OTI Senior Information System Security Officer At US Agency for International Development

Contract United States of America Information and Communications Technology

The OTI Senior Information System Security Officer is an intermittent Personal Services Contract (PSC) position at the GS-13/14 equivalent level and located Worldwide with regular travel to Washington D.C. as needed. Offers for this position are due no later than November 19, 2021 at 1:00pm Eastern Time. For full information about this position, as well as instructions on how to apply, please read the entire solicitation at www.OTIjobs.net.

INTRODUCTION:

The Senior Information Security Officer (ISSO) is a member of the Information Technology (IT) team within the Office of Transition Initiatives (OTI) Program, Learning and Innovation Division (PLI) which prides itself on maintaining positive morale in the division and a high degree of customer support and innovation for the office. OTI is part of the recently created Conflict Prevention and Stabilization (CPS) Bureau of USAID. The PLI Division contributes to OTI’s mission by providing a stable backbone of Office-wide services, including resources and tools, technical expertise, strategic planning, and essential systems that enable OTI’s Programming Model and Office-wide strategic decision-making and program effectiveness. These functions include strategic resource allocation, financial management, procurement, award management, knowledge management, information technology/systems, communications, and training. By convening and managing cross-functional processes, PLI ensures resources and systems critical to OTI programs are informed by OTI and others’ dynamic practice of iterative program design in complexity.

As a member of the IT team, whose mission is to enables effective programming by delivering agile IT systems and services integral to core OTI processes and programs to OTI staff and partners in compliance with USAID policies, the Senior Information Security Officer (ISSO) should be a quick thinker who can learn and understand OTI’s business model and USAID NIST Risk Mitigation Framework as well as OTI System Development Life Cycle (SDLC) in a very short period. The main responsibility of the incumbent is to ensure the regulatory compliance of OTI systems vis-a-vis the relevant USAID requirements and to support the IT team in safeguarding the information and data Privacy concept of OTI’s information systems, protecting the embedded Personal Identifiable Information (PII), preventing and mitigating potential data breaches to ensure a smooth continuity of OTI operations should a disaster affect OTI infrastructure. To be successful in their role, the Senior ISSO should be a cybersecurity management expert with a deep understanding of IT environments in the United State Federal Government (USG), a large private corporation, and/or any major non-governmental organization.

DUTIES AND RESPONSIBILITIES:

At the GS-13, Senior Information System Security Officer level:

  • Ensure implementation of security controls and risk mitigation measures in line with the National Institute of Standards and Technology (NIST) 800 series standards, the Federal Information Security Management Act (FISMA), and the Information Security and Privacy Guidelines of USAID;
  • Liaise with relevant USAID IT divisions to conduct regular security risk assessments on OTI IT systems, ensuring compliance with NIST Risk Management Framework and related Authorization To Operate (ATO) requirements;
  • Ensure that the continuous monitoring requirements of OTI IT systems are met;
  • Assist OTI System Owner (SO) in the following activities: oversee the contingency planning, the Standard Operating Procedures (SOPs) and other system security related activities; liaise with various IT stakeholders to ensure continuous system security improvement and to provide awareness on the OTI system security posture; liaise with USAID’s Information Assurance (IA) team to address issues related to security policy compliance, personal information and data privacy; establish and maintain OTI’s internal information assurance protocol that satisfies USAID’s continuous monitoring schedules requirements, based on user access procedures and analysis, account management policies and OTI field program requirements; and handle all documents related to NIST 800 requirements, including the preparation and filling of all relevant Authorization To Operate (ATO) packages and security artifacts during planned security assessments or audits;
  • Liaise and collaborate with OTI IT Business Analysts, Product Owners on the maintenance and support of existing IT systems, making sure compliance with Agency cybersecurity regulations is met;
  • Support OTI and its Institutional Contractors in the implementation of various system security controls at the highest levels in the development and maintenance of core OTI IT tools and proprietary software applications;
  • Support the security provision on OTI’s General Support Systems (GSS) in line with USAID Security Assessment and Authorization (SA&A) framework and System Development Life Cycle (SDLC), including information security program management and cybersecurity management;
  • Perform other cybersecurity support activities to include risk assessments, vulnerability scanning and analyzing, penetration testing on OTI system infrastructure;
  • In consultation and agreement between you and your supervisor travel to Washington, DC for an agreed upon period of time to support the various USAID/OTI projects as outlined in this SOW;
  • Provide guidance on USAID’s system security policies and procedures, ensuring awareness within OTI through its IT Governance Board; and,
  • Serve on temporary details within OTI, other USAID bureaus/offices, or other USG agencies under this scope of work for a period not to exceed six months. Duties performed while on detail must be directly related to the scope of work. Contracting Officer (CO) approval will be required for details exceeding six months.

