This is a mid-level position. Provides support with planning, coordinating, and implementing the organization's information security disaster recovery plan and proceudres. Provides support for facilitating and helping agencies identify their current security infrastructure and define future programs, design and implementation of security related to IT systems. Experience in several of the following areas is required; disaster recovery and contingency planning; understanding of business security practices and procedures; knowledge of current security tools available; hardware/software security implementation; different communication protocols; encryption techniques/tools; familiarity with commercial products, and current Internet/EC technology. Responsible for the creation and maintenance of the information system contingency plan (ISCP). Prepares documentation in support of Security Assessment and Authorization. Provides technical input to the Senior Security Specialist related to disaster recovery and ISCP issues and, when required, provides technical input to the IRS DR reporting team.
The Security Specialist will provide the following essential functions/services:
• Provide comprehensive support developing and planning for Business Impact Analysis, system recovery objectives, data backup and retention, system fail-over and restoration, and other business contingency planning functions.
• Gather disaster recovery requirements from all relevant NIST guidance and applicable IRS and Treasury security policies.
• Align the delivery of the ISCP with the individual project schedule.
• Prepare the ISCP in conjunction with all required SA&A documentation.
• Meet with stakeholders and update the ISCP as required.
• Ensure the ISCP is tested and maintained.
• Ensure risk analyses are completed to determine cost-effective and essential safeguards.
• Review detailed descriptions of the controls, provide edits and feedback on their actionable quality, and based on the descriptions perform tests to prove the validity of these assertions through interviews, examining of evidence and either overseeing or directly running technical scanning tools against targeted systems.
• Ensuring that security requirements for the major application or general support system are compliant and consistent with NIST and Department of the Treasury security policy and procedures.
• Ensuring that requests for certification and accreditation of computer systems are completed in accordance with the published procedures.
• Ensuring preparation of security plans for sensitive systems and network
• Providing input to appropriate IT security personnel for preparation of reports to higher authority concerning sensitive and/or national security information systems.
• Preparing or Updating the following Documents: SSP, RA, CM, CP, IRP, ST&E (SCA Plan and Report), SAR, POA&M and MOU
CSSS.NET - 22 months ago
copy to clipboard