This announcement will remain open until 08/04/2021. It will be used to collect applications and fill vacant positions as they become available in the Office of the Chief Information Officer within FSIS. Cut-off dates for referral to hiring managers for selection consideration will be established as needed by the agency. When a request is received to fill a vacant IT Specialist (INFOSEC) a list of the qualified applicants interested will be sent to the hiring manager for further consideration.Learn more about this agency
- Managing Information Assurance activities for applications in support of FSIS business practices ensuring the confidentiality, integrity, and availability of systems, networks, and data through IT security programs, policies, procedures, and tools
- Creating and updating existing security documentation for Accreditation Packages used to acquire an Authority to Operate (ATO) approval for each IT System
- Serving as the Subject Matter Expect (SME) for USDA Data Calls for Plan of Actions and Milestones (POAMs), Vulnerability Assessments, and Assessment and Authorization (A and A) activities within their designated branch
- Creating Plan of Actions and Milestones (POAMs) with acceptable timelines defined by the Information System Security Project Manager and the Information System Owner for vulnerability mitigation
- Creating security packages for submission to the Certifying Agent and the Authorization Official (AO) for official Authority to Operate (ATO) approval
- Working with the Incident Response Team to address security incidents that occurs with systems in the production environment
- Gathering all evidence for audit inquiries and investigations done by any third-party entity conducting security audit work to measure the maturity and effectiveness of FSIS against FISMA requirements
- Serving as the lead who coordinates Assessment and Authorization (A and A) packages, risk management, vulnerability assessments, and mitigation strategies across USDA and FSIS business partners
- Interpreting regulatory requirements for government systems per guidance from the National Institute of Standards and Technology (NIST)
- Implementing all steps within the Risk Management Framework (RMF) and FEDRamp to safeguard data, IT systems residing on premises, or in the cloud space with adequate security controls to safeguard
- Advising appropriate personnel relative to new or revised policies, procedures, methods, and techniques/safeguards
- Ensuring execution of security measures for IT systems which includes the development of the Assessment and Authorization (A and A) schedule for security activities that is approved by the Branch Chief and the CISO before start of the calendar year
- Ensuring organizational compliance with security policies and procedures relating to various computer technologies as it relates to FedRamp and the Risk Management Framework (RMF).
- Addressing changes to Information System assets to mitigate vulnerabilities in a timely manner from automated tools or Security Assessment Report (SAR) findings
- Ensuring system-level security procedures and policies are consistent with USDA cybersecurity policies and the National Institute of Standards and Technology (NIST)
- Providing guidance on security activities for the development of accreditation/re-accreditation documentation of all IT Systems and participating in studies as the network authority/advisor for automation security technology
- Participating in special studies involving problem definition, alternative development, and recommended resolutions concerning Automated Data Processing security related matters
- Participating in long-range planning for hardware/software changes to meet specific Automated Data Processing security goals and objectives
- Providing weekly status updates via security assessment meetings with the Chief Information Security Officer (CISO) regarding Assessment and Authorization (A and A) activities/strategies addressing security deficiencies identified in FSIS IT systems
- Providing Subject Matter Expect (SME) input/guidance to the Branch regarding special projects involving problem definition, alternative development, and Automated Data Processing security matters
Occasional travel - You may be expected to travel for this position.
This job originated on www.usajobs.gov. For the full announcement and to apply, visit www.usajobs.gov/GetJob/ViewDetails/607564400. Only resumes submitted according to the instructions on the job announcement listed at www.usajobs.gov will be considered.