Previous Job
Previous
Cybersecurity Training Specialist
Ref No.: 17-22325
Location: Woodlawn, Maryland
Start Date: 12/27/2017
 Job Description
The Social Security Administration (SSA) Office of Information Security (DCS/DCIO/OIS) has the overall responsibility to coordinate and provide cybersecurity awareness training for all SSA employees, as well as role-based cybersecurity training for individuals with significant cybersecurity responsibilities. To carry out these activities, OIS' Cybersecurity Academy (Cyber Academy) was established and tasked with providing a training framework and leadership necessary to enhance employee awareness and specialized role-based training opportunities for agency personnel as mandated by the Federal Information Security Modernization Act (FISMA) of 2014.
 
Contractor support is needed to mature and enhance the Agency's Cyber Academy by achieving the following objectives:
•             Enhancing the Cyber Academy's training strategy and plan to align with federal regulation and guidance
•             Assessing the Agency's awareness training needs based on existing employee's knowledge, skills, and abilities
•             Assessing the specialized training needs of all agency positions with assigned National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NCWF) cybersecurity work roles
•             Developing new, or enhancing existing, role-based training curriculums and learning paths for all agency personnel in NCWF cybersecurity work roles
•             Performing skills-gap analyses of all OIS personnel and major agency cybersecurity programs and strategies (e.g. Information Security Continuous Monitoring, Incident Response, Risk Management) 
•             Developing enhancements to Deputy Commissioner of Human Resources (DCHR) Employee Training Portal or an alternate mechanism for capturing and reporting completed role-based training evidence
•             Developing or enhancing automated mechanism(s) for assessing the training needs of employees occupying positions with assigned NCWF cybersecurity work roles.
 
Technical Skills Skill Years/Level of Experience
  Mandatory Cybersecurity training / strategy 2+
    NIST SP 800-53, NIST 800-16, and FISMA 2+
  NICE Cybersecurity Workforce Framework (NCWF) 2+  
Developing role-based training curriculums 2+  
Performing skills gap analysis 2+  
Enhancing training portal / alternate mechanism for capturing and reporting completed role-based training evidence 2+  
  Developing automated mechanisms for assessing training needs for employees with assigned NCWF work roles 2+  
  Understanding of database systems, programming languages, and automation methods for capturing and reporting training records 2+  
  Preferred Project Management 2+  
 
Responsibilities:
The objective of this call order is for OIS to utilize contractor services to support our expanding workload for identifying positions and personnel with significant cybersecurity responsibilities and developing role-based cybersecurity training curriculums. 
SSA requires contractor support services to:
  • Ensure SSA's Cyber Academy Strategy and Plan adequately addresses the following structural elements as required by FISMA:
    • Structure of awareness and training program, priorities, funding, the goals of the program, target audiences, types of courses/material for each audience, use of technologies, frequency of training, and deployment methods
    • Define and incorporate procedures for leveraging skills assessments in all of the NIST Cybersecurity Framework Functional Areas (Identify, Protect, Detect, Respond, Recover). 
  • Recommend and develop mechanisms for monitoring and analyzing qualitative and quantitative performance measures on the effectiveness of SSA's Cyber Academy Strategy and Plan
  • Assess the Agency's awareness and role-based (specialized training) needs and provide recommendations for improvement
    • Develop automated mechanism(s) for conducting/surveying employees' awareness training needs
    • Develop or enhance existing automated mechanisms for assessing employees' role-based training needs
    • Analyze assessment results and provide recommendations for tailoring awareness and role-based training to address identified needs and close skill gaps
  • Assess the effectiveness of existing awareness and training content and activities
    • Recommend and develop mechanisms for collecting, monitoring, and analyzing qualitative and quantitative performance measures on the effectiveness of security awareness and training content and activities
    • Recommend improvements to awareness and training program based on collected performance measures
  • Conduct skills-gap analyses of OIS personnel and major agency cybersecurity programs and strategies
    • Leverage employee training needs assessments to identify and document cybersecurity skills gaps
    • Formulate recommendations for closing identified cybersecurity skills gaps
  • Create new, or enhance existing, role-based training curriculums and learning paths for personnel in NCWF cybersecurity work roles
    • Document role-based training and certification requirements for each NCWF Work Role 
    • Build role-based training curriculums and learning paths for cybersecurity work roles according to collected requirements and known tasks/knowledge, skills, and abilities associated with NCWF work roles
  • Develop an automated mechanism for capturing and reporting role-based training evidence
    • Modify/enhance existing DCHR Employee Training Portal to capture and report role-based training artifacts
Explore alternate strategies for collecting, housing, and reporting role-based training evidence, including the possibility of building a standalone application