This position falls under the IT Security, Assurance and Compliance Director in the U.S. Peace Corps Office of the Chief Information Officer (CIO). The mission of the IT Security, Assurance and Compliance Office is to institutionalize IT security processes and standards by promoting sound business and IT decisions. It does this by helping the agency appropriately plan for and execute policy, process, acquisition, and technological decisions that reduce risks. It also seeks to achieve compliance with federal regulations and standards, including those originating from the Office of Management and Budget, the Federal Information Security Management Act (FISMA), and the National Institute of Standards and Technology; which help the agency protect its information and systems, thus protecting the Peace Corps brand, intellectual property, and personnel.
Develops IT systems security policies, guidelines, and procedures for systems with broad access, multiple applications, and differing security controls. Establishes and monitored global, region-wide or program-wide security or risk management policies and procedures, to include driving Plans of Action & Milestones (POA&Ms) to resolution.
Plans and coordinates the delivery of an organization-wide information technology security awareness training program for end users at all levels in the organization. Develops specifications and coordinated the security aspects of software or systems design, development, testing, installation, and support of new and modified systems.
Monitors and evaluates the technical aspects of information security contractor performance, adherence to deliverable schedules, and quality of the work. Evaluates the technical specifications and features of new products. Performed product comparisons, feasibility and cost-benefit analyses, and performance/compatibility testing.
Defines cyber security requirements for new enterprise applications, contractor systems, and cloud-based systems. Must define and implement technical HIPAA/HITECH controls and define and implement technical NIST 800-53 rev. 4 controls
Performs a range of duties to ensure the availability, integrity, authentication, confidentiality, and nonrepudiation of data within information systems, electronic communications systems, and/or wireless network systems.
Performs reviews and studies to prevent security attacks against such systems. Develops IT systems security policies, guidelines, and procedures for systems with broad access, multiple applications, and differing security controls.
Establishes and monitored global, region-wide or program-wide security or risk management policies and procedures, to include driving Plans of Action & Milestones (POA&Ms) to resolution.
Plans and coordinates the delivery of an organization-wide information technology security awareness training program for end users at all levels in the organization.
Develops specifications and coordinated the security aspects of software or systems design, development, testing, installation, and support of new and modified systems.
Monitors and evaluates the technical aspects of information security contractor performance, adherence to deliverable schedules, and quality of the work.
Evaluates the technical specifications and features of new products. Performed product comparisons, feasibility and cost-benefit analyses, and performance/compatibility testing.
Defines cyber security requirements for new enterprise applications, contractor systems, and cloud-based systems.