“Responsibilities
Provides broad policy analysis, consultation, advice, and program management to the Agency in the areas of information security, risk, and privacy. The Director develops and promotes the use of sound information security and privacy methods and techniques and best industry practices, provides technical guidance and consultation to OIG management, and coordinates government- wide information security and privacy issues with other Federal, state, and local agencies. The incumbent is responsible for managing the Agency’s compliance with the information security and privacy provisions of the Federal Information Security Modernization Act, the Computer Security Act, the Clinger-Cohen Act, OMB Circular A-130, and other relevant Federal legislation, directives, standards, and guidelines. The incumbent will also be responsible for adapting information security policies and practices to modern IT management approaches such as the use of cloud computing, open-source software, and “DevSecOps”.
Oversees the OIG Security Program: the responsibility and authority to plan, coordinate, and control information system security and privacy for the entire organization; (ii) includes security measures for all computers, electronic storage devices, and communications systems. Plans and establishes long-range program goals, objectives, milestones, and measurement criteria for information technology systems. This activity involves the input and assistance of other analysts and appropriate subject-matter experts in multiple organizations and at various levels within the agency.
Prepares and evaluates the OIG wide IT systems Continuity of Operations Program (COOP). Experience in creating written Service Level Agreements (including with cloud service providers); Memorandum of Understanding and Statement of Work between customers, stakeholders and contractors in the area of IT security services.
Prepares for the OIG senior managers and system owners’ annual security assessments with various Federal Security audits. This individual implements the OIG Security Awareness program, including security training and awareness oversight as mandated by OMB Circular A- 130 and the Computer Security Act.”
Read the full job description here.
G2X TAKE: Those who support the Department of Health and Human Services may want to influence who applies for this role that develops and promotes the use of sound information security and privacy methods and techniques and best industry practices, provides technical guidance and consultation to OIG management, and coordinates Government-wide information security and privacy issues with other Federal, state, and local agencies.
