Office of the Chief Information Officer

On this Page:

• Office of the Chief Information Officer
• Cyber and Information Security Division
• Division of Resource Management and Administration
• Data, Information Management, and Enterprise Governance Division
• IT Services Development and Operations Division

Office of the Chief Information Officer

Chief Information Officer: Scott Flanders
Deputy Chief Information Officer: Caroline Carusone

The Office of the Chief Information Officer (OCIO) plans, directs, and oversees the resources to ensure the delivery of information technology (IT) and information management (IM) services that are critical to support the mission, goals, and priorities of the agency. The OCIO coordinates activities associated with NRC's participation in the Federal Chief Information Officer Council. In addition, the OCIO coordinates and oversees the development of agency wide information resources management policy and consolidates office responses to the Commission, Office of Management and Budget (OMB), and congressional inquiries.

The CIO is the NRC Chief Freedom of Information Act (FOIA) Officer and acts as deciding official on appeals of FOIA determinations. The CIO is also responsible for overseeing the agency’s information collection activities in accordance with the Paperwork Reduction Act and OMB’s implementing regulations.

The Deputy CIO also oversees the OCIO Customer eXperience (CX) Program and FinOps Program.

Cyber and Information Security Division

Director/Chief Information Security Officer: Garo Nalabandian, Acting
Deputy Director/Deputy Chief Information Security Officer: Katie Harris, Acting

The Cyber and Information Security Division (CISD) oversees the daily operation and implementation of the NRC’s IT security strategy. The Director serves as the agency Chief Information Security Officer (CISO) responsible for directing continuous monitoring of current IT security practices and systems and identifying areas for improvement. CISD conducts security and risk assessments and delivers new security technology approaches and implements next generation solutions. In addition, the CISD, oversees the management of the IT security program, providing leadership to the team and developing staff. The CISD develops and implements business continuity plans to ensure service is continuous when a change program is introduced, or a security breach occurs, or in the event that the disaster recovery plan needs to be triggered; protects the intellectual property of the organization at all times; and devises strategies and implements IT solutions to minimize the risk of cyber-attacks.

The division also maintains and enhances information security-related efforts, including managing and implementing the Controlled Unclassified Information (CUI), Privacy, and Supply Chain risk management programs; manages compliance with laws, regulations, and principles of fiscal integrity; and determines measures to reduce costs where appropriate. The division manages and coordinates responses to the Cybersecurity and Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB) for cybersecurity and privacy reporting under the Federal Information Security Modernization Act (FISMA) and coordinates agency cybersecurity responses to directives and incidents. It manages the coordination of responses to Privacy Act Requests with Freedom of Information Act (FOIA) staff and has an advisory role on Personally Identifiable Information (PII) issues.

The Director also serves as the Senior Agency Official for Controlled Unclassified Information (CUI).

As the NRC’s Senior Agency Official for Privacy, the Director has overall responsibility and accountability for ensuring NRC’s implementation of information privacy protections.

Information Assurance and Oversight Branch
Chief: Tung Truong, Acting

The Information Assurance and Oversight Branch (IAOB) implements, and maintains the agency’s information security policies, procedures, and standards. In addition, IAOB performs security audits; provides IT Security compliance support; manages IT security and reporting compliance information with external agencies; oversees Federal Information Technology Acquisition Reform Act (FITARA) cybersecurity activities; and prepares recommendations for CISO and CIO approval.

The branch provides and develops reporting of information security role-based training and annual awareness training. The branch also provides ISSO support for agency infrastructure systems and information assurance (IA) monitoring.

Security Operations Branch
Chief: James Peyton Sr., Acting

The Security Operations Branch (SOB) monitors Information Security Situational Awareness; maintaining the Information Security Operations Center (SOC). The branch handles infrastructure operational security and engineering; data loss prevention (DLP); designing and implementing new cybersecurity systems, tools, and capabilities; managing the agency Continuous Diagnostic and Mitigation (CDM) program; and performing Information Security Incident Analysis and Response. The branch is also responsible for the design, deployment, operational support, monitoring of Identity Credentialing and Access Management (ICAM) services.

Division of Resource Management and Administration

Director: Susan Kenney
Deputy Director: Anthony DeJesus

The Division of Resource Management and Administration (DRMA) oversees budget execution and formulation for OCIO and related performance reporting requirements. DRMA also provides advice and assistance in connection with the execution and administration of office contracts. In addition, the division coordinates quarterly performance plan reviews, and provides oversight of all aspects of human capital management, correspondence, Internal Controls, and communication within the OCIO.

