Mediabistro logo
job logo

Program Director -Local to NC

Mahantech Corp., Raleigh, NC, United States

Overview

The DHHS Privacy & Security Office is launching a large-scale cybersecurity initiative to conduct comprehensive Technical Security Risk Assessments and Penetration Testing across approximately 100 counties . The objective of this initiative is to evaluate and strengthen the security posture of county IT environments and ensure compliance with cybersecurity best practices and regulatory requirements.

This initiative will assess county infrastructure and security controls, including:

  • Servers and endpoint systems (desktops/laptops)

  • Network architecture and segmentation

  • Firewalls and perimeter security controls

  • User access provisioning and identity management

  • Multi-Factor Authentication (MFA)

  • Virtual Private Networks (VPNs)

  • System hardening standards and procedures

  • Vulnerability management processes

  • Patch management practices

Role: Program Director

The Lead Consultant will be responsible for planning, executing, and overseeing all technical security assessment and penetration testing activities across the participating counties. This role requires both deep technical expertise and strong leadership and communication skills.

Key Responsibilities

Assessment & Testing Execution

  • Design and conduct technical security risk assessments for county IT environments.

  • Perform penetration testing activities to identify vulnerabilities, misconfigurations, and security gaps.

  • Validate security controls across infrastructure, network, identity, and endpoint environments.

Methodology & Standardization

  • Develop standardized assessment methodologies, testing frameworks, and reporting templates.

  • Ensure consistency, repeatability, and quality across all county assessments.

  • Define risk scoring models and remediation prioritization standards.

Program & Team Management

  • Manage assessment team assignments, scheduling, and workload distribution.

  • Track project milestones, deliverables, and timelines.

  • Ensure timely completion of assessments across all counties.

Reporting & Stakeholder Communication

  • Prepare executive-level and technical reports outlining findings, risks, and remediation recommendations.

  • Translate complex technical security findings into clear, non-technical language for business leaders, CMS, and stakeholders.

  • Support presentations, briefings, and audit discussions as required.

Quality & Governance

  • Ensure assessments align with cybersecurity best practices, regulatory standards, and organizational security policies.

  • Maintain documentation, audit trails, and evidence for compliance and governance purposes.

Required / Desired Skills

  • Experience in cybersecurity risk assessments and penetration testing. Required

  • 7.0 Years

  • Lead and perform technical security risk assessments on county IT environments (servers, desktops, networks, firewalls, IAM, MFA, VPNs, patching) Required

  • 5.0 Years

  • Conduct internal/external penetration testing, vulnerability identification, and exploit validation Required

  • 7.0 Years

  • Develop a repeatable assessment methodology, templates, testing procedures, and reporting formats for use across 100 counties. Required

  • 5.0 Years

  • Manage and coordinate assessment team workloads, assignments, schedules, and deliverables. Required

  • 7.0 Years

  • Create and maintain project plans, timelines, and progress reports. Required

  • 7.0 Years

  • Familiarity with NIST, CIS Controls, ISO 27001, and related frameworks. Required

  • 3.0 Years

#J-18808-Ljbffr