This position is in the Office of the Chief Operating Officer (COO) Information Security & Validation Staff (ISVS) in the Department of Technology Services (DTS). This position reports directly to the COO-ISVS Chief and will be tasked with coordinating and leading a team of Information Security subject matter experts responsible for managing risks through the adoption of a robust Risk Management Framework (RMF).

Duties

The incumbent of this position will play a critical role in managing an enterprise grade information security program, ensuring compliance with Judiciary Information Security Framework (JISF), NIST standards and other regulatory compliance frameworks (CSF, FedRAMP etc.). As Team Lead Supvy.IT Specialist, (Security), the incumbent will play a critical role in managing an enterprise grade information security program, ensuring compliance with Judiciary Information Security Framework (JISF), NIST standards and other regulatory compliance frameworks (PCI-DSS, FedRAMP etc.). This role is pivotal in ensuring the organization's adherence to NIST security standards and government regulations while fostering a culture of continuous improvement and resilience. Duties of the position include but are not limited to: Providing leadership, and direction to a team of Information Security professionals, empowering them to effectively carry out their responsibilities in risk management and compliance oversight. (Leadership) Leading the development, review, and enhancement of security policies, procedures, and guidelines to ensure alignment with Judiciary policy, industry best practices, and organizational objectives, with a keen focus on mitigating risks. (Security Policy Development) Establishing robust processes for monitoring and evaluating compliance with security policies, standards, and regulations, conducting thorough reviews to identify and address areas of non-compliance and potential risks. (Compliance Monitoring) Ensuring meticulous adherence to relevant Judiciary and federal regulations and frameworks, such as Judiciary Information Security Framework (JISF), NIST standards (e.g., SP800-53), FedRAMP framework, by interpreting requirements, implementing controls, and proactively managing risks. (Regulatory Compliance) Taking a proactive approach to identifying, assessing, and prioritizing security risks and vulnerabilities associated with non-compliance or gaps in security controls, developing comprehensive risk mitigation strategies and action plans to safeguard organizational assets. (Risk Management) Fostering strong collaboration with internal stakeholders, including senior management, IT teams, and legal counsel to effectively communicate compliance requirements, address concerns, and collectively mitigate risks. (Stakeholder Engagement) Driving a culture of continuous improvement within the team, championing initiatives to enhance the effectiveness and efficiency of security compliance processes, tools, and methodologies, thereby strengthening the organization's resilience to emerging threats as recommended in NIST SP 800-137. (Continuous Improvement) Developing InfoSec GRC program plan mapping risk management activities carried out by COO-ISVS staff. (Program Management)

Requirements

Qualifications

Applicants must have demonstrated experience as listed below. This requirement is according to the AO Classification, Compensation, and Recruitment Systems which include interpretive guidance and reference to the OPM Operating Manual for Qualification Standards for General Schedule Positions. Specialized Experience: Applicants must have at least one full year (52 weeks) of specialized experience which is in or directly related to the line of work of this position. Specialized experience is demonstrated experience in ALL of the following: Knowledge of compliance frameworks/tools (CSF, NIST, FedRAMP etc.); Leading, planning, developing, and implementing a Federal cyber security program and strategies; and Leading teams with respect to the assurance function for a federal agency including the development and execution of authorities to operate (ATO's), interim authorities to test (IATTs) and oversight of continuous monitoring programs in a NIST compliant framework.

Education

This position does not require education to qualify.

Contacts

• Address Department of Technology Services One Columbus Circle, NE Washington, DC 20544 US
• Name: Kymberli Camber
• Phone: (210) 301-6303
• Email: [email protected]