Why you can’t decide (And what to do about it)
May 27, 2016
Commentary: The rapidly changing digital world can leave tech executives feeling overwhelmed when they're faced with charting the course of their company's cybersecurity strategy.
David Stegon was a staff reporter for FedScoop and StateScoop from 2011-2014.
The Department of Commerce is looking for a director of cyber security and chief information security officer. The job pays between $119,554 and $179,700 per year and is open for applications until July 11.
The position, Director of Cyber Security and Chief Information Security Officer, is located within the Office of the Chief Information Officer (OCIO). The incumbent shares in the duties and responsibilities of the Chief Information Officer and is responsible for directing and implementing the Department-wide cyber security program, including the development and promulgation of a sound risk management framework for the Department, along with associated policy, procedures, and operations.
The incumbent directs the cyber security programs and staff in the OCIO. While most of the Department’s operating units have local and independent information technology (IT) security programs and activities, the incumbent serves key Department-wide IT security functions, including policy development, oversight, management of Department-wide IT security programmatic and operational initiatives, and various interagency liaison roles.
The incumbent interprets Federal laws, regulations, policies, and guidance, works to establish Department-wide standards for IT security capabilities and technologies where appropriate, and ensures that the Department implements a Federal Information Security Management Act (FISMA) compliant program, participates in the Federal Financial Management Improvement Act (FFMIA) assessments, and completes responsibilities under the Federal Managers Financial Integrity Act (FMFIA) for internal controls.
The incumbent directs the Department’s IT Security, Policy and Compliance Program, developing and overseeing the implementation of a Department-wide IT risk management framework, including IT security policies, directives, guidelines, and procedures that help to ensure the confidentiality, integrity, and availability of the Department’s IT systems and data. The Program also oversees status of corrective actions being taken across the Department to improve IT security.
The incumbent also directs the Department’s Enterprise Security Program, which focuses on effectively and efficiently implementing Department-wide IT security initiatives. The Program supports analysis, planning, design, implementation, documentation, assessment and overall management of the DOC-wide IT security projects. The program also oversees Computer Incident Response, Security Operations Center, and continuous monitoring capabilities. The Program works in coordination with operating units to identify opportunities for standardization on IT security policies, procedures, tools, and technologies, and coordinates strategies to address security-related mandates and security implications of emerging technologies.
The incumbent also directs the Department’s National Security and Critical Infrastructure Protection Program. National security activities focus on ensuring appropriate secure communications and connectivity among various bureaus and offices within the Department. Critical infrastructure protection activities involve oversight and coordination of and Department-wide plans for continuity of operations efforts associated with critical IT systems as well as compliance with IT-related provisions associated with various critical infrastructure protection policies and directives.