Director of Information Security
Company: Universal Service Administrative Company
Posted on: January 14, 2018
We are currently seeking an experienced, dynamic and collaborative professional to serve as Director of Information Security within our Information Technology team. This person will provide leadership, direction, and management oversight to the team supporting USAC---s information confidentiality, integrity, and availability functions. The Director of Information Security ensures that all security, confidentiality, and privacy requirements are understood, monitors compliance with such requirements, and regularly assesses vulnerability status and related remediation efforts. The Director of Information Security also partners with enterprise risk and compliance functions to ensure business and IT alignment.
This is an outstanding career opportunity for an individual interested in a genuine professional challenge in support of a public-spirited mission.
The position---s essential duties include the following:
- Ensures the confidentiality, integrity, and availability of USAC---s information assets and adequately protects that information consistent with information risk management policies that are compliant with the National Institute of Standards and Technology (NIST) and Federal Information Security Management Act (FISMA) requirements.
- Identifies IT security risks and implements effective processes to address the associated exposures and facilitate business continuity.
- Oversees the Risk Management Framework in accordance with NIST Special Publication (SP) 800-37, including categorization, control selection, control implementation, control assessment, and authorization.
- Prepares security authorization packages in accordance with federal requirements.
- Assesses and mitigates system security risks; determines and analyzes security requirements for implementation and testing.
- Reviews and continuously monitors implemented security controls.
- Creates and maintains security checklists, templates and other tools to aid in the Assessment and Authorization (A&A) process.
- Performs security control assessment using NIST SP 800-53A guidance and as per continuous monitoring requirements.
- Performs risk analyses to determine and recommend essential safeguards.
- Proactively mitigates system vulnerabilities and recommends compensating controls.
- Develops core documents such as System Security Plan, Business Impact Analysis, Contingency Plan, Incident Response Plan, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, Configuration Management Plan, in accordance with applicable standards, including, but not limited to FISMA SP 800-34, 800-37, 800-53, and Federal Information Processing Standard (FIPS) 199.
- Maintains Plan of Action and Milestones (PO&AMs) and supports remediation activities, including any audit findings related to the IT organization and information security operations.
- Maintains an inventory of hardware and software for the information systems.
- Serves as secondary contact for the annual FISMA audit.
- Develops, tests and trains on Contingency and Incident Response planning.
- Effectively communicates accurate and current status of the USAC security and risk posture to various stakeholders, including USAC executives and various FCC staff.
- Manages a group of security architects, engineers, and administrators to provide 24 x7 security support. Defines roles and responsibilities, manages project activities, budgets and priorities, and provides performance reviews and development for all information security team members.
- Manages the development and implementation of the IT security roadmap and ensures security is integrated into all IT and other USAC roadmaps as appropriate (e.g., business process changes, IT system upgrades, etc.).
- Successfully manages and verifies the implementation of security policies and procedures within project activities managed by the Project Management Office, Application Development groups, and Infrastructure Operations; ensuring that projects properly comply with all established policies and change management processes.
- Manages annual review cycle to ensure all security operations functions are well documented and are in compliance with NIST and FISMA requirements.
- Establishes and maintains an effective partnership with USAC---s programs, IT organization, FCC, and vendors.
A Bachelor---s Degree in Information Technology, Computer science, or Engineering is preferred; relevant work experience (over ten years) may be acceptable.
7-10 years--- work experience
7 -10 years--- managing people and building teams
Experience managing various stakeholders, both internal and external
Strong experience and knowledge in the following areas expected:
- Audit Assessment Experience (internal and external)
- Active Directory Systems
- Network Security
- Database Security
- Operating Security
- Application Security
- System Security
- Security Incident Management
- Enterprise IT Policy and Definitions
- Staff Management
- CISSP Certified Information Systems Security Professional
- CISM Certified Information Security Manager
- SANS Certification
Through its administration of the $10 billion Universal Service Fund (USF) programs on behalf of the FCC, USAC works to promote the availability of quality services at just, reasonable and affordable rates and to increase access to advanced telecommunications services throughout the nation. Specifically, the USF programs provide funding for the expansion of telecommunications and broadband access to rural communities and health care facilities, schools and libraries across the country, and low income households. Through program administration, auditing, and outreach, USAC works with contributors, service providers, and program beneficiaries to achieve the program goals articulated by the FCC for each of these programs.
The FCC has reformed the USF to support further investment in and access to evolving broadband infrastructure, making the programs a primary vehicle to support this critical national priority. USAC, as the administrator of the USF, plays a critical role in supporting the ambitious vision to ensure that all citizens in the United States have access to high-speed broadband. The organization has approximately 500 employees with an operating budget of more than $200 million. USAC works in close partnership with the FCC and other federal and state partners to support the achievement of the USF program goals.
USAC administers the USF programs---High Cost, Lifeline, Rural Health Care, and Schools and Libraries. USAC strives to provide efficient, responsible stewardship of the programs, a key national asset in making important telecommunications and Internet services available to consumers, health care providers, schools, and libraries throughout the United States. The program divisions are supported by additional USAC personnel in Finance, General Counsel, Information Systems, Internal Audit, the Enterprise Program Management Office and Human Resources. Consistent with FCC rules, USAC does not make policy for or interpret unclear provisions of statutes or the FCC---s rules.
Universal service is paid for by contributions from telecommunications carriers, including wireline and wireless companies, and interconnected Voice over Internet Protocol providers, including cable companies that provide voice service, based on an assessment of their interstate and international end- user revenues. These contributions are most typically passed through to consumers through a universal service fee line item on their telephone bills.
Additional information on USF programs can be found at: http://www.usac.org/about/about/who-we- are/default.aspx
USAC offers a comprehensive benefits package, ongoing professional development opportunities, including vacation and sick leave.
USAC is an Equal Opportunity Employer. Only principals will be accepted. No agencies please.
To apply, please submit a cover letter and resumes, click the ---Apply For This Job Online--- button
USAC employees are passionate about our mission. Our work contributes to the success of all Americans. We---ve worked together to build a culture that is collaborative, ambitious, outcome-oriented, and feedback-focused.
Keywords: Universal Service Administrative Company, Washington DC, Director of Information Security, Accounting, Auditing, Washington, DC
Didn't find what you're looking for? Search again!