This position serves as an Information Systems Security Manager (ISSM) in the Information Security Risk Management Unit (ISRMU) in OCIO's Enterprise Information Security Section (EISS). The role of ISRMU is to manage and execute the FBI's Security Assessment and Authorization (SAA) process and ensure that an authorization to operate (ATO) is in place for all FBI IT systems. In ISRMU, each ISSM oversees a portfolio of FBI systems and is supported by a team of contractors.

Duties

Serve as a senior technical consultant to OCIO management on the FBI's technical cybersecurity preparedness and as the primary liaison to internal and external stakeholders on the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) implementation; guiding system owners and IT project teams with integrating the RMF implementation into system development life cycle activities, and support project teams with designing and implementing security controls. Build and maintain relationships as the primary OCIO point of contact for the system owner (SO), program manager (PM), and Information System Security Officer (ISSO) of each assigned FBI IT system; ensuring the SO, PM and ISSO adhere to the FBI's cybersecurity program and policies, that security best practices are followed, and that baseline configurations are established for each system. Conduct cybersecurity assessment and authorization processing, compliance monitoring, and guide system owners and ISSOs through the security assessment and authorization process of RMF. Ensure appropriate levels of confidentiality, integrity, authentication, non-repudiation, and availability are in place to protect IT systems from natural and man-made threats. Partner with Subject Matter Experts and Senior Leaders to provide recommendations to OCIO leadership and the FBI's authorizing official (AO) regarding system authorization (ATO), appropriate security controls, and the overall security risk posture of each system. Work with ISSOs to conduct risk remediation actions based on the results of ongoing monitoring activities and outstanding items in the system Plan of Actions and Milestones (POA&M). Collaborate with the SO and ISSO on change and configuration management, including participation in Configuration Control Board (CCB) meetings, as required.

Requirements

Qualifications

GS-14: Applicant must possess at least one (1) year of specialized experience equivalent to the GS-13 grade level. SE is defined as follows: In-depth knowledge of, and experience working with, the SAA process; either as an ISSO, ISSE, SO, PM or other role. Knowledgeable of the Risk Management Framework NIST Special Publication 800-53rev5 Guide for assessing the security controls in Federal Information Systems NIST SP 800-53A. Knowledge of cybersecurity governance environment, as derived from FISMA, and its implementation through NIST, CNSS, IC and other government standards. Experience coordinating, prioritizing and monitoring work, including across multiple projects. Experience in providing guidance and recommendations to leadership on security and engineering projects and initiatives. Desired Skills Desired skills are NOT mandatory and will NOT be utilized to minimally qualify applicants. Desired Skills are: Preferred certification in one or more cybersecurity disciplines (e.g., CISSP, CISM, CCSP, NCSF, etc.). Preferred prior architecture / systems engineering experience. Preferred prior network, cloud system, and application development experience. Experience in communicating orally and in writing. Excellent customer service mindset and reputation.

Education

Education may not be substituted for specialized experience at this level.

Contacts

• Address Federal Bureau of Investigation 935 Pennsylvania Ave, NW Washington, DC 20535 US
• Name: Mary Arbelo
• Email: [email protected]