In addition, DRMA oversees the governance and adoption of IT products and technological solutions and manages the Technical Reference Model (TRM). Additionally, the division oversees the agencywide IT/IM investment performance and reporting to OEDO and OMB, manages the Agency’s Capital Planning and Investment Control (CPIC) policy and processes, and leads and coordinates the Technology Business Management (TBM) taxonomy of services.

The CPIC Team coordinates with the Financial Management Branch to ensure that investments align with TBM requirements and agency needs; establishes and supports the IT project delivery lifecycle processes; supports and improves program and project management methods, reporting, and tools; and manages FITARA implementation and reporting. In addition, the division manages the IT investment governance process through the Information Technology Business Council (ITB) and the IT portfolio Executive Council (IPEC), in collaboration with Program offices.

Financial Management Branch
Chief: Heather Jones

The Financial Management Branch (FMB) oversees the agency-wide IT/IM business lines budget formulation and execution activities, such as the agencywide execution year IT budget data calls, and submissions. This branch manages the formulation of the IT/IM budget for submission to senior agency management and the Chief Financial Officer. The branch also oversees the development of deliverables consistent with requirements of the agency leadership, Commission, and the Office of Management and Budget. In addition, the branch manages the agency’s IT/IM budget execution including, funding IT/IM contracts; reviewing commitment and spending activities; and providing budget planning, acquisition, and oversight. The branch also maintains IT/IM budget data, facilitation of execution year change requests and leads the IT/IM purchases.

Data, Information Management, and Enterprise Governance Division

Director/Chief Data Officer: Basia Sall
Deputy Director: Ramesh Chintagumpala

The Data, Information Management, and Enterprise Governance Division (DIME) ensures the Agency's IT/IM investments, capabilities, and plans are continuously aligned with and prioritized by the Agency's goals and mission requirements. The Director also serves as the Chief Data Officer. The division also manages compliance with laws, regulations, and principles of fiscal integrity; determines measures to reduce costs where appropriate.

The division is responsible for leading, directing and planning the design, development and administration of the NRC's enterprise and data architecture; data and information technology (IT) governance objectives; and information management (IM) programs including, records management, Freedom of Information Act (FOIA), information collections, and library services.

The division develops and manages the agency’s data and IT governance framework to ensure IT and data strategic alignment, IT and data resource management, risk management, performance measurement, and IT and data value delivery. DIME also manages the agency’s data and IT intake process and Digital Services Center.

In addition, the division manages the lifecycle of official agency records, and the implementation of NRC's FOIA and Information Collections programs; maintains collections of agency documents, and is the agency repository for industry Codes and Standards, and other technical publications of the Technical Library and Public Document Room.

Digitization, Processing, and Records Branch
Chief: Leah Kube

The Digitization, Processing, and Records Branch (DPRB) ensures information management policy, standards, and governance are developed and followed based on applicable laws and regulations and, when appropriate, industry best practices. The branch also manages the agencywide records program and records lifecycle management and develops a structured framework for classifying and organizing NRC information. DPRB operates and oversees the NRC's Document Processing Center (DPC); establishes and maintains document profiles and access rights; determines document availability. In addition, the branch establishes, maintains, and supports agency forms and ADAMS users. The Branch Chief serves as the Agency Records Officer.

The branch manages and implements the Sensitive Unclassified Non-Safeguards Information (SUNSI) program.

Architecture and Digital Governance Branch
Chief: Yen-Ming Chen

This branch oversees the enterprise, data, and cloud architecture to support the agency's mission and program goals. In addition, the branch oversees all aspects of Information Technology (IT) and data governance in guiding IT and data investment decisions, preventing duplicate efforts, and identifying areas of improvement.

The branch leads the design, development and administration of the NRC's enterprise IT and data architecture and governance objectives; guides the development of IT and data architecture principles and standards for the agency; and oversees development and implementation of the Agency's IT Cloud Strategy.

Additionally, the branch manages enterprise, data, and cloud architecture-related audits and data calls with the Office of Investigations and the Government Accountability Office and reporting compliance information to the Office of Management and Budget, Department of Homeland Security, and other agencies.

