This position is located in the Information Systems Security Officer Section, IT Security Division, Office of the Chief Information Officer. The position description number for this position is 361216. The salary range indicated reflects the locality pay adjustments for the Washington, D.C., Metropolitan area. This is a non-supervisory, bargaining unit position. Relocation expenses will not be authorized for the person(s) selected under this vacancy announcement.
Applicants must have had progressively responsible experience and training sufficient in scope and quality to furnish them with an acceptable level of the following knowledge, skills, and abilities to perform the duties of the position without more than normal supervision. Ability to perform IT research and analysis.** Knowledge of cybersecurity principles, methods and tools.** Ability to develop IT policies and guidelines. Ability to apply project management methodologies and techniques to manage complex IT projects. Ability to communicate effectively other than in writing.
This permanent position is eligible for 100% local telework. Selected candidates are required to live within the Washington, DC Locality Payment Area. The incumbent carries out a wide range of complex assignments to further the goals and objectives of the Library and works under the supervision of the ISSO Section Supervisor. The incumbent performs Information Systems Security Officer support, IT project planning and management, and IT research and analysis. The incumbent provides technical analysis and support, programming needs and the performance of associated tasks. Manages the development of short and long-range plans for IT security of systems that anticipate, identify, evaluate, mitigate, and minimize risks associated with IT system vulnerabilities. Provides authoritative guidance related to information system security planning, as well as coordination and development of specifications to meet security requirements. Develops and reviews systems security procedures and guidance for systems processing multiple applications that require differing and conflicting security controls, and that are typically accessed by a large distributed user community. Interprets IT security policy and implements corresponding security controls covering the management, operational, and technical aspects of a system's boundary. This includes NIST SP 800-53 controls applicable to the system’s security categorization. Implements higher-level statutory and regulatory security requirements. Ensures the Confidentiality, Integrity, and Availability of IT systems through full compliance with LCR 5-410. Continually evaluates current systems security posture and monitors activities associated with IT security compliance. Manages the development of information system security plans and procedures, and ensures compliance with federal laws, related NIST standards and agency IT security policies and directives. Assists in preparing comprehensive reviews and evaluations of software and systems design or modification proposals for identifying possible security risks that should be considered during further systems design and programming. Assists in reviewing final software installation and system plans for additional security risks not identified during proposal stages and recommends work process changes, general design and programming techniques to alleviate potential security problems. Investigates security incidents and coordinates efforts with the LC Security Operations Center (SOC) and System Administrators for cause and the most effective corrective actions. Monitors and evaluates changes that affect systems security. Plans and manages complex IT projects involving interrelated disciplines and multiple stages of the systems development lifecycle. For example, manages IT projects for the office, and aligns the IT infrastructure with agency business requirements. Integrates systems analysis, software development, database administration, and customer support into the project plan. Analyzes the development of information systems requirements and plans for systems integration. Evaluates the adequacy of change management by reviewing the configuration change process and policy. Develops and evaluates testing strategies, plans, or scenarios. Participates in milestone project reviews, and monitors project activities/resources to mitigate risk. Evaluates agency's information system requirements, and ensures that agency information systems requirements are identified, including reviewing project estimates, schedules, and contingency plans. Assesses the overall project plan, budget, tasks descriptions, work breakdown schedule, and deliverables. Reviews project plans for systems analysis, software development, database administration, and customer support. Reviews proposed policy, regulations, and procedural changes to determine impact on area of responsibility. In consultation with users and in consideration of existing problems, constraints, and potentially relevant developments in applications programming technology, recommends priority areas of emphasis for improvement of currents systems. Reviews and evaluates security policies, and identifies the need for change based on new security technologies or threats. Provides expert analysis and advice on complex program related information technology (IT) issues or problems where new analytical techniques must be developed to identify and evaluate findings.