Senior IT Specialist (INFOSEC), CG-2210-14 (Permanent)
Chief Information Officer Organization (CIOO)
Office of the Chief Information Security Officer (OCISO)
Governance, Risk, and Compliance Section (GRCS)
Duty Location: Virginia Square
Number of Vacancies: Two
Open Period: 6/12 – 6/26/18
WHO MAY BE CONSIDERED: Federal Employees; Veterans
JOB LINK: https://www.usajobs.gov/GetJob/ViewDetails/502099200
WHO MAY BE CONSIDERED: All US Citizens
JOB LINK: https://www.usajobs.gov/GetJob/ViewDetails/502098700
MAJOR DUTIES: The Senior IT Specialist (INFOSEC) is responsible for the following duties:
- Develops, implements, coordinates, and manages the Information Security Assurance Program, and its numerous agency-wide sub-programs that safeguard IT asset and operations and provides vision, guidance and oversight in the development and implementation of substantial Information Security Assurance Program modifications to enhance IT security posture.
- Formulates and coordinates recommendations of acceptable levels of risk in authorizing the operation of General Support Systems, Major Applications, and Minor Applications for the Chief Information Officer (CIO).
- Analyzes, and directs IT security assessment methods that evaluate the management, operational, and technical security controls applied to assets, including all systems and applications.
- Performs and/or directs the validation of risk mitigation processes, action plans, and/or budget cost proposals to address risks identified during assessments and audits of IT assets.
- Plans and implements regulatory-compliant, information security assurance policies, procedures and guidance promulgated throughout the Corporation and manages the deployment of automated software products) used for remediation and tracking of corporate-wide IT security weaknesses and vulnerabilities.
- Performs analysis of ever-changing regulatory compliance requirements to ensure appropriate levels of continuous controls assessments on agency assets; this provides real-time situational awareness of the security posture of assets to senior management and the Chief Information Officer (CIO).
- Devises appropriate degrees of NIST-based technical testing of disparate system, applications, and vendor services to assess the adequacy of implemented security controls.
- Coordinates closely with other sections and senior management, peer-level managers, and service providers, to employ information security assurance solutions that meet federally mandated security requirements and align with industry best practices.
- Provides agency-wide, strategic consultation to divisional system owners, divisional Information Security Managers (ISM), directors, and senior management regarding the risk posture of IT systems.