Job Overview

Summary

About the Agency

This position is located in the Office of the Executive Director (OED), Office of the Chief Information Officer (OCIO), Information Assurance Branch (IAB).  This Branch is responsible for managing the agency’s Federal Information Security Management Act (FISMA) process which protects the availability, confidentiality, and integrity of FTC’s information and information assets.  The OCIO continually seeks to improve the Information Assurance Program and comply with OMB Circular A-130, Appendix III security requirements. 

The incumbent is responsible for developing policies and procedures to ensure information systems reliability and accessibility and to prevent and defend against unauthorized access to systems, networks, and data.  The incumbent reports to the Assistant Director of the Branch.

 

Duties

The incumbent will be responsible for performing the following duties:

  • Serves as a technical expert and consultant to FTC OCIO management and staff on IT security and risk management; identifies IT risks and evaluates  key technologies; analyzes the impact of various risk mitigation strategies in close partnership with the system owner; translate regulatory requirements into tangible system requirements for the adoption of security standards; and supports the design, implementation and maintenance of secure and compliant systems. Develops strategies to identify security improvements and cost reduction opportunities; and evaluate and recommend and manage implementation of new or enhanced approaches to delivering FTC OCIO IT security and risk mitigation services.
 
  • Ensures compliance with the Federal Information Security Management Act (FISMA)
 
  • Develops policies and procedures to ensure information systems reliability and accessibility and to prevent and defend against unauthorized access to systems, networks, and data;
 
  • Conducts risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and protection needs;
 
  • Promotes awareness of security issues among management and ensuring sound security principles are reflected in organizations’ visions and goals;
 
  • Conducts systems security evaluations, audits, and reviews;
 
  • Develops systems security contingency plans and disaster recovery procedures;
 
  • Develops and implements programs to ensure that systems, network, and data users are aware of, understand, and adhere to systems security policies and procedures;
 
  • Participates in network and systems design to ensure implementation of appropriate systems security policies;
 
  • Facilitates the gathering, analysis, and preservation of evidence used in the prosecution of computer crimes;
 
  • Assesses security events to determine impact and implementing corrective actions; and/or
 
  • Ensures the rigorous application of information security/ information assurance policies, principles, and practices in the delivery of all IT services.