The Department of Health and Human Services is looking for a chief information security officer. The position pays between $119,554 and $179,700 per year and is open for applications until November 15.
The HHS IT Security Program has the responsibility and authority to plan, coordinate, and control Information System Security and Privacy for the entire Department, nationwide, including security measures for all computers, electronic storage devices, and communication systems . The incumbent will perform and be responsible for all activities for which the HHS IT Security Program is accountable. The incumbent is responsible for executing leadership in developing, planning, coordinating, administering, managing, staffing and supervising the Office of the CISO operations related to the Department-wide IT security program.
The incumbent of this position will provide executive leadership in the following areas :
- Lead the effort to maximize the value and effectiveness of security performance measures associated with FISMA reporting, risk assessments, security authorizations, and the implementation of automated security continuous monitoring of HHS systems and data, while remediating and mitigating IT systems’ threats and vulnerabilities.
- Assures that each information system and associated facility provides a level of security that is commensurate with the risk and magnitude of the harm that could result from the loss, misuse, disclosure or modification of the information contained in the system.
- Implement a Department wide security awareness training program
- Strengthen the knowledge, skills and abilities of information systems security professionals throughout HHS by implementing a government-wide role-based training program
- Ensures a systematic approach to selecting, managing and evaluating IT security investments to support prudent portfolio management and the operational needs of HHS
- Implementing and maintaining effective IT security performance measures for all HHS IT resources and ensuring that reviews are conducted in compliance with established Departmental and external policies, standards, and regulations.
- Lead Department-wide implementation of key initiatives to include security for the digital government; trusted internet connections, security access management, cloud computing, data center consolidation, virtualization, security situational awareness, enterprise security risk management, and other emerging innovative security technologies. The incumbent, also designated as the Senior Agency Information Security Officer (SAlSO) will also serve as a senior advisor and program administrator to the HHS CIO on the following matters relating to the HHS IT Security Program
Responsible for implementing and managing the overall HHS IT security program, which oversees the security of the Department’s IT resources geographically dispersed across the United States. This security program encompasses all regions, services, and staff offices across Ill-IS. The incumbent will create the overall annual IT security program plan; consisting of the following 14 areas:
1) security policy
2) procedural guides
3) technical guides and standards
4) vulnerability, database, and web application security scanning
5) security evaluations and compliance reviews
6) incident handling and forensics support
7) security advisory handling
8) certification and accreditation (C&A) and plans of action and milestones (POA&M) reviews
9) quarterly POA&M reports
10) the annual Federal Information Security Management Act (FISMA) report
11) security consulting
12) enterprise architecture and capital planning support
13) security awareness and training for end users and security professionals and
14) performance measure creation and tracking
Serve as the Department’s security strategist in the continued reassessment of the environment to ensure that controls are sufficient. Frequently works on unprecedented problems, issues, and innovative technologies and concerns regarding IT security. Research IT security trends and will use this information to forecast additional IT security needs and requirements for the Department. Confer with other key government and private sector officials and top experts representing the Department. Participate on Departmental and interagency IT security committees and councils as a recognized expert and authority.
Applies a wide range of qualitative and/or quantitative methods to assess and improve program effectiveness and/or complex management processes, projects, and systems. Issues studied impact the entire region, headquarters, and often times the nation, in incumbent’s analysis of and implementation of innovations in business matters ensuring that HHS continues to develop and employ best industry practices. Uses technical leadership, outstanding creativity, and exceptional judgment to develop, define, and modify research and/or programmatic objectives, devising innovative ways to solve problems of major importance to the Department.
- Keeps current on security developments in the IT industry, and exchanges this information with HHS leadership, managers and end-users to foster an enhance mission performance.
- Convenes and leads the HHS Chief Information Security Officer Council to collaboratively arrive at Department-wide policies, best practices, and common tools.
- Responsible for assuring that HHS information technology security meets all requirements in compliance with federal laws, regulations and best practices .
- Advises the HHS CIO on all matters of IT security and identifies new security technology to improve HHS operations.
- Creates, maintains and manages a security performance measure system that maps to the agency goals and the budget process.
- Manages and monitors the overall effectiveness of the IT security program and implement changes as necessary.
- As a recognized IT Security subject matter expert, represents and speaks for the HHS CIO in dealing with key HHS officials, other Departmental officials, Office of Management and Budget officials, representatives of business and industry, Congressional committees and staffs, and other matters involving plans, programs, policies and objectives of the Office of the CIO.
- Responsible for fostering the EEO program within HHS by assuring equal opportunity in recruitment, selection, promotion, training, awards, assignment and special program objectives to effectively use the strength of a diverse workforce.