• Help

    Duties

    Summary

    This position is located in the Information Technology Center (ITC), FCC IT, Office of the Managing Director, Federal Communications Commission.The incumbent of this position serves as an IT Specialist focused on Security Compliance supporting the Chief Information Security Officer (CISO).  The incumbent facilitates the engineering of mechanisms used to defend FCC networks from external threat required around the developing, delivering, and maintenance of systems and networks at the FCC.

    Learn more about this agency

    Responsibilities

    The IT Security Compliance and Audit Lead maintains the critical role of protecting FCC's computer network operations by maximizing the Cybersecurity Assets that defend the network and exercising knowledge, skills and the experience to understand, detect, clearly explain, and resolve cyber threats. In this role the incumbent supports the Chief Information Security Officer (CISO), enabling him/her to perform higher level functions within the FCC. The IT Security Compliance Specialist must:

    • Manage FCC Assessment and Authorization (A&A) Lifecycle.
    • Develop and implement FCC Information System Security Policies and Procedures.
    • Develop annual Authority to Operate (ATO) packages as required by the National Institute of Standards and Technology {NIST) standard in conjunction with the Information Systems Security Officer (ISSO). Ensure that all critical systems have been identified and are up to date for the System Security Plan.
    • Administer and manage the FISMA system repository, Cyber Security Assessment and Management tool.
    • Conduct independent risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and measures needed to protect FCC automated information, and to complete system certification and accreditation for each system.
    • Create, approve, and monitor status Plan of Action and Milestones for Security Program. Develop, test, implement, and update the FCC Information Systems Contingency Plan and Disaster Recovery Plans. Ensure that these plans are consistent across Headquarter, Regional Offices, and meet NIST requirements.
    • Review and comment on all Security Policies developed by the Office of Chief Information Officer.
    • Prepare annual for General Support Systems and Major Applications in conjunction with System owners.
    • Direct and control project phases, ensuring compliance with applicable Federal regulations and guidelines such as but not limited to FISMA, OMB directives and Information security policies and procedures.
    • Oversee the vulnerability management process to ensure that vulnerabilities are being patched in a timely manner.
    • Direct and facilitate the enterprise-wide security training for all users.
    • Oversee, review and approve FedRAMP ATO packages, continuous monitoring reports, and deviation requests for Cloud Service Providers.
    • Plan projected work including development of long range and annual audit plans, research and coordination of fact sheets and audit plans.
    • Develop plan to migrate from NIST 800-37 Rev 1 to Rev 2.
    • Independently oversee audit execution and the development of concepts and approaches, guides, and resources; conduct audit reviews; and report progress.
    • Direct the development of audit reports, ensuring compliance with standards and 'protocols and the development of appropriate corrective action.
    • Maintain liaison and represent FCC IT personnel with Internal and external stakeholders and officials of OIG, FCC, GAO, other Federal agencies, nongovernmental organizations, foreign governments, and Congressional staff.
    • Manage acquisition and planning, prepare Statements of Work for security related
    • Provide recommendations for and participate in the acquisition of information security and information assurance enforcement, analysis, and monitoring tools, as well as tools purchased off the-shelf that are acquired with security requirements.
    • Provide recommendations for and participates in the assessment of emerging technologies that may enhance information security and information assurance enforcement, analysis, and monitoring, as well as technologies that may be available off-the-shelf that may enhance security capabilities of existing applications and systems.
    • Manage contractor staff and be COR certified.
    • Collaborate with IT team members to effectively meet milestones.
    • Provide reports to the CISO on compliance activities.
    • Performs other duties as assigned.

    Travel Required

    Not required

    Supervisory status

    No

    Promotion Potential

    14 - No promotion potential.

This job originated on www.usajobs.gov. For the full announcement and to apply, visit www.usajobs.gov/GetJob/ViewDetails/581236700. Only resumes submitted according to the instructions on the job announcement listed at www.usajobs.gov will be considered.