An official website of the United States government
The FHFA Office of Inspector General (FHFA-OIG) is responsible for, among other things, conducting audits, investigations, and other activities of the programs and operations of FHFA, and recommending polices that promote economy and efficiency in the administration of, and prevent and detect fraud, waste, and abuse in, FHFA's programs and operations.
As an IT Specialist (INFOSEC), you will be responsible for performing IT audits in conformance with applicable professional standards. Learn more about this agency02/27/2023 to 04/10/2023
$70,549 - $172,102 per year
EL 9 - 12
1 vacancy in the following location:
No
Yes—as determined by the agency policy.
Occasional travel - Occasional travel may be required.
Yes—Relocation expenses may be paid.
Permanent -
Full-time -
Competitive
13
No
No
23-FHFAIG-10-MP
708983600
Federal employees who meet the definition of a "surplus" or "displaced" employee.
Family members of a federal employee or uniformed service member who is or was, working overseas.
Current or former competitive service federal employees.
Certain current or former term or temporary federal employees of a land or base management agency.
Individuals eligible under a special authority not listed above, but defined in the federal hiring regulations.
All candidates who are current or former federal employees qualifying as Status Candidates, Federal employees currently serving on a VRA, VEOA eligibles, CTAP/ICTAP eligible, eligible for special hiring authorities (e.g., the Schedule A appointment for persons with disabilities, or covered by an Interchange Agreement), or VRA eligibles, or Land Management employees eligible under Public Law 114-47.
The following are the duties of this position at the EL-13. (Equivalent to the GS-13) If you are selected at a lower grade level, you will have the opportunity to learn to perform all these duties and will receive training to help you grow in this position.
- Lead various teams of lower-graded staff in ensuring highly technical and complex audits of IT systems and information systems security programs and practices conform to applicable professional standards and FHFA OIG policy. Prepare proposals for future audits of aforementioned systems, programs, and practices. Conduct and/or review pre-audit and evaluation research of any prior audits reports, as well as related laws, regulations, policies, and procedures. Assign tasks and provides technical and administrative guidance to team members. Serve as liaison with auditee representatives.
- Conduct and/or participate in briefings with OA and auditee management to discuss issues, status of audits, outcomes of testing, and audit results. Prepare and/or reviews audit reports and supporting documentation prepared by team members ensuring compliance with applicable professional standards and OIG policy. Monitor implementation of corrective actions recommended in audit reports. Participate in preparing responses to Congressional requests, and in preparing summaries of Congressional hearings.
- Lead vulnerability assessments and penetration tests to identify security vulnerabilities, causes of systems weaknesses, and identify instances of lack of compliance with IT security requirements; and perform analysis of vulnerabilities and risks and makes recommendations to improve security measures and countermeasures to mitigate IT security risks: lead audits of disaster recovery exercises to identify weaknesses in continuity of operations and make recommendations for ensuring the safeguarding of information systems and their availability in the event of a disaster; lead audits of IT systems and information systems security programs and practices to determine compliance with FISMA and make recommendations to mitigate identified security weaknesses; and lead audits of cloud systems, virtual servers, and web servers and applications to determine whether controls and protections are in place, sufficient and effective for securing aforementioned systems. Lead IT security control testing of emerging and evolving technologies. Ensure that findings are supported by adequate documentation in conformance with applicable professional standards and FHFA policy.
- Review work products prepared by team members to ensure accuracy and sufficiency of support for identified weaknesses in IT systems security and information systems program and practices, and compliance with applicable professional standards and FHFA OIG policy. Provide on-the-job training on use of electronic audit documentation system and audit tasks such as interviewing, testing, program and system processes observation, and report writing.
