As a Supervisory IT Cybersecurity Specialist (Direct Hire), you will:

• Manage CDC cybersecurity policies, procedures, and processes while ensuring compliance with Federal Information Security Management Agency (FISMA), OMB, HHS, CDC and other government mandates, and regulations.
• Establish and oversee CDC information security risk management and compliance activities.
• Provide and manage a centralized network and security operations command and control center.
• Provide oversight and implementation of Information Security Continuous Monitoring (ISCM) activities, including maintenance of the agency's Continuous Diagnostics and Mitigation (CDM) program.
• Manage CDC risk management protocols, internal and external cybersecurity focused audits, and ongoing security awareness training and role-based training programs.
• Perform Personally Identifiable Information (PII) inventory and data classification mapping and work with the Chief Privacy Official and OCIO offices and customers to effectively implement data protections in support of program outcomes.

Conditions of employment

• US Citizenship is required.
• Background Investigation is required.
• E-Verify: If you are selected for this position, the documentation that you present for purposes of completing the Department of Homeland Security (DHS) Form I-9 will be verified through the DHS "E-Verify" System. Federal law requires DHS to use the E-Verify System to verify employment eligibility of all new hires, and as a condition of continued employment obligates the new hire to take affirmative steps to resolve any discrepancies identified by the system. The U.S. Department of Health and Human Services is an E-Verify Participant.
• Direct Deposit: All Federal employees are required to have Federal salary payments made by direct deposit to a financial institution of their choosing.
• All qualification requirements must be met by the closing date of the announcement.
• One-year probationary period may be required.
• Travel, transportation, and moving expenses will be paid: No
• Bargaining Unit Position: No
• Drug Screening Required: No
• Relocation Incentive maybe authorized: No
• Recruitment Incentive may be authorized: Yes
• Annual Leave for non-federal service may be authorized: No
• Supervisory position: Yes, Since this is a supervisory position, candidates must also have demonstrated or shown the potential to develop the necessary knowledge, skills, and abilities. A supervisory probationary period may be required. Applicants should describe any previous experience or responsibilities which could be used in relation to the supervisory requirements of this position.
• Public Trust/Moderate Background Investigation (5) is required

Qualifications

Minimum Qualifications:

Applicants must have at least one year of specialized experience at or equivalent to the GS-14 in the Federal service as defined in the next paragraph.

Specialized experience is experience which is directly related to the position which has equipped the applicant with the particular knowledge, skills and abilities (KSAs) to successfully perform the duties of the position to include experience directing a program responsible for aspects of information systems security to ensure confidentiality, integrity, and availability of systems, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information system security program policies, procedures, and tools within and across the enterprise.

Additional Qualifying experience for the GS-15 grade level requires IT-related experience that demonstrated each of the following four competencies: Attention to detail; customer service; oral communications; and problem solving.

1. Attention to Detail - Is thorough when performing work and conscientious about attending to detail.

2. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.

3. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.

4. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.

Cybersecurity Specialty Areas:

The following cybersecurity specialty areas are defined by the National Cybersecurity Workforce Framework (Framework), which is a national resource that categorizes and describes cybersecurity work. The incumbent may qualify in one or multiple specialty areas below.

Please select the specialty area (s) that apply to you:

• Vulnerability Assessment and Management: Conducts assessments of threats and vulnerabilities, determines deviations from acceptable configurations or enterprise or local policy, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations.
• Information Assurance (IA) Compliance: Oversees, evaluates, and supports the documentation, validation, and accreditation processes necessary to assure that new information technology (IT) systems meet the organization's information assurance (IA) and security requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives.
• Systems Requirements Planning: Consults with customers to gather and evaluate functional requirements and translates these requirements into technical solutions. Provides guidance to customers about applicability of information systems to meet business needs
• Test and Evaluation: Develops and conducts tests of systems to evaluate compliance with specifications and requirements by applying principles and methods for cost-effective planning, evaluating, verifying, and validating of technical, functional, and performance characteristics (including interoperability) of systems or elements of systems incorporating information technology (IT).
• Education and Training: Conducts training of personnel within pertinent subject domain. Develops, plans, coordinates, delivers, and/or evaluates training courses, methods, and techniques as appropriate. Develops policy or advocates for changes in policy that will support new initiatives or required changes/enhancements.
• Strategic Planning and Policy Development: Applies knowledge of priorities to define an entity's direction, determine how to allocate resources, and identify programs or infrastructure that are required to achieve desired goals within domain of interest. Develops policy or advocates for changes in policy that will support new initiatives or required changes/enhancements.
• Cybersecurity Supervision, Management and Leadership: Supervises, manages, and/or leads work and workers performing cybersecurity work.

How you will be evaluated

You will be evaluated for this job based on how well you meet the qualifications above.

Once the application process is complete, a review of the resume and supporting documentation will be made and compared against your responses to the assessment questionnaire to determine if you are qualified for this job. If, after reviewing your resume and/or supporting documentation, a determination is made that you have inflated your qualifications and/or experience, you may lose consideration for this position. Please follow all instructions carefully. Errors or omissions may affect your eligibility. Category rating procedures will be used to rate and rank candidates.

"Additional selections may be made for similar positions across the Department of Health and Human Services (HHS) within the local commuting area(s) of the location identified in this announcement. By applying, you agree to have your application shared with interested selecting official(s) at HHS. Clearance of CTAP/ICTAP will be applied for similar positions across HHS."

The utilization of shared certificates within multiple Centers of the Center of Disease Control and Prevention may be used from this vacancy announcement for specialties to include but not limited to: Applied Epidemiology, Behavioral Epidemiology, Chronic Diseases, Emergency Preparedness and Response, Emerging Infectious Diseases, Environmental Health, HIV/AIDS, Immunization, Infectious Diseases (e.g. Viral, Parasitic, etc.), Influenza, Malaria, Non-communicable Diseases, Outbreak Investigations, Sexually Transmitted Diseases (STDs), Surveillance, Tropical Medicine, Tuberculosis (TB), Viral Hepatitis, and/or Zoonotic Diseases.

Your qualifications will be evaluated on the following competencies (knowledge, skills, abilities and other characteristics).

• Cybersecurity Specialty Areas
• Information Security Risk Management Practices