Previous Job
Previous
Information Security Expert
Ref No.: 18-02894
Location: Rockville, Maryland
Start Date / End Date: 07/01/2018 to 06/30/2023



Job Description
Job Title Information Security Expert
Client Department of Health and Human Services, The National Cancer Institute
Place of Performance 9609 Medical Center Dr, Rockville, MD 20850 and remote work depending upon CBIIT program requirements.
Resume Due 05/01/2018
Number of Positions 1
No of Resumes 1
Period of performance 5 years (07/01/2018 - 06/31/2023)
Working Hours 8:00 am to 5:00 pm Monday through Friday, exclusive of government holidays
US Citizen Yes
Security Clearance Not required

Scope of Work:
The purpose of this requirement is to acquire several classes of management and enterprise Information Technology (IT) security support services including but not limited to delivery order management, IT Security project management support, IT security policy and compliance support, and IT security outreach and awareness support.

The scope of the NCI ESP is to plan, promote and coordinate the execution of security related activities across the NCI enterprise leading to the goal of protecting confidentiality, integrity, and availability for NCI IT systems and data, as well as the protection of NCI's intellectual property and reputation pertaining to matters of security.

The ESP requires support in two areas:
1) Policy and Compliance;
2) Security Outreach and Awareness.
  • SECURITY PROGRAM ADMINISTRATION SUPPORT
    • NCI IT System Inventory
  • SECURITY MANAGEMENT SUPPORT
    • Security Assessment and Authorization Support
    • Annual Contingency and Disaster Recovery Testing
      • Contingency Plan Documentation and Testing
      • Disaster Recovery Plan Testing (DRP)
    • Security Training

Job Duties
Functional Responsibility:
  • Analyzes and/or establishes processes and technologies to ensure comprehensive protection exists on computer systems to prevent unauthorized entry to computer systems or compromise of data integrity or secrecy.
  • Supports the performance or evaluation of security assessment and accreditation activities on IT systems and applications, including assisting with security audits (i.e., FISMA), risk assessments, security plans, preparing supporting documentation and system test and evaluations.
  • Develops or reviews security policies and procedures.
  • Provides up-to-date working knowledge in areas such as computer viruses, intrusion detection systems, encryption systems, firewalls, access and authentication technologies, etc.
  • May be responsible for penetration testing, survivability and vulnerability analysis, and contingency/disaster recovery planning and testing.
  • Maintains an inventory of NCI Information Technology Systems. (This does not include hardware or most Commercial Over the Counter software).
  • Prepares material to train project managers and system owners in FISMA compliance.

Qualification:

Minimum Experience: Eight years of progressive technical experience in the area of Information Systems, with at least five years of specialized experience in the area of Information Systems Security.

Minimum Education: Bachelor's Degree in Computer Science, Information Systems, Electrical Engineering, or other related scientific or technical discipline.

Education Substitution: Four additional years of experience in related field.