At the GS-14 Senior Information System Security Officer level:

Perform the same duties as the GS-13 level but with less supervision, greater decision-making authority, and greater independence of action as follows:

  • Ensure implementation of security controls and risk mitigation measures in line with the National Institute of Standards and Technology (NIST) 800 series standards, the Federal Information Security Management Act (FISMA), and the Information Security and Privacy Guidelines of USAID;
  • Liaise with relevant USAID IT divisions to conduct regular security risk assessments on OTI IT systems, ensuring compliance with NIST Risk Management Framework and related Authorization To Operate (ATO) requirements;
  • Ensure that the continuous monitoring requirements of OTI IT systems are met;
  • Assist OTI System Owner (SO) in the following activities: oversee the contingency planning, the Standard Operating Procedures (SOPs) and other system security related activities; liaise with various IT stakeholders to ensure continuous system security improvement and to provide awareness on the OTI system security posture; liaise with USAID’s Information Assurance (IA) team to address issues related to security policy compliance, personal information and data privacy; establish and maintain OTI’s internal information assurance protocol that satisfies USAID’s continuous monitoring schedules requirements, based on user access procedures and analysis, account management policies and OTI field program requirements; and handle all documents related to NIST 800 requirements, including the preparation and filling of all relevant Authorization To Operate (ATO) packages and security artifacts during planned security assessments or audits;
  • Liaise and collaborate with OTI IT Business Analysts, Product Owners on the maintenance and support of existing IT systems, making sure compliance with Agency cybersecurity regulations is met;
  • Support OTI and its Institutional Contractors in the implementation of various system security controls at the highest levels in the development and maintenance of core OTI IT tools and proprietary software applications;
  • Support the security provision on OTI’s General Support Systems (GSS) in line with USAID Security Assessment and Authorization (SA&A) framework and System Development Life Cycle (SDLC), including information security program management and cybersecurity management;
  • Perform other cybersecurity support activities to include risk assessments, vulnerability scanning and analyzing, penetration testing on OTI system infrastructure;
  • In consultation and agreement between you and your supervisor travel to Washington, DC for an agreed upon period of time to support the various USAID/OTI projects as outlined in this SOW;
  • Provide guidance on USAID’s system security policies and procedures, ensuring awareness within OTI through its IT Governance Board;
  • Develop, design, engineer and implement the necessary security controls in line with the National Institute of Standards and Technology (NIST) 800 series standards, the Federal Information Security Management Act (FISMA) and the Information Security and Privacy Guidelines of USAID;
  • Regularly assume leadership responsibilities not only as a subject matter expert, but coaching other team members and serving as Acting IT Team Leader when necessary;
  • Research OTI’s program and operations, analyzing current systems, processes, and requirements to provide optimal support;
  • Establish an OTI internal information assurance protocol that satisfies USAID’s continuous monitoring schedules requirements, based user access analysis, account management policies and OTI field program requirements;
  • Perform technical analysis, security control designs, and development of security features for system architectures; and,
  • Serve on temporary details within OTI, other USAID bureaus/offices, or other USG agencies under this scope of work for a period not to exceed six months. Duties performed while on detail must be directly related to the scope of work. Contracting Officer (CO) approval will be required for details exceeding six months.

MINIMUM QUALIFICATIONS:

At the GS-13 Senior Information System Security Officer level:

  1. A Master’s Degree with five (5) years of work experience.

OR

  1. A Bachelor’s Degree with seven (7) years of work experience;

AND

  1. Three (3) years of work experience in Information System Security and data privacy concepts for a large organization, including but not limited to the United States Government (USG), a large non-governmental organization (NGO), or a large private sector corporation.

At the GS-14 Senior Information System Security Officer level:

  1. A Master’s Degree with seven (7) years of work experience;

OR

  1. A Bachelor’s Degree with nine (9) years of work experience;

AND

  1. Four (4) years of work experience in Information System Security and data privacy concepts for an organization, including but not limited to the United States Government (USG), a Non-Governmental Organization (NGO), or a private sector corporation.

Please direct questions about this position or the offer process to the OTI Recruitment Team at otijobs@usaid.gov.

How to apply

For full information about this position, as well as instructions on how to apply, please visit www.OTIjobs.net.

Join Our Telegram Channel
ngo job ngo jobs world ngo jobs worldngojobs.com
Share this job

Contact Us

admin@worldngojobs.com

Available Jobs