The Division of Examinations administers the SEC's nationwide examination and inspection program for registered self-regulatory organizations, NRSROs, broker-dealers, transfer agents, clearing agencies, investment companies, and investment advisers.Learn more about this agency
This position is in the Office of the Technology Controls Program (TCP) within the Division of Examinations located in Washington, DC. TCP has primary responsibility for oversight and technology examinations of the self-regulatory organizations.
As an Information Technology Specialist (INFOSEC), SK-2210-11 you will:
- Provide IT security support for audits of the self-regulatory organizations (SRO's) under the SEC Technology Controls Program. Conducts reviews of computer systems of regulated entities to evaluate entities' systems for: 1) the ability to create a fair market environment for trading; 2) to conduct market surveillance using existing and or planned for computer programs; 3) to detect fraud and abuse within the market; and 4) the ability to maintain the entity's operational capability and promote the maintenance of fair and orderly markets;
- Review the work of SRO's and prepares findings and inspection reports;
- Conduct vulnerability assessments of network architecture of the SRO's and prepares reports of findings;
- Perform network security architecture reviews and risk assessments to identify network and systems specific risks. Evaluates the existing centralized logging network capabilities; forensic procedures, and certification and accreditation procedures being followed by the SRO's;
- Evaluate and recommends the adoption of IT best practices that would ensure that the confidentiality, availability, and integrity of trading systems data are maintained;
- Work with senior staff to conduct examinations of areas such as business continuity planning, computer operations, software development lifecycle, networking, and information security, ensuring the application of industry best practices and standards; and
- Review SRO's compliance with the Federal Information Security Management Act, NIST standards, and corporate IT security policies and standards. Examines SRO's to determine if there is a continuing evaluation of their existing security posture, monitoring of intrusion activities, and an effective security awareness program for the SRO staff.
Occasional travel - You may be expected to travel more than 25%.
This job originated on www.usajobs.gov. For the full announcement and to apply, visit www.usajobs.gov/GetJob/ViewDetails/588464100. Only resumes submitted according to the instructions on the job announcement listed at www.usajobs.gov will be considered.