Job Description

Computer World Services, Corporation (CWS) is seeking an exceptional candidate to serve as Team Leader - Security for the NIH IT CSPSS customer service Portfolio that consists of a full range of NIH IT Service Desk and Desktop Support services, IT Training, and related resource services. The NIH IT Service Desk provides technical support to the NIH community via the World Wide Web and phone. The Service Desk receives over a thousand requests for service every business day.

Where issues cannot be resolved in-house, they are assigned to support staff in each of NIH’s ICs. Support cases are assigned and resolved using the NIH IT Service Desk IT Service Management System (ITSM), supported by the CIT Business Application Services (BAS) and the Service Desk’s Automated Call Distribution System administered by CIT Unified Connectivity and Communication (UCC) service area.

The candidate will be responsible for applying an enterprise-wide set of disciplines for the planning, analysis, design, and construction of information systems on an enterprise-wide basis or across a major sector of the enterprise. Develop analytical and computational techniques and methodology for problem solutions. Perform enterprise-wide strategic systems planning, business information planning, business, and analysis. Perform process and data modeling in support of the planning and analysis efforts using both manual and automated tools, such as Integrated Computer-Aided Software Engineering tools. Apply reverse engineering and re-engineering disciplines to develop migration strategic and planning documents. Provide technical guidance in software engineering techniques and automated support tools. Provide daily supervision and direction to staff.

Key Tasks and Responsibilities

• Identify requirements and policies for Desktop Security Implementation Support (e.g., events that trigger an Security implementation)
• Support planning and implementation of new and/or updated technology requirements across CIT, and in the future, potentially across some, or all of NIH
• Support the tracking, documentation, and remediation of security incidents on ITSS systems as requested by the NIH Information Security Program and CIT or IC leadership. Support activities may include, but are not limited to:

• Triage any reported audit findings, vulnerabilities, or weaknesses to determine ownership, applicability, urgency, and potential operational impact on ITSS systems
• The remediation or mitigation of any identified weaknesses, audit findings, or other security issues, as directed by the customer
• Serve as a technical liaison for ITSS to the NIH Information Security Program, CIT leadership, and other security personnel, auditors, or technical assessors

• Use NIH-approved tools to support scanning, documentation, tracking, and remediation activities for vulnerabilities on ITSS systems, including, but not limited to the following:

• Provide recommendations for mitigations or corrective actions to resolve identified vulnerabilities or security concerns
• Take corrective actions at the direction of the customer
• Develop vulnerability analysis reports and trends as requested
• Provide input on vulnerability management policies and procedures

• Support Assessment and Authorization activities associated with all ITSS systems, including but not limited to the following:

• Develop and maintain of Authorization to Operate (ATO) documentation, including System Security Plans, FIPS-199 Categorization, E-Authentication (ETA/ERA), and Privacy Impact Assessments (PIAs)
• Develop Plans of Actions and Milestones (POA&Ms) or waivers to address all accepted vulnerabilities and system weaknesses in accordance with appropriate HHS/NIH and NIST guidance

• Provide monitoring and reporting on compliance with relevant security policies, procedures, guidance, and best practices in accordance with HHS/NIH policies. These items include, but are not limited to:

• Configuration Baselines
• Encryption Standards
• Required Security Tools and Agents
• Organizationally defined critical and high-risk vulnerabilities

• Support the evaluation, review, and implementation of any new or updated security requirements as issued by HHS/NIH, CIT leadership, or other federal requirements Support activities may include, but are not limited to:

• The evaluation and review of existing system configurations or security settings to identify gaps, constraints, and resource requirements
• Propose technical solutions or alternatives to execute, measure, and report compliance with new or updated requirements
• The development of new or updated policies, procedures, and work instructions to allow staff to support compliance with all downward directed security initiatives

Job Requirements: