Specifications include, but are not limited to: • Provide assistance with policy, procedure, standards and guidelines development, review, implementation, and ongoing revisions. • Security Risk Management including sustaining of existing risk management frameworks or delivery of risk frameworks that include registration, classification, and management of risk. • Operationalization and ongoing management of internal and external security audits o Full audit management of Plan of Action and Milestone (POA&M) and IRS Corrective Action Plan (CAP) remediation. o Acting as lead for external auditors, providing artifacts, scheduling meetings, etc. • Oversight of security architecture o Documentation of System Security Plans (SSP) for in-scope systems, and delivery of IRS required Safeguard Security Report (SSR). o Review (as required) for changes in the infrastructure components against compliance and security best practice. o Participate in Operation Change Review Board (OCRB) to review configuration/architecture/system changes o Evaluate and recommend best practices for system security architecture with a primary focus on improving the security posture within the environment. • Oversight of security information and event management (SIEM) o Manage current security information and event management (SIEM) solution (Splunk) to include maintenance, management, and routine upgrades of Splunk application components. o Incident analysis, handling, and alerting via Splunk managed services within 24 hours of any incident o As needed, architectural planning and technical engineering support for expanding the logging platform (Splunk) to cover additional initiatives