- As a Contracting Officer's Representative (COR) in the event an audit is contracted, perform technical contracting functions, including drafting statements of work (SOWS), preparing cost estimates, and developing technical standards of performance. Participate in procurement technical evaluation panels to evaluate bids. This includes reviewing and evaluating proposals on factors such as technical approach, qualifications of key personnel, past experience, management plan, labor effort, and price quotation. Make recommendations concerning contractors and proposals to the rest of technical evaluation team. Prepare contract modifications. Participate in briefings with contractors to discuss issues, the status of the audits, and audit results. Review contractors' approach and plan for carrying our audit plans of IT systems security and information systems security programs and practices, status reports, audit reports, audit documentation, and other deliverables prepared by contractors ensuring conformance with applicable professional standards, FHFA OIG policy, and the contract. Review and approve payment of contractor invoices.
- Performs other duties as assigned.
- A one year probationary period may be required.
- Must successfully complete a background investigation.
-Public Trust - Background Investigation will be required.
- Complete a Declaration for Federal Employment to determine your suitability for Federal employment, at the time requested by the agency
- If you are a male applicant born after December 31, 1959, certify that you have registered with the Selective Service System or are exempt from having to do so.
- Have your salary sent to a financial institution of your choice by Direct Deposit/Electronic Funds Transfer.
- Go through a Personal Identity Verification (PIV) process that requires two forms of identification from the Form I-9. Federal law requires verification of the identity and employment eligibility of all new hires in the U.S.
- Obtain and use a Government-issued charge card for business-related travel.
- File a Confidential Financial Disclosure Report within 30 days of appointment and annually from then on.
- If you are retired from the Federal Government and are selected for this vacancy, your retirement annuity may be offset from your pay.
Key Requirements:
Specialized Experience: For the EL-12, you must have one year of specialized experience at a level of difficulty and responsibility at the EL-11/GS-11 level in the Federal service or equivalent, which have equipped the candidate with the particular knowledge, skills, and abilities to successfully perform the duties of the position. Specialized experience for this position includes experience performing IT security work demonstrating experience with, and applying, Federal Information Security Modernization Act, Office of Management and Budget (OMB) Circular No. A-130, Appendix III, and National Institute of Standards and Technology (NIST) standards and guidelines when conducting performance audits over information technology/cyber security, in accordance with generally accepted government auditing standards (GAGAS) or equivalent non-federal auditing standards and guidelines.
Examples of such experience could include:
- Serving as a core member of a project team or subject matter expert in conducting research of reports, laws, regulations, policies, and procedures related to IT or IT security;
- Working as part of a team developing plans for IT audits or IT Security assessments;
- Working on a team involved with IT security control test work (e.g., vulnerability assessment, penetration tests, FISMA control testing, cloud security control assessment);
- Drafting workpapers or sections of report documenting IT audit or IT security assessment findings.
AND
In addition to meeting specialized experience, applicants must have proficiency in each of the four competencies listed below:
- Attention to Detail, such as monitoring implementation of recommended corrective actions.
- Customer Service, such as participating in briefings concerning contractors and proposals.
- Oral Communication, such as conducting briefings with management to discuss issues, status, and findings of IT audits.
- Problem Solving, such as planning and conducting security control test work.
Specialized Experience For the EL-11, you must have one year of specialized experience at a level of difficulty and responsibility at the EL-09/GS-09 level in the Federal service or equivalent, which have equipped the candidate with the particular knowledge, skills, and abilities to successfully perform the duties of the position. Specialized experience for this position includes experience performing structured IT audit security work using testing tools to develop more in-depth experience promoting awareness of security issues among management and ensuring sound security principles are reflected in organizations visions and goals.
Examples of this experience could include:
- Experience assisting more experienced staff in preparing proposals or plans for IT audits or IT security assessments.
- Participate in IT security control test work (e.g., vulnerability assessment, penetration tests, FISMA control testing, cloud security control assessment).
- Experience conducting pre-audit research of prior audit/evaluation reports, laws, regulations, and procedures related to IT or IT security assessments.
AND
In addition to meeting specialized experience, applicants must have proficiency in each of the four competencies listed below in their IT-related experience:
- Attention to Detail, such as reviewing work products prepared by team members to ensure accuracy and sufficiency of support for identified weaknesses.
- Customer Service, such as reviewing and approving payment of contractor invoices.
- Oral Communication, such as providing on-the-job training on use of electronic audit documentation system.
