The incumbent provides support in audits, inspections, and evaluations. Gathers and analyzes electronic records, creates databases and enters pertinent data to formulate progressive and logical analysis. Develops general audits, inspections, and evaluations strategies and tactics, and assists field offices in coordinating multi-discipline teams supported by Department of the Interior (DOI) and OIG staff and DOI program officials in order to resolve complex IT issues in an automated environment. Makes recommendations to management concerning appropriate changes in Departmental procedures, practices and/or regulations that may be susceptible to IT control weaknesses. Maintains liaison with OIG staff, forensic technicians, security officials, and IT or telecommunications organizations in the private sector. Serves on working and users groups or organizations oriented toward the development or improvement of IT evidence gathering methods or the techniques of computer fraud audits, inspections, and evaluations.
The incumbent is responsible for a wide variety of information security activities that provide a high degree of integrity and availability of a variety of information management systems including software and network analysis, development, maintenance and enhancement of information systems security programs, polices, procedures, and tools. Participates in the certification of information security systems and accreditation process. Plans, implements, and evaluates the Federal Information Security Management Act (FISMA) report and information technology security related functions and activities. Consults with the Financial and Information Technology Audit Unit, other internal and external contacts and authorities, including other Federal government offices, industry vendors, and experts from the private sector. Ensures the OIG adopts complete and best practices in performing FISMA functions. Participates in developing the annual work plan for testing information technology security controls, and assists with procurement of tools and services.
The incumbent keeps up to date on new or changing information security hardware, software, and telecommunication resources. Provides technical expertise, guidance, advice, and recommendations for information security requirements. Responsible for conducting security risk and vulnerability assessments, protection requirements, contingency planning, and disaster recovery processes. Oversees systems evaluations, audits, and reviews to ensure security measures are adequate or recommends enhancements, upgrades or changes. Researches and analyzes a wide variety of complex information security problems and provides responses to resolve.