summaries.Preferred QualificationsPrior experience supporting CMS, HHS, or other federal healthcare or marketplace programs.Experience working in multi-vendor or interagency environments, particularly involving data sharing or interoperability.Familiarity with cloud security (AWS, Azure, or GCP) and modern DevSecOps practices.Experience facilitating cross-functional security workgroups and driving consensus-based decision-making.Relevant certifications such as CISSP, CISM, PMP, or Security+. Key Competencies & AttributesSecurity leadership mindset — able to lead without formal authority and influence outcomes across teams.Strong organizational skills with the ability to manage multiple priorities simultaneously.Proactive, anticipatory approach to risk identification and issue escalation.Comfort operating in ambiguity and evolving program environments.Ability to translate complex technical and security concepts into clear, actionable guidance for non-technical stakeholders.