“This position is located in the Office of the Chief Information Officer (OCIO) of the Office of Management and Policy (OMP). The incumbent will be responsible for assisting the CISO in carrying out the Chief Information Officer’s responsibilities to advance and manage the Agency-wide IT security, risk and privacy programs. The incumbent helps the CISO in facilitating an information security governance program, enterprise risk management program, developing and implementing plans to ensure high-quality information security management in support of OIG priority objectives, promote information security awareness for all OIG employees, and ensuring security requirements are embedded in acquisition, technology management, overseeing the assessment and authority to operate process, and data management functions.”
“The incumbent will also be a lead Program Manager and Technical Lead for key cybersecurity priorities and improvement initiatives. They will provide direction and oversight of such key initiatives. They will also provide and consult the CISO on broad policy analysis, consultation, advice and program management in the areas of information security, risk and privacy. The incumbent assists in the development and promotion of the use of sound information security and privacy methods and techniques and best industry practices, provides technical guidance and consultation to CISO and OIG management. The incumbent will also be responsible for adapting information security policies and practices to modern IT management approaches such as the use of cloud computing, open-source software, and “DevSecOps”.”
“Oversees the OIG Security Program: (i) the responsibility and authority to plan, coordinate, and control information system security and privacy for the entire organization; (ii) includes security measures for all computers, electronic storage devices, and communications systems. Plans and establishes long-range program goals, objectives, milestones, and measurement criteria for information technology systems. This activity involves the input and assistance of other analysts and appropriate subject-matter experts in multiple organizations and at various levels within the agency. Provides strategic oversight in support of the OIG’s Security Operations Center and cyber incident response efforts. This includes leading incident response, vulnerability and penetration testing efforts. Understands and leverages threat information to mature security programs and assist in making formal risk management recommendations to the CISO and CIO.”
“Prepares and evaluates the OIG wide IT systems Continuity of Operations Program (COOP). Experience in creating written Service Level Agreements (including with cloud service providers); Memorandum of Understanding and Statement of Work between customers, stakeholders, and contractors in the area of IT security services. The incumbent prepares for the OIG senior managers and system owners’ annual security assessments with various Federal Security audits. This individual implements the OIG Security Awareness program, including security training and awareness oversight as mandated by OMB Circular A-130 and the Computer Security Act.”
“Provides broad policy analysis, consultation, advice and program management to the Agency in the areas of information security and privacy. Develops and promotes the use of sound information security and privacy methods and techniques and best industry practices, provides technical guidance and consultation to OIG managers, and coordinates government-wide information security issues with other Federal, state, tribal and local agencies.”
“Manages the Agency’s compliance with the IT security provisions of FISMA, the Computer Security Act, the Clinger-Cohen Act, OMB Circular A-130 and other relevant Federal legislation, directives, standards and guidelines. The incumbent is also a key participant and stakeholder in proper execution and implementation in meeting the Department of Homeland Security’s Continuous Diagnostic and Mitigation Program requirements along with HHS OIG’s internal requirements that the program can help accomplish it goals to strengthen the cybersecurity posture.”
“Develops briefings and recommendations for the CIO and other senior management officials on significant issues. Drafts policies and procedures relating to the OCIO’s strategic objectives. Ensures project leads identify and analyze technology requirements for applications projects and ensure appropriate marcf5nagement procedures are in place for the successful life cycle of technologies used by the OIG. Performs information sharing with other government agencies who classify or share information related to information technology that impact HHS programs and operations under the TS/SCI caveats.”
Read the full job description here.
G2X TAKE: Those who support the Department of Health and Human Services may want to influence who applies for this role that plans and establishes long-range program goals, objectives, milestones, and measurement criteria for IT systems.
