Senior IT Specialist/IT Specialist (Information Security)

The IT Specialist/Senior IT Specialist (Information Security Specialist) serves as the primary contact within OTIM for program offices on issues related to the security and privacy reporting controls. Incumbent interprets and applies relevant federal regulation and guidance to the development of new systems or applications, documents processes, and liaises between program offices and OTIM colleagues to support a robust and compliant overall information security regime for the agency.

Qualifications:

Qualifying experience for the EL-13 level includes one year of specialized experience at least equivalent to EL/GS-12 which is in or directly related to the line of work of the position to be filled and which has equipped the applicant with the particular knowledge, skills, and abilities to successfully perform the duties of the position.

Specialized experience for this position includes:

1. Providing expert advice and guidance to staff on information security requirements and best practices for new or recently enhanced applications or systems.
2. Coordinating security audits or reviews, including serving as the liaison between auditors and both technical and program staff, providing materials and artifacts to auditors, and supporting program and technical staff in responding to audit requests.
3. Developing and managing a variety of information security documents, plans, and other materials, such as Security Categorization Worksheets, System Security and Privacy Plans, System Contingency Plans, eAuthentication Risk Assessments, Security Impact Assessments, or Audit Log Reports.
4. Identifying and supporting the resolution of vulnerabilities in systems and applications including the organization's information security program.
5. Tracking and remediating information system weaknesses and vulnerabilities and coordinating responses to identified issues.
6. Leading IT project teams working on information security efforts.

Qualifying experience for the EL-12 level includes one year of specialized experience at least equivalent to EL/GS-11 which is in or directly related to the line of work of the position to be filled and which has equipped the applicant with the particular knowledge, skills, and abilities to successfully perform the duties of the position.

Specialized experience for this position includes:

1. Providing advice and guidance to staff on information security requirements and best practices an application or information system.
2. Coordinating security audits or reviews, including serving as the liaison between auditors and both technical and program staff, and supporting program and technical staff in responding to audit requests.
3. Coordinating a variety of information security documents, plans, and other materials, such as Security Categorization Worksheets, System Security and Privacy Plans, System Contingency Plans, eAuthentication Risk Assessments, Security Impact Assessments, or Audit Log Reports.
4. Identifying vulnerabilities in systems and applications including the organization's information security program and assisting in their resolution.
5. Tracking information system weaknesses and vulnerabilities and coordinating responses to identified issue.

Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community, student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience.

Responsibilities:

1. Serves as the cybersecurity advisor to FHFA business offices, system owners, developers, vendors and other technical and non-technical stakeholders to ensure all existing and newly developed systems or applications remain appropriately secure.

1. Defines and establishes security and privacy requirements for agency systems, including planning for Information Security Contingency Planning and ensures compliance with applicable regulations and agency policy.

1. Interprets NIST security and privacy control requirements and best practices as appropriate to each system. Identify and applies these requirements and practices and consults with system owners and other stakeholders to ensure standards can be implemented with minimal disruption.

1. Develops and maintains security and privacy artifacts supporting ongoing authorization of internally hosted and cloud-based solutions.

1. Serves as primary point of contact for security and privacy audits and reviews. Coordinates involvement with control assessors and auditors, providing artifacts and evidence on behalf of FHFA system owners to demonstrating the effective implementation of security and privacy controls.

1. Develops and delivers annual training to FHFA system owners on their security and privacy responsibilities. Reviews and revises training on an on-going basis to ensure continued compliance with regulations and other guidance.

1. Supports FHFA system owners in tracking and remediating information system weaknesses and vulnerabilities. Provides guidance and assistance in proactively identifying these issues and coordinates responses.

1. Advises FHFA contracting officers and contracting officer representatives on applicable security requirements for third-party systems.

1. Assist in conducting special projects related to information security or privacy on projects across OTIM and the agency as assigned. Stays abreast of changes in policies and procedures of both Federal and private sector to remain current in relevant IT practices and makes and implements recommendations to improve FHFA processes.

1. Provides advice, guidance, and training to lower-graded IT specialists, and may lead IT project teams working on information security efforts. Oversees project responsibilities within assigned area to ensure the proper resources and plans are put into place and are on target

1. Performs other duties as assigned.