Job Overview

Summary

The incumbent of this position will serve as the Chief Information Security Officer, under the general direction of the Chief Information Officer (CIO), responsible for the development and delivery of a comprehensive information security and privacy program for the Corporation for National and Community Service.

ABOUT US:

The Corporation for National and Community Service was established as a Federal agency in 1993 to engage Americans of all ages and backgrounds in community-based service. Together, its Senior Corps and AmeriCorps programs promote the ethic of service and help solve critical community problems in every state, many Indian tribes, and most U. S. territories. As a result, hundreds of thousands of Americans are joining forces to address community needs in education, homeland security, housing, health care, environmental protection, and disaster relief.

Interchange Agreement:

The Corporation for National and Community Service (Corporation) has an approved (by the Office of Personnel Management) civil service interchange agreement. The Corporation is an excepted service agency. Under the terms of the Interchange Agreement, permanent Corporation employees may be considered for appointment to positions in the competitive service in the same manner that employees of the competitive service are considered for transfer to such positions.

Duties

·         Develop and maintain an agency information assurance (IA) strategic plan and agency information security and privacy policy, procedures, and guidance necessary for the implementation of an appropriate information assurance program (IAP).  The IAP addresses the areas of computer viruses and malicious code, security plans, contingency planning and business impact analysis, backups, security testing and evaluation, Local/Wide Area Network security, remote access, security awareness and training, computer incident response capability, risk management, and the secure administration and management of applications and systems during their life cycle stages from inception to disposal.  The IA strategic and program plans will be consistent with and support agency and IT strategic plans.

·         Provide leadership for on-going information security and privacy assessments of new and emerging IT products and technologies to support agency IT investment and acquisition decisions that advance CNCS’s priorities and strategic goals.

·         Offer advice guidance and counsel to the CIO and other agency executives regarding information security and privacy related issues.

·         Ensure that information system users, managers and supervisors, information owners, and information custodians are aware of their security responsibilities by arranging for and/or coordinating an appropriate level of system security training/orientation.

·         Ensure that all systems that process sensitive information are identified, that proper precautions are taken to protect and label agency information in all of its forms, and that personnel processing sensitive information are aware of the proper procedures.

·         Oversee information assurance activities, to include  planning and controlling related  tasks, to achieve  information assurance program  goals;  establish program  objectives; establish schedules; estimate costs and budgets; define requirements through  specifications and work statements; develop specific project plans;  coordinate project  planning  with the contracting officer;  conduct required cost-benefit analyses;  and functioning as a Contracting Officer’s Representative (COR).  Monitor the performance of information assurance contracts, and make recommendations for improvement in terms of cost, quality of work, and timeliness of service.

·         Prepare and implement security assessment and authorization plans, processes and procedures for CNCS information systems.

·         Ensure that the CNCS Information Assurance Program (IAP) is compliant with FISMA requirements, OMB mandates, and NIST guidelines. Serve as the focal point for information security and privacy liaison activities and provide an active communication channel for CNCS users with information security and privacy responsibilities. Also, serve as the CIO's liaison to the OIG and as the CIO’s designee for external auditors and agencies regarding security and privacy matters.

·         Protect the privacy and confidentiality of agency data by identifying potential threats to the system and application components, and notifying the appropriate personnel/managers of the risk potential.

·         Audit and monitor access to all Corporation systems and compile monthly security reports per CNCS IAP policy.

·         Develop and implement an ongoing risk assessment program targeting agency information security and privacy matters, recommend methods for vulnerability detection and remediation, and oversee vulnerability testing.  Advise management regarding potential risks, mitigating security practices or conditions, and cost effective countermeasures.

·         Prepare and submit to the CIO the annual agency FISMA Report, the OMB-directed FISMA Plan of Actions & Milestones (POA&M), and other required reports. Prepare policies and guidance relating to firewall management, remote access, wireless networking technology and other security infrastructure.

·         Develop and implement an incident reporting and response process to address potential and actual agency security incidents and breaches, any alleged policy violations, and complaints from external parties.  Investigate, document, and report any actual or perceived violations of security or privacy policy to agency management and external federal agencies, as appropriate.

·         Provide direction, supervision, coordination, and guidance to OIT and other CNCS staff who have information assurance responsibilities.  Supervise a team of information technology employees and provide direction, supervision, coordination, and guidance to assigned staff. Provide management supervision and leadership. Perform administrative and human resource management functions appropriate to the staff supervised. Plan work, set priorities, assign and review work.  Establish goals and objectives or standards for team performance. Identify skill sets and appropriate experience levels for team members. Establish guidelines and performance expectations for staff members, and clearly communicate them through the formal employee performance management system. Observe workers' performance; demonstrate and conduct work performance critiques. Provide informal feedback and periodically evaluate employee performance. Resolve informal complaints and grievances. Develop work improvement plans and recommend personnel actions as necessary. Implement disciplinary measures as appropriate. Review and approve or disapprove leave requests.  Hear and resolve team complaints.

·         Keep abreast of the latest security and privacy legislation, regulations, advisories, alerts, vulnerability and technology as they pertain to the agency and its mission. 

·         Perform other duties as assigned.