Major Duties (may include a variety of these duties, but are not limited to the following):
All Grades
1. Provides technical oversight to the House Information Security Compliance Program to ensure all software systems are implemented according to House information security policies and technical guidelines.
2. Conducts in-depth technical security reviews, risk assessments, and source code reviews of software systems during all phases of the system development life cycle and provides recommendations for improvements.
3. Provides guidance to system owners in the development, and technical review of, System Security Plans which document all technical and procedural security features of a software system.
4. Provides technical support for responding to and implementing Office of Inspector General recommendations.
5. Provides technical guidance in the development and revision of House information security policies.
6. Responds to security requests from Members, Committees and House support offices. Conducts security training, investigations, and systems configuration reviews.
7. Develops and implements information security policies and procedures. Reviews and enforces compliance with established policies and procedures. Analyzes network security environment and user requirements with current security regulations and guidelines to determine security functional requirements.
8. Develops enterprise risk analysis strategy to support the House network infrastructure, major applications, and desktop systems.
9. Develops, conducts, and prepares reports for security audits, reviews and other actions, as appropriate.
10. Ensures the rigorous application of information security policies, principles, and practices in the delivery of all IT services.
11. Interacts with product designers and developers to analyze security features of product, research and correct failures, identify security improvements or enhancement capabilities, and recommend modifications.
12. Participates in network and systems design to ensure implementation of appropriate systems security features.
13. Perform other official duties as required.
Grade 12 (in addition to above duties)
1. Directs the activities of technical staff by establishing, assigning, and reviewing daily and long-term projects; establishing goals and objectives; training new employees, and evaluating work performance.
2. Provides technical guidance and training to information owners, other organizational security officers, and IT associates.
3. Works with executive management to determine acceptable levels of risk for the enterprise.
4. Monitors the selection, installation, testing, and operation of information security software programs in order to ensure such programs meet defined system security needs.