it specialist

This position is part of the Defense Human Resources Activity, Defense Human Resources Activity. The incumbent serves as an Information System Security Officer (ISSO) providing cybersecurity guidance, recommendations, reporting, and subject-matter expertise to IT personnel, program managers, and upper management.

This position is being filled under the memorandum from the Under Secretary of Defense for Personnel and Readiness (USD(P&R)) "Expansion of Direct Hire Authority for Certain Personnel of the Department of Defense," dated October 15, 2021.

As a IT SPECIALIST (INFOSEC) at the GS /13 some of your typical work assignments may include:

• Provide Risk Management Framework (RMF) support to assigned DMDC Information Systems; ensuring that Product Owners (PO) maintain an appropriate operational cybersecurity posture.
• Maintain the documentation for RMF Assessment and Authorization (A&A) of each information system in accordance with government requirements.
• Assess the impacts on system modifications and technological advances.
• Review systems in order to identify potential security weaknesses, recommend improvements to amend vulnerabilities, implement changes and document upgrades.
• Ensuring the confidentiality, integrity and availability of systems, applications networks and data through the planning, analysis, development, implementation, maintenance and enhancement of cybersecurity programs, policies, procedures and tools.
• Ensure appropriate security controls and measures are in place to safeguard DMDC systems, applications, networks, and data.
• Anticipate cybersecurity risks to the organization and provide recommendations to reduce and/or mitigate risk to the organization.
• Advises functional expert management staff on cybersecurity issues pertaining to specific operating systems, hardware, technology, and methodology.
• Develops policies and procedures to ensure information systems reliability and accessibility and to prevent and defend against unauthorized access to systems, networks and data; designs and implements monitoring, tracking, and reporting procedures and develops and manages short and long range plans for addressing cybersecurity needs.
• Determine information security requirements by evaluating DMDC business strategies and requirements, researching information security standards; conducting system security and vulnerability analyses and risk assessments, assessing industry architectures/platforms and relative security benefits, and identifying architecture/platform integration issues that prevent the strongest possible security posture.