The incumbent serves as an Information Systems Security Officer that supports the NHTSA IT Cybersecurity and Privacy program by ensuring security and privacy requirements are included in the system engineering process, supporting Risk Management Framework (RMF) task(s) in accordance with NIST Special Publication 800-37, including supporting security and privacy assessments and other audits requests.Learn more about this agency
The Information System Security Officer (ISSO) :
- Assist the Cybersecurity and IT security compliance of NHTSA IT cybersecurity program by supporting cybersecurity in the system engineering process, supporting Risk Management Framework (RMF) task(s) in accordance with NIST Special Publication 800-37, including supporting cybersecurity assessments and other audits requests, Information System Continuous Monitoring (ISCM), Contingency Planning, incident handling risk analysis and mitigation IT security baseline compliance and security (Role-based and Awareness) training, in accordance with supporting DOT policy, guidelines and NIST standards.
- Support NHTSA’s SDLC and DevSecOps implementation by maintaining architecture diagrams, process and standard operation procedures documentation, and ensuring the integration and management of static code vulnerability detection applications into the process.
- Assist the Privacy Officer with reviewing and updating Privacy Impact Assessments (PIAs), Privacy Threshold Analyses (PTAs), and System of Record Notices (SORNs). This includes interfacing/coordinating with the System Owner (SO) that originates/has responsibility for the document to ensure the PIA/PTA/SORN contains appropriate information to be approved/adjudicated by DOT Privacy Office for inclusion in System Authorization package.
- Develop / update FIPS 199 Security Categorization document; ensure information type(s) and special considerations (if applicable) are defined, and update System Security Plans (SSP); ensuring discovered and identified system components, control implementation status are addressed.
- Assist the System Owners, Information Owners, and Information System Security Manager (ISSM) in recording all known security weaknesses of assigned information systems in the Plans of Action and Milestones (POA&M’s) in accordance with DOT policy, guides and procedures. Includes developing Draft Plan of Action and Milestones (POA&M) for observed control level deficiencies or gaps control implementation(s) in accordance with DOT policy, guides and procedures and conduct quality assurance reviews of existing POA&Ms to ensure completeness, accuracy and identified solutions are cost effective.
- Support the information system contingency planning process in accordance with NIST SP 800-34 Revision and ensure contingency plan test exercises results are documented in an after-action report, and Lessons Learned corrective actions are captured for updating information in the Information Systems Contingency Plan (ISCP). Additionally, provide draft update contingency plans including Business Impact Analysis (BIA).
- Track security awareness training and specialized training for NHTSA program offices and IT staff on an annual basis.
- Provide support for development and collecting information for effective performance measures and metrics by ensuring the DOT enterprise information security management system. Cybersecurity Assessment and Management (CSAM) application /database accurately contains required information and supporting artifacts.
This job originated on www.usajobs.gov. For the full announcement and to apply, visit www.usajobs.gov/GetJob/ViewDetails/596112800. Only resumes submitted according to the instructions on the job announcement listed at www.usajobs.gov will be considered.