Information Security Systems Manager in United States

Summary This position serves as an Information Systems Security Manager (ISSM) in the Information Security Risk Management Unit (ISRMU) in OCIO’s Enterprise Information Security Section (EISS). The role of ISRMU is to manage and execute the FBI’s Security Assessment and Authorization (SAA) process and ensure that an authorization to operate (ATO) is in place for all FBI IT systems. In ISRMU, each ISSM oversees a portfolio of FBI systems and is supported by a team of contractors. Responsibilities Serve as a senior technical consultant to OCIO management on the FBI’s technical cybersecurity preparedness and as the primary liaison to internal and external stakeholders on the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) implementation; guiding system owners and IT project teams with integrating the RMF implementation into system development life cycle activities, and support project teams with designing and implementing security controls. Build and maintain relationships as the primary OCIO point of contact for the system owner (SO), program manager (PM), and Information System Security Officer (ISSO) of each assigned FBI IT system; ensuring the SO, PM and ISSO adhere to the FBI’s cybersecurity program and policies, that security best practices are followed, and that baseline configurations are established for each system. Conduct cybersecurity assessment and authorization processing, compliance monitoring, and guide system owners and ISSOs through the security assessment and authorization process of RMF. Ensure appropriate levels of confidentiality, integrity, authentication, non-repudiation, and availability are in place to protect IT systems from natural and man-made threats. Partner with Subject Matter Experts and Senior Leaders to provide recommendations to OCIO leadership and the FBI’s authorizing official (AO) regarding system authorization (ATO), appropriate security controls, and the overall security risk posture of each system. Work with ISSOs to conduct risk remediation actions based on the results of ongoing monitoring activities and outstanding items in the system Plan of Actions and Milestones (POA&M). Collaborate with the SO and ISSO on change and configuration management, including participation in Configuration Control Board (CCB) meetings, as required. Requirements Conditions of Employment Must be a U.S. citizen. Must be able to obtain a Top Secret-SCI clearance. Qualifications GS-14: Applicant must possess at least one (1) year of specialized experience equivalent to the GS-13 grade level. SE is defined as follows: In-depth knowledge of, and experience working with, the SAA process; either as an ISSO, ISSE, SO, PM or other role. Knowledgeable of the Risk Management Framework NIST Special Publication 800-53rev5 Guide for assessing the security controls in Federal Information Systems NIST SP 800-53A. Knowledge of cybersecurity governance environment, as derived from FISMA, and its implementation through NIST, CNSS, IC and other government standards. Experience coordinating, prioritizing and monitoring work, including across multiple projects. Experience in providing guidance and recommendations to leadership on security and engineering projects and initiatives. Desired Skills Desired skills are NOT mandatory and will NOT be utilized to minimally qualify applicants. Desired Skills are: Preferred certification in one or more cybersecurity disciplines (e.g., CISSP, CISM, CCSP, NCSF, etc.). Preferred prior architecture / systems engineering experience. Preferred prior network, cloud system, and application development experience. Experience in communicating orally and in writing. Excellent customer service mindset and reputation. Education Education may not be substituted for specialized experience at this level. Additional Information Selectee will choose from one of the following locations: Washington, DC Huntsville, AL (no public transportation) Clarksburg, WV (no public transportation) As the federal agency whose mission is to ensure the fair and impartial administration of justice for all Americans, the Department of Justice is committed to fostering a diverse and inclusive work environment. To build and retain a workforce that reflects the diverse experiences and perspectives of the American people, we welcome applicants from the many communities, identities, races, ethnicities, backgrounds, abilities, religions, and cultures of the United States who share our commitment to public service. Memorandum for Record: Work performed outside assigned duties (that would not normally be documented on an SF-50, i. e., back-up duties), has to be documented in detail by an immediate supervisor in order to receive full credit for amount of time worked in that position. If no documentation is furnished no credit will be given for time worked in that position. The following notations must be specified in the documentation (Memorandum for Record): Percent of time worked in the particular position (cannot conflict with main duties). The month/year work began. Frequency worked (i.e., daily, monthly, etc.) Specific duties performed.