Deputy Chief Information Security Officer
This position is located in the Chief Information Officer Organization (CIOO), Information Security and Privacy Staff, of the Federal Deposit Insurance Corporation.
Salary reflects a pay cap for this position of $240,100.
- Occasional Travel
- Occasional travel may be required.
- Relocation benefits provided.
Candidates must have at least one year of specialized experience equivalent to the CG-14, CG-15 and/or CM-1 level (or above). Specialized experience is building an enterprise-wide security strategy to include the creation and maintenance of information security policies, security risk assessment efforts, information technology risk assessments, disaster recovery, security monitoring, security awareness and training program, security protection architecture, and cyber-security solutions, including security measures for all computers, electronic storage devices and communications systems.
Qualifying experience may be obtained in the private or public sector. Experience refers to paid and unpaid experience, including volunteer work done through National Service.
There is no substitution of education for the experience for this position.
Single Scope Background Investigation (SSBI) required upon employment.
Public Trust - Background Investigation
- Assists in building an agency-wide security strategy and vision including the maintenance of FDIC's information security policy; security risk assessment efforts; information technology risk assessments; continuity of operations; security monitoring; security awareness and training programs; and IT security architecture and engineering.
- Provides the requisite executive management, leadership, and oversight that ensures effective strategic planning and budget control, workforce planning, policy and standards development, resource management, knowledge management, IT security architecture, engineering and infrastructure planning, auditing, and information security management. Manages numerous functions of IT security, privacy, risk management, IT security technology assessment, Public Key Infrastructure (PKI), independent security reviews, access administration, virus protection, disaster recovery, security monitoring and reporting, incident response and reporting, and security awareness and training.
- Assists in conducting strategic planning to support the business objectives, and develop, implement, and direct FDIC security, privacy, and risk management programs to safeguard operations, global systems, personnel, facilities, and physical assets.
- Represents the FDIC at executive level meetings with other federal organizations such as Office of Management and Budget (OMB) and the Government Accountability Office (GAO), as well as private sector companies and organizations.
- Manages an enterprise-wide information security management and privacy program that ensures all FDIC information security assets are adequately protected.
- Oversees and manages the identification, evaluation, and reporting of information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise.
- Works proactively with business units to implement practices that meet defined policies and standards for information security and oversee a variety of IT related risk management activities.
- Assists in directing FDIC-wide automation security programs that comply with federally mandated security requirements and commonly accepted industry automation security best practices. Ensures that automation security programs are integrated into the enterprise Systems Development Life Cycle (SDLC) and implemented through development and promulgation of notices, policies, procedures; training and awareness programs; and customer surveys.
- Ensures that an active program to safeguard information security assets including assigning security responsibilities, developing security plans, screening users, developing problem reporting systems, planning for disaster contingencies, and reviewing appropriate authorizations for processing of data is in place.
- Assists in providing conceptual direction for a flexible security architecture which is focused on reduction of the risk to FDIC's business processes.
- Manages the development, delivery, and compliance tracking of initial and on-going information security and privacy training to all employees, contractors,and relevant third parties.
- Monitors the FDIC's compliance to the information security and privacy policies and procedures. Assists in exercising executive management authority over ISPS and divisional Information Security Managers(ISMs), provides overall direction to subordinate managers, teams, contractors, and evaluates program effectiveness to ensure efficient and effective efforts, avoid duplicative efforts, maximize utilization of resources, and meet customer needs.
- Works with the FDIC Legal Division to interpret current and pending applicable federal, state, and other information concerning privacy laws, accreditation standards, and service regulations that apply to the use of FDIC information.
- Provides guidance and assistance in the identification, implementation, and maintenance of FDIC information privacy policies and procedures in coordination with FDIC management and legal counsel.
- Works closely with the Division of Administration and other investigatory bodies providing information and data analysis in support on their investigative activities. Requires access to classified national security information and provides classified IT threat analysis and other briefings in the areas of cybersecurity threats, and other FDIC mission impacting areas.