- Problem Solving, such as participating in audits of disaster recovery exercises to identify weaknesses in continuity of operations and make recommendations for ensuring the safeguarding of information systems and their availability in the event of a disaster.
OR
You may substitute education for specialized experience as follows: Ph.D. or equivalent doctoral degree, or 3 full years of progressively higher-level graduate education leading to a Ph.D. or equivalent doctoral degree. Attach a copy of transcript or list of college courses designating semester or quarter hours earned to ensure proper credit. The degree is in computer science, engineering, information science, information systems management, mathematics, operations research, statistics, or technology management or degree that provided a minimum of 24 semester hours in one or more of the fields identified above and required the development or adaptation of applications, systems or networks.
Specialized Experience For the EL-09, you must have one year of specialized experience at a level of difficulty and responsibility at the EL-07/GS-07 level, or equivalent, that is directly related to the position and which has equipped the candidate with the particular knowledge, skills, and abilities to successfully perform the duties of the position. Specialized experience for this position includes performing highly structured, entry level IT security audit work designed to develop broader and more in-depth knowledge and skill needed to perform higher level assignments, such as ensuring the integrity and availability of systems and networks through analysis of information systems security programs, policies, and procedures.
Examples of such experience could include:
-Experience applying operational standards to identify, isolate and resolve issues.;
-Experience participating in audit, assessment, evaluation or analytical reviews in accordance with an established process.;
-Experience assisting with the audit analysis and testing of IT systems security controls.
AND
In addition to meeting specialized experience, applicants must have IT-related proficiency in each of the four competencies listed below.
-Attention to Detail, such as preparation of supporting documents for an IT audit.
-Customer Service, such as serving as liaison with auditee representatives for a team.
-Oral Communication, such as assisting with preparation of pre-audit and exit conferences.
-Problem Solving, such as assisting with pre-audit research.
OR
You may substitute education for specialized experience as follows: Master's degree or equivalent graduate degree or 2 full years or progressively higher level graduate education leading to a Master's or equivalent graduate degree, in computer science, engineering, information science, information systems management, mathematics, operations research, statistics, or technology management or degree that provided a minimum of 24 semester hours in one or more of the fields identified above and required the development or adaptation of applications, systems or networks.
In addition to the above requirements, you must meet the following time-in-grade requirement, if applicable:
For the EL-12, you must have been at the EL/GS-11level for 52 weeks.
For the EL-11, you must have been at the EL/GS-09level for 52 weeks.
For the EL-09, you must have been at the EL/GS-07level for 52 weeks.
- We may select from this announcement or any other source to fill one or more vacancies.
- Relocation expenses may be paid.
- This is a non-bargaining unit position.
- Telework opportunities are offered per agency policy.
- We offer opportunities for flexible work schedules.
- Occasional travel may be required.
Our employees enjoy all the standard federal benefits, plus additional agency-specific benefits. Our benefits package includes:
-HEALTH INSURANCE: A variety of Federal Employee Health Benefit plans to choose from which can be paid from pre-tax income. FHFA-OIG pays 90% of the bi-weekly premium.
-DENTAL and VISION INSURANCE: 100% of the premium for employees and their family members (including domestic partners).
-401(k) PLAN: In addition to the Thrift Savings Plan (TSP), FHFA-OIG employees are eligible to participate in a separate agency-sponsored 401(k) plan. FHFA-OIG provides a 100% employer matching contribution of up to 3 percent of your salary that you contribute. The plan offers multiple investment options. Funds from qualified plans of previous employers can be rolled over to your 401(k) account.
-COMMUTING EXPENSES: FHFA-OIG provides monthly transportation and parking subsidies to employees who commute to work on public transportation. Employees who do not commute via public transportation may apply for free parking at the building.
-GYM: Free use of an on-site gym and locker room with shower facilities when at the HQ building.
-REIMBURSEMENTS and STIPENDS: Fees forprofessional licenses/certifications and professional liability insurance may be reimbursed. Health and Wellness stipends are provided to eligible employees each year for activities related to promoting a healthy lifestyle and work-life balance. Travel stipends are provided to employees who travel over 50 nights per fiscal year.
