This position falls under the IT Security Assurance and Compliance Director in the U.S. Peace Corps Office of the Chief Information Officer (CIO). The mission of the IT Security Assurance and Compliance Office is to institutionalize IT security processes and standards by promoting sound business and IT decisions. It does this by helping the agency appropriately plan for and execute policy, process, acquisition, and technological decisions that reduce risks. It also seeks to achieve compliance with federal regulations and standards, including those originating from the Office of Management and Budget, the Federal Information Security Management Act (FISMA), and the National Institute of Standards and Technology; which help the agency protect its information and systems, thus protecting the Peace Corps brand, intellectual property, and personnel.
Performs Information System Security Officer (ISSO) duties and is responsible for ensuring that the appropriate operational security posture is maintained. The ISSO also serves as a principal advisor on all matters, technical and otherwise, involving the security of an information system.
Performs Assessment and Authorization (A&A) activities in compliance with Federal regulations, standards, and practices. Ensures that day-to-day operational security is maintained, creates and updates security documentation, and performs risk assessments.
Develops IT systems security policies, guidelines, and procedures for systems with broad access, multiple applications, and differing security controls.
Establishes and monitored global, region-wide or program-wide security or risk management policies and procedures, to include driving Plans of Action & Milestones (POA&Ms) to resolution.
Develops specifications and coordinated the security aspects of software or systems design, development, testing, installation, and support of new and modified systems.
Monitors and evaluates the technical aspects of information security contractor performance, adherence to deliverable schedules, and quality of the work.
Evaluates the technical specifications and features of new products. Performed product comparisons, feasibility and cost-benefit analyses, and performance/compatibility testing.
Defines cyber security requirements for new enterprise applications, contractor systems, and cloud-based systems.
Able to define and implement technical HIPAA/HITECH controls.
Able to define and implement technical NIST 800-53 rev. 4 controls.
Ensures, or participates in ensuring, the confidentiality, integrity, and availability of systems, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, procedures, and tools.
Evaluates, acquires, configures, and uses software intended to ensure that automated systems are secure from unauthorized use, viral infection, and other problems that would compromise sensitive information in terms of confidentiality, integrity, and availability, or would compromise other aspects of overall system security.
Performs or assists in the systematic examination and appraisal of the economy, efficiency, and security of information technology operations, and the level of effectiveness, legal and regulatory compliance, and adequacy of operational reporting, for a department or agency. Examines matters such as information technology procurement practices, systems development, and risk controls.