Information Technology Security Officer

Full Job Description

The Information Technology (IT) Security Officer is located in the Information Technology Office (ITO) and is supervised by the Assistant Circuit Executive for Information Technology.

The position maintains the operational security posture for the United States Court of Appeals for the Federal Circuit, performing professional work related to security policy implementation, risk assessment, vulnerability management, compliance monitoring, incident coordination, and security awareness.

Specialized Experience: CL 26 ($62,212 - $101,109): Entry-level position. Candidates must possess at least one year of specialized experience in IT security.

Experience must demonstrate knowledge of security principles, risk assessment, and vulnerability management, and ability to communicate technical information to varied audiences and work collaboratively within a team environment.

Alternatively, candidates may qualify by completing a bachelor's degree with a major in cybersecurity, information assurance, or closely related field from an accredited college or university and superior academic achievement as listed below.

CL 27 ($68,346 - $111,099): At a minimum, candidates must possess at least two years of specialized experience in IT security.

Experience must demonstrate knowledge of security principles, risk assessment, and vulnerability management, and ability to communicate technical information to varied audiences and work collaboratively within a team environment.

CL 28 ($81,906 - $133,178): Candidates must possess at least three years of specialized experience in IT security.

Experience must demonstrate knowledge of security principles, risk assessment, and vulnerability management, and ability to communicate technical information to varied audiences and work collaboratively within a team environment.

Specialized experience may be substituted by a master's degree from an accredited college or university in cybersecurity, information assurance, or closely related field.

Superior Academic Achievement: An overall "B" grade point average equaling 2.90 or better of a possible 4.0; AND/OR Standing in the upper third of the class; AND/OR Grade point average 3.5 or better in the major field of study, such as Human Resources or a related field that would prepare a candidate well to perform in this position; AND/OR Election to membership in Phi Beta Kappa, Sigma XI, or one of the National Honorary Scholastic Societies meeting the minimum requirements of the Association of College Honor Societies, other than Freshman Honor Societies.

Completion of one academic year (18 semester or 27 quarter hours) of graduate study at an accredited college or university.

A degree program in cybersecurity, information assurance, or closely related field is preferred.

Preferred Qualifications: Professional certifications: CISSP, CISM, CISA, Security+, or GIAC certifications Federal government or federal judiciary IT security experience Experience with NIST Cybersecurity Framework or similar security frameworks Experience conducting security assessments and supporting audit activities Project management experience or PMP certification Experience working within a management team structure and coordinating across functional areas Major Duties:

Representative duties are intended to illustrate the major duties and responsibilities that are performed by this position.

Representative duties may be adjusted, and additional duties may be added, based on the operational needs of the court and ITO.

Primary responsibilities are project and program management (approximately 40-45% of time) and systems management support, compliance monitoring, and documentation (approximately 35-40% of time), with business analysis and other duties (approximately 15-20% of time) prioritized based on organizational needs and capacity.

Security Operations and Compliance: Implement and maintain local security policies, processes, and technologies consistent with the national information security program.

Monitor compliance with judiciary technology policies and security standards. Complete the annual Judiciary IT Scorecard self-assessment.

Develop and maintain security documentation including policies, procedures, guidelines, and checklists.

Participate in the acquisition process following supply chain risk management practices and ensure procurements address security requirements.

Prepare budget justifications for security initiatives and special management reports as needed.

Coordinate IT disaster recovery and continuity planning, including maintaining recovery procedures, ensuring backup security, and supporting periodic testing.

Risk Assessment and Vulnerability Management: Conduct security risk and vulnerability assessments of planned and installed information systems to identify weaknesses, risks, and protection requirements.

Perform technical research to identify potential vulnerabilities and threats in existing and proposed technologies. Communicate findings and recommend mitigation strategies.

Coordinate with the Circuit Executive's Office on risk management matters and contribute to the court's risk management framework. Participate in regular IT security and risk management meetings.

Project Coordination: Plan and execute IT security projects, developing project plans, timelines, and resource requirements.

Coordinate security-related aspects of broader ITO projects, ensuring security requirements are integrated throughout the project lifecycle.

Provide regular project status updates and escalate issues through appropriate channels. Ensure project documentation and outcomes are communicated to stakeholders.

Technical Security Services: Provide technical advisory services to securely design, implement, and maintain information technology systems, applications, cloud services, and network infrastructure.

Ensure confidentiality, integrity, and availability of systems, applications, networks, and data across the system development lifecycle.

Integrate security into system development by educating stakeholders and creating supporting methodologies and templates.

Oversee implementation of security controls and generation of security documentation for system authorization. Training and Awareness: Conduct annual security awareness training for court staff.

Provide security briefings, updates, and resources. Promote awareness and adoption of IT security best practices. Advise management on security needs, objectives, and vulnerabilities.

General Responsibilities: Communicate and respond to judges, chambers staff, and management requests regarding court operations. Answer IT security questions for judges and staff, and the public.

Communicate clearly and effectively, both orally and in writing, to explain complex operational matters and concepts to individuals and groups with varying experience and backgrounds.

Interact effectively with the public and staff, providing good customer and quality service and resolving difficulties efficiently while complying with regulations, rules, and procedures.

Develop, implement, and maintain written procedures for assigned functions.

Comply with The Guide to Judiciary Policy, applicable Administrative Office policies and procedures, internal controls guidelines, and all local policies and procedures.

Abide by the Code of Conduct for Judicial Employees and court confidentiality requirements. Demonstrate sound ethics and good judgment at all times.

Display a careful and deliberate approach in handling confidential information in a variety of contexts.