Information Assurance Risk Manager
The Office of the Chief Administrative Officer (CAO) provides operations support services and business solutions to the community of 10,000 House Members, Officers and staff. The CAO organization comprises more than 600 technical and administrative staff working in a variety of areas, including information technology, finance, budget management, human resources, payroll, child care, food and vending, procurement, logistics and administrative counsel.
The CAO is seeking an Information Assurance Risk Manager who will provide leadership in the development and practical application of information security risk management policies, procedures, processes, and tools in direct support of the U.S. House of Representatives Chief Administrative Officer’s Office of Cybersecurity program. The candidate will perform varying assignments under the direction of the Director of Information Assurance.
At the HS-12 level, the candidate has a higher degree of technical expertise, personnel, and project management ability, and is well-versed in all aspects of the Assessment and Authorization (A&A) lifecycle, as defined in the CAO’s NIST-based Risk Management Framework (RMF). This individual will serve as Risk Management subject matter expert designing and deploying risk management and assessment strategies, methodologies and techniques with a small scale team. The ideal candidate must exhibit superior customer service skills, personal integrity, technical ability and aptitude, and a willingness to collaborate with others.
1. Demonstrated experience executing the National Institute of Standards and Technology (NIST) Risk Management Framework as outlined in NIST Special Publication 800-37, Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach and supplemental guidance (e.g., NIST SP 800-53 Rev. 4, NIST SP 800-53A Rev. 4).
2. Experience developing A&A packages for simple and complex Federal systems audited against Federal Information Security Management Act (FISMA).
3. Demonstrated experience in conducting technical risk assessments of applications, and analyzing and mitigating system vulnerabilities.
4. Experience in developing and implementing information security policies, procedures, and process.
5. Experience managing a small scale project team.
6. Ability to communicate effectively, both orally and in writing, with technical and non-technical users.
7. Ability to maintain effective working relationships with colleagues, users, contractors, and vendors.
8. Achievement of a college degree in Computer Science, Information Technology or related field is a plus.
9. Achievement of at least one security certification, to include but not limited to, Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Authorization Professional (CAP), Certified in Risk and Information Systems Control (CRISC).
Title 1 of the Ethics in Government Act of 1978, as amended (5 U.S. C app§ 101 et seq.) requires certain House employees, to file Financial Disclosure Statements, for information please visit http://clerk.house.gov/public_disc/financial.aspx.