IT Compliance, Information Security, Risk Management
4 Year Degree/Bachelor Degree
Under the direction of the Information Technology Director, the Information Systems Security Officer (ISSO) ensures the secure operation of the agency's information systems and services including servers, network connections, storage devices, appliances, PCs, mobile devices, applications, databases, and data transfer devices and technologies, The ISSO will design the agency's data loss protection (DLP) policies and procedures, check server and firewall logs, scrutinize network traffic, establish and update virus scans, and troubleshoot.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
Information Security (InfoSec) Operations—
Has the knowledge of the technical solutions to create value, and in alignment with agency standards and industry best practices. Even in the most difficult situations, ensures that Information Assurance and Compliance tools and processes occur based on the needs of the project or the task in consideration.
Develops, implements, maintains, and oversees enforcement of policies, procedures and associated plans for system security administration and user system access based on industry-standard best practices.
Leads and has the ability to perform vulnerability scans of applications, servers, and databases.
Provides analysis and reports to senior management on the status of software security assurance-related weaknesses.
Directs risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
Participates in the processes to obtain ISO 20000 certification for the agency, meet FIPS-140- 2, FIPS-199, NIST800-53, and moderate secure environment compliance.
Designs, implements, and maintains cyber security strategies for the agency to minimize the risks of security breaches.
Participates in the design and implementation of disaster recovery plans and strategies for the agency with a goal of fault tolerance and disaster avoidance, to include telephone and telecommunications services, operating systems, databases, networks, servers, and software applications.
Conducts research on emerging products, services, protocols, and standards in support of security enhancement and development efforts. Recommends, schedules, and performs security improvements, upgrades, and/or purchases.
Deploys, manages and maintains all security systems and their corresponding or associated software, including firewalls, intrusion prevention and detection systems, cryptography systems, and anti-virus software. Manages connection security for local area networks, agency websites both internal and external, and e-mail communications. Manages and ensures the security of databases and data transferred both internally and externally, and data maintained on agency devices.
Designs, performs, and/or oversees penetration testing of all systems in order to identify system vulnerabilities. Designs, implements, and reports on security system and end user activity audits.
Monitors server logs, firewall logs, intrusion detection logs, and network traffic for unusual or suspicious activity. Interprets activity and make recommendations for resolution.
Administers and maintains end user accounts, permissions, and access rights to PCs, systems, appliances, and devices. Provides on-call security support to end-users.
Leads the design, planning, execution and support of major initiatives to enhance IT service delivery following best practices in Change Management, Enterprise Architecture and Project Management.
Influences change management on an ongoing basis, taking steps to remove barriers, accelerate its pace, and supports others through the change.
Ensures enterprise-level IT specifications align with the agency’s business requirements. Documents all design and analysis work in an integrated repository for enterprise access and reuse.
Has the knowledge of information safeguarding principles to use appropriate privacy management techniques for accomplishing tasks and objectives.
Prepares and implements plans utilizing a variety of project management templates for a given initiative both short and long term to quality, cost, and time constraints.
Broad hands-on knowledge of firewalls, intrusion prevention and detection systems, anti-virus software, data encryption, and related industry-standard techniques and practices.
In-depth technical knowledge of network, end computing devices, and operating systems, including Cisco, Microsoft, and VMware products.
Strong knowledge of TCP/IP and network administration/protocols, including Software Defined Network (SDN).
Hands-on experience with devices such as hubs, switches, and routers.
Advanced knowledge of applicable practices and laws relating to data privacy and protection.
Demonstrated knowledge of federal security standards such as FIPS-199, FIPS-140-2, and NIST-800-53.
Bachelor’s Degree in computer science or closely related field.
Certifications in information security such as CISSP, Security+, SSCP, and GSEC are a plus.
Certifications in information systems network and infrastructure management such as MCSE, ITIL and CCNP are a plus.
Seven years’ experience in the field of information technology and systems security operations.
The District of Columbia Retirement Board (DCRB) is an independent agency of the District of Columbia Government. DCRB has the exclusive authority and discretion to manage and control the District of Columbia Police Officers and Fire Fighters’ Retirement Fund and the District of Columbia Teachers’ Retirement Fund (the Funds). DCRB is also the benefits administrator for the District of Columbia Police Officers and Firefighters’ Retirement Plan and the District of Columbia Teachers’ Retirement Plan (the Plans).