About the role

Information Systems Security Officer role responsible for IT security policies and incident response. Supporting NOAA's mission with expertise in federal information security and compliance standards.

Responsibilities

Develop and implement IT security policies and procedures to safeguard NOAA's information systems and data.
Support annual training for all personnel accessing sensitive information to ensure awareness and compliance with security protocols.
Provide guidance and instruction to staff regarding their individual responsibilities within the cybersecurity framework.
Implement and manage security technologies (firewalls, encryption, vulnerability scanning) to protect NOAA’s IT resources and ensure they remain secure.
Lead efforts to respond to and investigate IT security incidents, ensuring quick, effective resolution and coordination with relevant parties.
Collaborate with NOAA departments and external agencies to ensure a unified approach to IT security across the organization.
Oversee the accreditation of NOAA’s IT systems, ensuring systems meet established security standards and guidelines.
Provide continuous monitoring of NOAA’s IT infrastructure, ensuring ongoing situational awareness and early detection of security threats.
Assess vulnerabilities and security risks within NOAA’s systems, proposing and implementing risk mitigation strategies.
Participate in ongoing Security Assessments for each application, including support for achieving and maintaining an Authority to Operate (ATO), and addressing security issues identified in the POA&M and Security Assessment Report.
Implement data masking procedures to protect Personally Identifiable Information (PII).

Proven experience in IT security roles, preferably in a federal or governmental environment.
Experience with Cloud Responsibility Model and keeping it updated.
Tracking and following Compliance Standards via NIST.
Experience using Tenable scan utility.
Experience using ArcSight and BigFix asset inventory tools.
Project Management (Self-directed management of projects).
Technical Writing.
Knowledge of security frameworks (NIST, ISO 27001, etc.) and security tools.
Familiarity with incident response processes and vulnerability management.
Experience with security accreditation and continuous monitoring.
Strong communication and collaboration skills, with the ability to work across multiple teams and agencies.
Ability to obtain and maintain a Public Trust background check.

Comprehensive Health Benefits (Medical, Dental, and Vision) including High Deductible Health Plan where the company pays 100% of the deductible for your family.
Flexible Spending Accounts (FSA) & Health Savings Account (HSA).
Retirement Plan with 4% match and discretionary match at year end.
Paid Time Off (PTO): 15 days of PTO accrued per year; 7 holidays + 3 Floating holidays; 2 Innovation days (paid training days).
Short Term and Long-Term Disability.
Paid Parental Leave.
Paid Jury Duty leave.
Life and AD&D Insurance.
Critical Illness Insurance.
Training and Development.
Wellness Incentives & Discount programs.
Employee Referral Program.