Project Manager
GDH

Definition

This is fully functional complex through highly complex professional security and compliance work in the regulation of access to systems to prevent unauthorized access, modification, destruction, or disclosure of agency information.

 

Employees work independently to monitor data security and implement controls.  Work involves supporting security operations (i.e. intrusion detection/prevention, web filtering, vulnerability scans) to continually monitor technology resources and participates in analyzing the environment for security threats/vulnerabilities and unauthorized access.   Employees are proficient in more than one recognized information security domain. Work is supervised by a higher-level Security and Compliance Coordinator, Supervisor, or Manager.

 

Examples of Work

·        Responds to complex security requests, problem reports, questions, and incident reports; recommends or takes corrective action and follows-up on corrective actions to ensure that threats and vulnerabilities are addressed.

·        Performs forensic examinations to ensure proper containment and preservation of evidence, tracking of forensic events, maintenance of the chain of custody, and other related tasks.

·        Plans and performs audits and assessments of processes, employee practices, network operations and components, servers, telecommunications, applications, and other technology resources to evaluate policy and regulatory compliance, threats, and vulnerabilities, and weak or missing controls.

·        Guides risk assessment exercises to identify, evaluate, and address processes and operations posing security threats or significant vulnerabilities; prepares and presents audit and assessment findings, as well as recommendations of options to mitigate risks, achieve policy and regulatory compliance, and strengthen controls.

·        Reviews logging information for assigned systems and devices to identify abnormal or irregular use.

·        Develops and updates business continuity and disaster recovery protocols.

·        Provides technical assistance to lower-level Security and Compliance Specialists.

·        Supports technology tools typically used in audits, assessments, monitoring, analysis, and reporting.

·        Develops customized information security training and awareness presentations; responds to questions and resolves problems related to training; monitors employee compliance with information security training policies.

·        Recommends security products, services, and/or procedures to enhance security and deliver operational efficiencies.

·        Performs related work as assigned.

 

Compensable Factors

·        Graduation from an accredited four-year college or university with a bachelor's degree in computer science, mathematics, engineering, or a closely related field.

·        Considerable experience in information technology security and compliance analysis work in more than one recognized information security domain.