IT Program Manager (ENTRACH/INFOSEC)

Full Job Description

See below for important information regarding this job. Position will be filled at any of the locations listed below.

Site specific salary information as follows: Battle Creek, MI: $125,776- $163,514 Columbus, OH: $131,245- $170,624 Dayton, OH: $130,461 - $169,604 Fort Belvoir, VA: $143,913- $187,093 New Cumberland, PA: $143,913- $187,093 Ogden, UT: $125,776- $163,514 Philadelphia, PA: $138,595- $180,178 Richmond, VA: $131,385- $170,806 To qualify for a Program Analyst, your resume and supporting documentation must support: A.

Specialized Experience: One year of specialized experience that equipped you with the particular competencies to successfully perform the duties of the position and is directly in or related to this position.

To qualify at the GS-14 level, applicants must possess one year of specialized experience equivalent to the GS-13 level or equivalent under other pay systems in the Federal service, military, or private sector.

Applicants must meet eligibility requirements including time-in-grade (General Schedule (GS) positions only), time-after-competitive appointment, minimum qualifications, and any other regulatory requirements by the cut-off/closing date of the announcement.

Creditable specialized experience includes: Conducting privacy controls assessments from laws, regulations, and other directives to provide advice on safeguarding privacy programs and related issues.

Demonstrating program/project management to organize, analyze and evaluate a variety of services and dissimilar functions and activities into logical and efficient efforts by which a specific, desired result may be achieved.

Advises on privacy principles and concepts for Federal Information Systems, organizations principles, and auditing practices. B.

Education: Applicants may not qualify for this position based on education in lieu of specialized experience.

Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional, philanthropic, religious, spiritual, community, student, social).

Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment.

You will receive credit for all qualifying experience, including volunteer experience. Major Duties:

• Serves as the Senior Privacy Engineer ensuring privacy compliance within the DLA Risk Management Framework (RMF).
• Works with DLA ISSMs to ensure evidentiary materials necessary to document both privacy specific, and privacy related, control compliance documentation has been placed into DLA's Enterprise Mission Assurance Support Service (eMASS) application.
• Provides direct support for DLA's efforts to ensure that the technical, administrative, and physical safeguard requirements are integrated into the DLA Information Technology life cycle and DLA's implementation of the RMF.
• Implements compliance review policies and procedures for DLA information systems and support ongoing authorization practices for privacy and data protection considerations.
• Responsible for designating system-specific, hybrid, or common controls and defining which NIST SP 800-53 privacy controls are available for inheritance.
• Works with program managers and ISSMs to review information system designs, early in an information system's life cycle, to identify privacy exposures, risks, and propose potential mitigations.
• Leads the analysis of privacy design requirements through sound design methodology, efficient privacy control application, and effective configuration practices.
• Develops a risk management and compliance framework for privacy at DLA.
• Documents DLA applications' privacy design and the implementation of the appropriate Privacy Overlay assigned security and privacy controls to ensure the application protects the conf identicality and integrity of PII.
• Prepares a variety of reports that include, but are not limited to, audit reports that identify technical and procedural findings.
• Recommended remediation strategies/solutions, and DLA artifacts and documents for the annual Federal Information Security Modernization Act (FISMA) reporting.