Information Technology Security Officer

Representative duties are intended to illustrate the major duties and responsibilities that are performed by this position. Representative duties may be adjusted and additional duties may be added based on the operational needs of the court and ITO. Primary responsibilities are project and program management (approximately 40-45% of time) and systems management support compliance monitoring and documentation (approximately 35-40% of time) with business analysis and other duties (approximately 15-20% of time) prioritized based on organizational needs and capacity.

• Security Operations and Compliance: Implement and maintain local security policies processes and technologies consistent with the national information security program. Monitor compliance with judiciary technology policies and security standards. Complete the annual Judiciary IT Scorecard self-assessment. Develop and maintain security documentation including policies procedures guidelines and checklists. Participate in the acquisition process following supply chain risk management practices and ensure procurements address security requirements. Prepare budget justifications for security initiatives and special management reports as needed. Coordinate IT disaster recovery and continuity planning including maintaining recovery procedures ensuring backup security and supporting periodic testing.
• Risk Assessment and Vulnerability Management: Conduct security risk and vulnerability assessments of planned and installed information systems to identify weaknesses risks and protection requirements. Perform technical research to identify potential vulnerabilities and threats in existing and proposed technologies. Communicate findings and recommend mitigation strategies. Coordinate with the Circuit Executives Office on risk management matters and contribute to the courts risk management framework. Participate in regular IT security and risk management meetings.
• Project Coordination: Plan and execute IT security projects developing project plans timelines and resource requirements. Coordinate security-related aspects of broader ITO projects ensuring security requirements are integrated throughout the project lifecycle. Provide regular project status updates and escalate issues through appropriate channels. Ensure project documentation and outcomes are communicated to stakeholders.
• Technical Security Services: Provide technical advisory services to securely design implement and maintain information technology systems applications cloud services and network infrastructure. Ensure confidentiality integrity and availability of systems applications networks and data across the system development lifecycle. Integrate security into system development by educating stakeholders and creating supporting methodologies and templates. Oversee implementation of security controls and generation of security documentation for system authorization.
• Training and Awareness: Conduct annual security awareness training for court staff. Provide security briefings updates and resources. Promote awareness and adoption of IT security best practices. Advise management on security needs objectives and vulnerabilities.
• General Responsibilities: Communicate and respond to judges chambers staff and management requests regarding court operations. Answer IT security questions for judges and staff and the public. Communicate clearly and effectively both orally and in writing to explain complex operational matters and concepts to individuals and groups with varying experience and backgrounds. Interact effectively with the public and staff providing good customer and quality service and resolving difficulties efficiently while complying with regulations rules and procedures. Develop implement and maintain written procedures for assigned functions. Comply with The Guide to Judiciary Policy applicable Administrative Office policies and procedures internal controls guidelines and all local policies and procedures. Abide by the Code of Conduct for Judicial Employees and court confidentiality requirements. Demonstrate sound ethics and good judgment at all times. Display a careful and deliberate approach in handling confidential information in a variety of contexts.

Conditions of employment

• Must be a U.S. citizen or eligible to work in the United States. Non-citizens may be interviewed and considered for employment but employment offers will only be made to individuals who qualify under one of the exceptions in 8 U.S.C. 1324b(a)(3)(B). Under 8 U.S.C.1324b(a)(3)(B) a lawful permanent resident seeking citizenship may not apply for citizenship until he or she has been a permanent resident for at least five years (three years if seeking naturalization as a spouse of a citizen) at which point he or she must apply for citizenship within six months of becoming eligible and must complete the process within two years of applying (unless there is a delay caused by the processors of the application). Non-citizens who have not been permanent residents for five years will be required to execute an affidavit that they intend to apply for citizenship when they become eligible to do so.
• All offers of employment are provisional pending successful completion of a background check or investigation and a favorable employment suitability determination. Initial and continued appointment in this position is conditioned on a favorable moderate risk five-year background investigation (renewed every five years). An unfavorable investigation at any point during employment may lead to removal.
• This position is subject to Electronic Funds Transfer (EFT) for payroll deposit.

Qualifications

Specialized Experience:

• CL 28 ($81906 - $133178): Candidates must possess at least two years of specialized experience in IT security. Experience must demonstrate knowledge of security principles risk assessment and vulnerability management and ability to communicate technical information to varied audiences and work collaboratively within a team environment. Specialized experience may be substituted by a masters degree from an accredited college or university in cybersecurity information assurance or related field.
• CL 29 ($97419 - $158334): In addition to CL-28 requirements at least one additional year of specialized experience demonstrating broader project coordination more independent risk assessment work and coordination of security initiatives across functional areas.

• Professional certifications: CISSP CISM CISA Security or GIAC certifications
• Federal government or federal judiciary IT security experience
• Experience with NIST Cybersecurity Framework or similar security frameworks
• Experience conducting security assessments and supporting audit activities
• Project management experience or PMP certification
• Experience working within a management team structure and coordinating across functional areas