Information Technology Security Officer

Full Job Description

The Information Technology Security Officer maintains the operational security posture for the United States Court of Appeals for the Federal Circuit, performing professional work related to security policy implementation, risk assessment, vulnerability management, compliance monitoring, incident coordination, and security awareness.

Specialized Experience: CL 28 ($81,906 - $133,178): Candidates must possess at least two years of specialized experience in IT security.

Experience must demonstrate knowledge of security principles, risk assessment, and vulnerability management, and ability to communicate technical information to varied audiences and work collaboratively within a team environment.

Specialized experience may be substituted by a master's degree from an accredited college or university in cybersecurity, information assurance, or related field.

CL 29 ($97,419 - $158,334): In addition to CL-28 requirements, at least one additional year of specialized experience demonstrating broader project coordination, more independent risk assessment work, and coordination of security initiatives across functional areas.

Preferred Qualifications: Professional certifications: CISSP, CISM, CISA, Security+, or GIAC certifications Federal government or federal judiciary IT security experience Experience with NIST Cybersecurity Framework or similar security frameworks Experience conducting security assessments and supporting audit activities Project management experience or PMP certification Experience working within a management team structure and coordinating across functional areas Major Duties:

Representative duties are intended to illustrate the major duties and responsibilities that are performed by this position.

Representative duties may be adjusted, and additional duties may be added, based on the operational needs of the court and ITO.

Primary responsibilities are project and program management (approximately 40-45% of time) and systems management support, compliance monitoring, and documentation (approximately 35-40% of time), with business analysis and other duties (approximately 15-20% of time) prioritized based on organizational needs and capacity.

Security Operations and Compliance: Implement and maintain local security policies, processes, and technologies consistent with the national information security program.

Monitor compliance with judiciary technology policies and security standards. Complete the annual Judiciary IT Scorecard self-assessment.

Develop and maintain security documentation including policies, procedures, guidelines, and checklists.

Participate in the acquisition process following supply chain risk management practices and ensure procurements address security requirements.

Prepare budget justifications for security initiatives and special management reports as needed.

Coordinate IT disaster recovery and continuity planning, including maintaining recovery procedures, ensuring backup security, and supporting periodic testing.

Risk Assessment and Vulnerability Management: Conduct security risk and vulnerability assessments of planned and installed information systems to identify weaknesses, risks, and protection requirements.

Perform technical research to identify potential vulnerabilities and threats in existing and proposed technologies. Communicate findings and recommend mitigation strategies.

Coordinate with the Circuit Executive's Office on risk management matters and contribute to the court's risk management framework. Participate in regular IT security and risk management meetings.

Project Coordination: Plan and execute IT security projects, developing project plans, timelines, and resource requirements.

Coordinate security-related aspects of broader ITO projects, ensuring security requirements are integrated throughout the project lifecycle.

Provide regular project status updates and escalate issues through appropriate channels. Ensure project documentation and outcomes are communicated to stakeholders.

Technical Security Services: Provide technical advisory services to securely design, implement, and maintain information technology systems, applications, cloud services, and network infrastructure.

Ensure confidentiality, integrity, and availability of systems, applications, networks, and data across the system development lifecycle.

Integrate security into system development by educating stakeholders and creating supporting methodologies and templates.

Oversee implementation of security controls and generation of security documentation for system authorization. Training and Awareness: Conduct annual security awareness training for court staff.

Provide security briefings, updates, and resources. Promote awareness and adoption of IT security best practices. Advise management on security needs, objectives, and vulnerabilities.

General Responsibilities: Communicate and respond to judges, chambers staff, and management requests regarding court operations. Answer IT security questions for judges and staff, and the public.

Communicate clearly and effectively, both orally and in writing, to explain complex operational matters and concepts to individuals and groups with varying experience and backgrounds.

Interact effectively with the public and staff, providing good customer and quality service and resolving difficulties efficiently while complying with regulations, rules, and procedures.

Develop, implement, and maintain written procedures for assigned functions.

Comply with The Guide to Judiciary Policy, applicable Administrative Office policies and procedures, internal controls guidelines, and all local policies and procedures.

Abide by the Code of Conduct for Judicial Employees and court confidentiality requirements. Demonstrate sound ethics and good judgment at all times.

Display a careful and deliberate approach in handling confidential information in a variety of contexts.