· Provide leadership for on-going information security and privacy assessments of new and emerging IT products and technologies to support agency IT investment and acquisition decisions that advance CNCSs priorities and strategic goals.
· Offer advice guidance and counsel to the CIO and other agency executives regarding information security and privacy related issues.
· Ensure that information system users, managers and supervisors, information owners, and information custodians are aware of their security responsibilities by arranging for and/or coordinating an appropriate level of system security training/orientation.
· Ensure that all systems that process sensitive information are identified, that proper precautions are taken to protect and label agency information in all of its forms, and that personnel processing sensitive information are aware of the proper procedures.
· Oversee information assurance activities, to include planning and controlling related tasks, to achieve information assurance program goals; establish program objectives; establish schedules; estimate costs and budgets; define requirements through specifications and work statements; develop specific project plans; coordinate project planning with the contracting officer; conduct required cost-benefit analyses; and functioning as a Contracting Officers Representative (COR). Monitor the performance of information assurance contracts, and make recommendations for improvement in terms of cost, quality of work, and timeliness of service.
· Prepare and implement security assessment and authorization plans, processes and procedures for CNCS information systems.
· Ensure that the CNCS Information Assurance Program (IAP) is compliant with FISMA requirements, OMB mandates, and NIST guidelines. Serve as the focal point for information security and privacy liaison activities and provide an active communication channel for CNCS users with information security and privacy responsibilities. Also, serve as the CIO's liaison to the OIG and as the CIOs designee for external auditors and agencies regarding security and privacy matters.
· Protect the privacy and confidentiality of agency data by identifying potential threats to the system and application components, and notifying the appropriate personnel/managers of the risk potential.
· Audit and monitor access to all Corporation systems and compile monthly security reports per CNCS IAP policy.
· Develop and implement an ongoing risk assessment program targeting agency information security and privacy matters, recommend methods for vulnerability detection and remediation, and oversee vulnerability testing. Advise management regarding potential risks, mitigating security practices or conditions, and cost effective countermeasures.
· Prepare and submit to the CIO the annual agency FISMA Report, the OMB-directed FISMA Plan of Actions & Milestones (POA&M), and other required reports. Prepare policies and guidance relating to firewall management, remote access, wireless networking technology and other security infrastructure.
· Provide direction, supervision, coordination, and guidance to OIT and other CNCS staff who have information assurance responsibilities. Supervise a team of information technology employees and provide direction, supervision, coordination, and guidance to assigned staff. Provide management supervision and leadership. Perform administrative and human resource management functions appropriate to the staff supervised. Plan work, set priorities, assign and review work. Establish goals and objectives or standards for team performance. Identify skill sets and appropriate experience levels for team members. Establish guidelines and performance expectations for staff members, and clearly communicate them through the formal employee performance management system. Observe workers' performance; demonstrate and conduct work performance critiques. Provide informal feedback and periodically evaluate employee performance. Resolve informal complaints and grievances. Develop work improvement plans and recommend personnel actions as necessary. Implement disciplinary measures as appropriate. Review and approve or disapprove leave requests. Hear and resolve team complaints.
· Keep abreast of the latest security and privacy legislation, regulations, advisories, alerts, vulnerability and technology as they pertain to the agency and its mission.
· Perform other duties as assigned.