FOIA, Library, and Information Collections Branch
Chief: Stephanie Blaney

The FOIA, Library, and Information Collections Branch (FLICB) manages the Public Document Room; conducts outreach to user groups, such as the Public ADAMS Users Group; and manages the Technical Library services, including access to subscriptions, cataloguing collections, inter-library loans, and providing reference assistance for other mission-supporting resources.

The branch manages the agency's FOIA program, coordinates with program office staff to release responsive records to many audiences and compiles the required quarterly and annual FOIA reports for the Department of Justice.

Branch staff also are responsible for facilitating the publication of the agency’s Federal Register notices, draft and final rules, and obtaining clearances from the Office of Management and Budget for the NRC’s rules and regulations. The NRC Clearance Officer and Freedom of Information Act Officer are members of this Branch.

IT Services Development and Operations Division

Director: Jonathan Feibus, Acting
Deputy Director: Ramesh Chintagumpala, Acting
Deputy Director: Rob Heard, Acting

The IT Services Development and Operations Division (SDOD) oversees and manages the entire IT service lifecycle, from design through the development process to deployment, and maintenance support.

The SDOD functions are designed to unify development and operations at the culture, practice and tool levels to achieve accelerated and more frequent deployment of changes to production; enhance the coordination between IT Services and other IT/IM functions and further automate processes to accelerate delivery; and manage platforms, systems, services, and related infrastructure in a manner that accelerates delivery and increases efficiency and re-use.

The division is also responsible for broad system, service, support and automation functions, delivery of Agency-wide or specialized systems and support services, coordinating line-of-business systems activities, and infrastructure and security related operations.

Application Development Services Branch
Chief: Melissa Ash, Acting

The Application Development Services Branch (ADSB) handles the integration and deployment of enterprise and business solutions. The branch supports existing systems and extensible/reusable software platforms and services. It aids the agency transitions to cloud-based software platforms; and supporting and coordinating line-of-business solutions. In addition, the branch identifies opportunities to transition to cloud-based low/no-code software platforms for business solutions, content management, records management, search/discovery, and advanced technologies.

Enterprise Applications Platforms and Services Branch
Chief: Edward Madden

The Enterprise Applications Platforms and Services Branch (EAPSB) plans, implements, and coordinates key IT/IM capabilities and platforms such as Microsoft 365 products and services (e.g., Outlook, Teams, OneNote, OneDrive, SharePoint, Word, Excel, PowerPoint, etc.), Webex, Windows, etc.; also provides operational support for programs such as Mobility and Remote Access (Azure Virtual Desktop). The branch also manages the release and deployment of workstation and server updates, infrastructure platforms and enterprise solutions. Additionally, the branch also supports web content management and delivery for Intranet and Internet services.

The branch ensures appropriate web content management and delivery for Intranet and Internet, which supports the Enterprise Test and Development Environment; and manages mission applications, operations, and enhancements.

Infrastructure Services Branch
Chief: Kenneth Dunbar

The Infrastructure Services Branch (ISB) manages large Agency Telecommunications contracts (e.g., VOIP, EIS); monitors and maintains network operations; managing data centers, related infrastructure services and facilities; provides analysis and support.

The branch also maintains the Enterprise Development & Test Environment infrastructure; modernizes and refreshes the IT infrastructure; supports cloud offerings in PaaS and Infrastructure as a Service (IaaS) and manages the Network Operations Center (NOC).

Service Fulfillment and Delivery Branch
Chief: Robert Heard

The Service Fulfillment and Delivery Branch is responsible for IT services, processes, procedures, and data repositories to ensure the delivery of agency information technology (IT) resources. It serves as the integrator between the NRC customers, IT support contracts, acquisitions and OCIO Service Owners. The branch utilizes the Information Technology Service Management (ITSM) framework and Information Technology Asset Management (ITAM) best practices to promote robust IT/IM asset management policies and procedures and enhance the customer experience.

The Service Fulfillment and Delivery branch responsibilities include establishing, managing, and maintaining agency IT/IM lifecycle asset management via the Customer Support Center (CSC), NRC Service Catalog, Customer Outreach activities, Service Delivery Model (SDM), and the IT Purchasing Process which includes emergent and non-emergent needs. In addition, the branch provides a comprehensive IT asset and configuration data management service with the coordination of release and deployment functions. The branch leverages various tools and data sets to develop and maintain data analytics dashboard visualizations used for data driven decision-making.