Information Security Specialist - DFM - 22994

DESCRIPTION/RESPONSIBILITIES:
The Information Security Specialist performs technical automation and compliance analysis related to information technology (IT) security issues. This position participates in special studies and projects associated with information security-related legislation and the implementation of relevant regulations and Federal Reserve System (FRS)-wide information security practices and policies. This position assists in assessing Board systems compliance with the Federal Information Security Modernization Act (FISMA), and Federal Risk and Authorization Management Program (FedRAMP) activities to mitigate data risks including data loss, data protection and ensuring data privacy Assists supported divisions with information security and privacy compliance matters. This position requires knowledge of security standards and practices, legislative requirements (FISMA, FedRAMP, Privacy Act, etc.), and internal controls relating to the Sarbanes-Oxley Act (SOX).

REQUIRED SKILLS:
Must have excellent oral and written communication skills typically acquired through completion of a bachelor’s degree or equivalent experience. Must have demonstrated knowledge of and competence in the application of security to advanced information systems and at least 3 years of specific experience in information security, information technology, IT auditing, IT compliance or related field. Requires knowledge of general IT security theory and practices is expected. Strong technical writing experience is required, as well as a demonstrated ability to research and formulate recommendations on complex IT and compliance issues. Must have general knowledge of laws and regulations governing all aspects of IT security as it relates to the Federal government. Knowledge of FISMA, FedRAMP, and SOX requirements, NIST security guidance, and OMB security mandates is highly desirable.  An understanding of how FISMA and FedRAMP apply to the unique nature of the work performed at the Board in the supported divisions (i.e., facility operations, law enforcement, financial services, and human resource administration) is highly preferred. Requires an excellent customer service philosophy, demonstrated commitment to teamwork and strong ethical standards.

Must have demonstrated ability to work on multiple projects simultaneously while meeting critical deadlines.
1. Works with senior team members and clients to develop information system security lifecycle plans in compliance with applicable security statutes and regulations.
2. Assists project teams to ensure a holistic approach to security and privacy, and coordinates interim work products with senior staff members.
3. Works closely with the Division of IT security teams to support compliance with the Board Information Security Program (BISP) throughout DFM and MGT’s computing environment.
4. Involved in FISMA and FedRAMP compliance activities including staying current with the legislation, National Institute of Standards and Technology (NIST) and Office of Management and Budget (OMB) requirements, and FRS and Board implementation and documentation standards.

Work directly affects the Board’s FISMA, FedRAMP, SOX, Privacy-related activities as well as external parties including the FRS, Office of Employee Benefits (OEB), application service providers, and commercial vendors. Many of these activities are critical to the Board and the well-being of Board staff.  Failure to properly complete the security assessment and authorization process could subject the Division to Office of Inspector General (OIG) audits or criticism by OMB or the external auditors.

Communications are with information assurance team, individual clients in the supported divisions and technical working groups. The purpose and extent of each contact is different and the incumbent must be able to skillfully motivate, evaluate, and positively influence individuals or groups to obtain objectives. Assists with the organization of planning meetings for new and existing projects; coordinating new requirements mandated by statute or regulation, and coordinating the development of holistic security systems across a diverse clientele.

Remarks:
• Experience with cloud security and FedRAMP preferred.
• Experience conducting or preparing for FISMA security assessments preferred.

This is a term position that is scheduled to expire 1/1/2024.