The OCIO Director Information Security, Policy and Governance is responsible for a staff of five FTEs and a contract staff of 5-10 individuals, directly manages a security budget of over $1 million and oversees another $500K+ of security services outside of the OCIO. The position responsibilities span three disciplines - Information security, Agency IT Policy, and Agency IT Governance. This position leads the agency's global efforts to protect sensitive information, improve the agency's information technology security posture world-wide, and reduce agency liability by ensuring compliance to applicable Federal laws and agency policies and procedures. Agency IT Policy: This position leads the development and execution of agency- wide IT security and non-security policy. These policies include IT Security, Use of IT Systems by Volunteers, Trainees and Returned Peace Corps Volunteers, Information Management, Mobile Information Technology Devices and Use of Government Technology Services and Equipment, Information Systems Security Governance: This position is responsible for development and management of the agency's Federal Information Security Management Act (FISMA) system's program, executes FISMA systems and subsystems security audits and participates with peer colleagues in IT Strategic Planning, Customer Relationship Management processes, and Enterprise Architecture planning and execution. This position reports to the Chief Information Officer and carries out risk management and information assurance functions required to achieve desired levels of availability, integrity, and confidentiality. The person selected for this position will enhance the agency's information security program through planning, leading, and managing the following areas: Leadership and Integration, IT Risk Management, Compliance, IT Security Architecture, Cyber Incident Prevention, Response and Reporting, Security Awareness and Training, and Policy and Processes.
Ensures, or participates in ensuring, the confidentiality, integrity, and availability of systems, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, procedures, and tools.
Evaluates, acquires, configures, and uses software intended to ensure that automated systems are secure from unauthorized use, viral infection, and other problems that would compromise sensitive information in terms of confidentiality, integrity, and availability, or would compromise other aspects of overall system security.
Manages all aspects of multi-year IT program initiatives, including project selection, prioritization, evaluation and monitoring, cost schedule management, risk management, quality management, and resource allocations. Programs are carried out through multiple related IT projects and are established to provide IT products and/or services. Leads, coordinates, communicates, integrates, and is accountable for the overall success of the program.