Information Security Specialist - Division of Financial Management - R024372

Primary Location : DC-Washington

:

Employee Status : Regular

Overtime Status : Exempt

Job Type : Standard

Work Shift: : 1st Shift

:

:

Relocation Provided: : Yes

Compensation Grade Low: : FR PAY GRADE 25

Compensation Grade High: : FR PAY GRADE 27

Minimum Salary: : $107,000.00

Maximum Salary: : $231,000.00

Posting Date : Apr 22, 2024

Minimum Education

Bachelor's degree or equivalent experience

Minimum Experience

4

Summary

The Information Security Specialist performs technical automation and compliance analysis related to information technology (IT) security issues. This position participates in special studies and projects associated with information security-related legislation and the implementation of relevant regulations and Federal Reserve System (FRS)-wide information security practices and policies. This position assists in assessing Board systems compliance with the Federal Information Security Modernization Act (FISMA), and Federal Risk and Authorization Management Program (FedRAMP) activities to mitigate data risks including data loss, data protection and ensuring data privacy. Assists supported divisions with information security and privacy compliance matters. This position requires knowledge of security standards and practices, legislative requirements (FISMA, FedRAMP, Privacy Act, etc.), and internal controls relating to the Sarbanes-Oxley Act (SOX).

Duties and Responsibilities

• Works with clients to develop security requirements for applications, general support plans, and systems. Maps the security requirements to the applicable security statutes and regulations; follows the security requirements through development, testing, and production and provides security assurance by testing and certifying systems prior to production cutover. Works with clients, automation staff, consultants, etc. to ensure a holistic approach to security rather than an application or single system approach. Coordinates interim work products with senior staff members.
• Involved in all FISMA compliance activities in the division including staying current with the legislation, National Institute of Standards and Technology (NIST) and Office of Management and Budget (OMB) requirements, and FRS and Board implementation and documentation standards. Maintains the division Plan of Action and Milestones (POA&M) including adding, tracking, reporting, and follow-up of all activities. Responsible for the initiation and completion of all reviews and reports and meeting the review schedules agreed upon by the division. The scope of this effort includes Board, FRS, contractors, application service providers, eGov initiatives, and commercial vendors who use Management Division data, interfaces, and systems.
• Works with Management Division clients with higher than normal security requirements to ensure compliance and to minimize any operational risk that may arise from those clients. Examples include personnel security and Office of Personnel Management (OPM), employee relations data and tracking, and the electronic security system.
• Will take a major role with the development of Management Division general support plans (GSP) that support the security reviews and plans of other divisions. Works with clients that use the GSP to ensure it meets their needs and NIST/Division of Information Technology requirements. These plans significantly reduce the amount of effort required to complete the FISMA review processes of those client divisions. Coordinates interim work products with senior staff.
• Assists with project maintenance, tracking, and reporting using the division’s Project Management methodology.

Must have excellent oral and written communication skills typically acquired through completion of a bachelor’s degree (Information Systems, Business Administration, Information Technology or a related major) or equivalent experience. Must have demonstrated knowledge of and competence in the application of security to advanced information systems and at least 4 years of specific experience in information security, information technology, IT auditing, IT compliance or related field. Requires knowledge of general IT security theory and practices is expected. Strong technical writing experience is required, as well as a demonstrated ability to research and formulate recommendations on complex IT and compliance issues. Must have general knowledge of laws and regulations governing all aspects of IT security as it relates to the Federal government. Knowledge of FISMA, FedRAMP, and SOX requirements, NIST security guidance, and OMB security mandates is highly desirable.  An understanding of how FISMA and FedRAMP apply to the unique nature of the work performed at the Board in the supported divisions (i.e., facility operations, law enforcement, financial services, and human resource administration) is highly preferred. Requires an excellent customer service philosophy, demonstrated commitment to teamwork and strong ethical standards. Must have demonstrated ability to work on multiple projects simultaneously while meeting critical deadlines.

FR-26 requires analytical ability and excellent oral and written communication skills typically acquired by completion of a bachelor’s degree in computer science or related discipline. Must have demonstrated knowledge of and competence in the application of security to advanced IT systems and at least 5 years of specific experience in information security, or compliance. Requires a thorough knowledge of general IT security theory and practices. Experience preparing for the security assessment process or performing security assessments is preferred. Strong technical writing experience is required, as well as demonstrated ability to research and formulate recommendations on complex IT and compliance issues. Advanced knowledge of information security compliance and related standards is preferred.  Must possess knowledge of the laws and regulations governing all aspects of IT security as it relates to the government. Working knowledge of FISMA, FedRAMP, and SOX requirements, NIST security guidance, and OMB security mandates required.  An understanding of how FISMA and FedRAMP apply to the unique nature of the work performed at the Board in the supported divisions (i.e., facility operations, law enforcement, financial services, and human resource administration) is highly preferred.  Requires an excellent customer service philosophy, demonstrated commitment to teamwork and strong ethical standards. Must have demonstrated ability to work on multiple projects simultaneously while meeting critical deadlines.

FR-27 requires excellent analytical ability and oral and written communication skills typically acquired by completion of a bachelor’s degree in computer science or related discipline preferred. Must have demonstrated knowledge of and competence in the application of security to advanced IT systems and at least 6 years of specific experience in information security, or compliance. One or more security certifications (CISSP, CCSP, CISA, GSE), are preferred for this position. Requires a comprehensive knowledge of general IT security theory and practices. Experience preparing for the security assessment process or performing security assessments is preferred. Strong technical writing experience is required, as well as demonstrated ability to research and formulate recommendations on complex IT and compliance issues. Advanced knowledge of information security compliance and related standards. Must possess extensive knowledge of the laws and regulations governing all aspects of IT security as it relates to the government. Extensive knowledge of FISMA, FedRAMP, and SOX requirements, NIST security guidance, and OMB security mandates required.  An understanding of how FISMA and FedRAMP apply to the unique nature of the work performed at the Board in the supported divisions (i.e., facility operations, law enforcement, financial services, and human resource administration) is highly preferred.  Requires an excellent customer service philosophy, demonstrated commitment to teamwork and strong ethical standards. Must have demonstrated ability to lead projects and work on multiple projects simultaneously while meeting critical deadlines.

Communications are with information assurance team, individual clients in the supported divisions and technical working groups. The purpose and extent of each contact is different, and the incumbent must be able to skillfully motivate, evaluate, and positively influence individuals or groups to obtain objectives. Assists with the organization of planning meetings for new and existing projects; coordinating new requirements mandated by statute or regulation and coordinating the development of holistic security systems across a diverse clientele.

Work directly affects the Board’s FISMA, FedRAMP, SOX, Privacy-related activities as well as external parties including the FRS, Office of Employee Benefits (OEB), application service providers, and commercial vendors. Many of these activities are critical to the Board and the well-being of Board staff.  Failure to properly complete the security assessment and authorization process could subject the Division to Office of Inspector General (OIG) audits or criticism by OMB or the external auditors.

The ideal candidate will have the following:
•    Experience with cloud architecture and/or engineering preferred.
•    Hands-on experience with AWS or Azure Billing and Cost Management preferred. 
•    Experience advising non-technical business partners on cloud architecture, systems-engineering, and software topics, as well related information security topics.  
•    Experience serving as a functional business advocate to external stakeholders on cloud strategies and related new ways of working.
•    Experience educating internal business partners on cloud technologies, approaches (PaaS, SaaS, IaaS, etc), and operating models (Agile, DevSecOps, etc) preferred. 
•    Experience with cloud security and FedRAMP preferred.
This position requires a hybrid onsite schedule. A skills assessment may be required as part of the recruiting process.