“The Office of the Deputy Commissioner, Systems directs the conduct of systems and operational integration and strategic planning processes, and the implementation of a comprehensive systems configuration management, database management and data administration program. Led by the Associate Commissioner (AC), the Office of Information Security (OIS) is responsible for managing and directing the Social Security Administration’s (SSA) overall information systems security program.”
- The AC, OIS oversees the development, management and oversight of functions for agency-wide IT security policies, procedures, and security operations. The organization’s robust IT security program includes: Personally Identifiable Information (PII) training and awareness and serving as a liaison to components and system developers; protecting the confidentiality, integrity, and availability of SSA’s computer systems and information; identifying and implementing risk-based security controls; conducting compliance reviews, evaluating trends, and tracking security metrics to gauge compliance and effectiveness; analyzing risks, vulnerabilities and trends to identify threats and to identify solutions to mitigate threats; and identifying appropriate risk mitigation strategies to support SSA’s evolving technology and business processes.
- The incumbent designs, develops, and maintains SSA’s network infrastructure security policy. This encompasses researching, evaluating, and analyzing current and emerging technologies relevant to SSA’s information security architecture. They recommend functional specifications and coordinates the implementation of SSA’s network security architecture including hardware, software, devices, applications, and settings. The Associate Commissioner provides security advice and recommendations to the agency’s Architecture Review Board. They ensure the application development lifecycle provides for the appropriate control, audit, security, and supply chain risk mitigation process and provides recommendations or clarifications on that process. The AC, OIS provides guidance, direction, and advice on the Continuity of Operations Plan (COOP), incident response, and disaster and emergency planning for the CIO. They also maintain the appropriate COOP documentation.
- The AC, OIS oversees the design, development, and maintenance of SSA’s overall information security policy. This encompasses the design, development, and implementation of information security training for SSA. They provide guidance, direction, and advice to SSA’s information security specialists and information systems security officers. Manages the access control process for SSA, including policy, procedures, and forms. The incumbent provides oversight of the access control systems used at SSA and provides guidance and approval on proper use and administration of those resources. They also provide oversight and management of the Critical Infrastructure Protection Program. The AC, OIS provides oversight of SSA’s implementation of the Federal Information Systems Management Act and ensures SSA follows appropriate guidance and recommendations from the OMB, National Institute of Standards and Technology (NIST), and other applicable guidance.”
G2X TAKE: Following the recent departure of Chief Information Security Officer Rob Collins, the Social Security Administration is advertising an SES role that designs, develops, and maintains SSA’s network infrastructure security policy to include researching, evaluating, and analyzing current and emerging technologies relevant to SSA’s information security architecture.