Learn more about Federal benefits programs at: https://help.usajobs.gov/index.php/Pay_and_Benefits
You will be evaluated for this job based on how well you meet the qualifications above.
You will be evaluated based on how well you meet the qualifications listed in this vacancy announcement. Your qualifications will be evaluated based on your application materials (e.g., resume, supporting documents), the responses you provide on the application questionnaire, and the result of the online assessments required for this position. In order to be considered for this position, you must complete all required steps in the process.
In addition to the application and application questionnaire, this position requires an online assessment. The online assessment measures critical general competencies required to perform the job. Overstating your qualifications and/or experience in your application materials or application questionnaire may result in your removal from consideration. Cheating on the online assessment may also result in your removal from consideration. Please be sure that your résumé includes detailed information to support your qualifications for this position; failure to provide sufficient evidence in your résumé may result in a "not qualified" determination.
Rating: Your application will be evaluated in the following areas:
A complete application includes 1. A résumé, 2. Vacancy question responses, and 3. Submission of any required documents. Please note that if you do not provide all required information, as specified in this announcement, you may not be considered for this position (or may not receive the special consideration for which you may be eligible).
Please ensure all required documents, including any required work samples, narratives, or other materials as stated in this announcement, are attached to your application package
All applicants are required to submit a résumé either by creating one in USAJOBS or uploading one of their own choosing. (Cover letters are optional.) To receive full credit for relevant experience, please list the month/date/year and number of hours worked for experience listed on your résumé. We suggest that you preview the online questions, as you may need to customize your résumé to ensure that it supports your responses to these questions. Please view résumé tips.
CURRENT AND FORMER FEDERAL EMPLOYEES -- Documentation Relating to Your Federal Employment:- Submit a copy of your SF-50, Notification of Personnel Action, which shows your current (or most recent) grade and competitive service status. (The "position occupied" block on the SF-50 should show a "1" and your "tenure" block should show a "1" or "2".)
- If you are currently on a Veterans Recruitment Appointment (VRA), submit a copy of an SF-50 showing that. Also, you must submit a copy of your DD214 or other documentation showing dates of service and type of discharge and any other applicable documents such as SF-15, VA letters, etc.
- Indicate on your application the highest permanent grade you have held; if this grade is different from your current grade, submit a copy of an additional SF-50 showing this grade.
If you are applying under a special hiring authority (e.g. Military Spouses, Interchange Agreement, VEOA, VRA, Schedule A Disability, etc.), please see applicant guide for required documentation. In order to be eligible under one of these authorities, you must submit all required documentation as outlined in the applicant guide.
REINSTATEMENT: If you are a former federal employee and wish to be non-competitively reinstated for a higher grade or full performance level than which you left federal employment, you MUST provide a copy of your separation SF50 (the "position occupied" block on the SF-50 should show a "1" and your "tenure" block should show a "1" or "2") AND the last performance appraisal you received from your federal employment which shows at least a fully successful rating.
Education must be accredited by an accrediting institution recognized by the U.S. Department of Education in order for it to be credited towards qualifications. Therefore, provide only the attendance and/or degrees from schools accredited by accrediting institutions recognized by the U.S. Department of Education.
Failure to provide all of the required information as stated in this vacancy announcement may result in an ineligible rating or may affect the overall rating.
FHFA-OIG has partnered with the Treasury's Bureau of the Fiscal Service to provide certain personnel services to its organization. Fiscal Service's responsibilities include advertising vacancies, accepting and handling applications, and extending job offers.
Please review the entire announcement before applying.
The Bureau provides reasonable accommodation to applicants with disabilities on a case-by-case basis. Please contact us if you require this for any part of the application and hiring process.
To apply for this position, you must complete the initial online application, to include the initial online assessment and submission of the required documentation specified in the Required Documents section above. The complete application package must be submitted by 11:59 PM (ET) on the closing date of the announcement to receive consideration.
The application process is as follows:
1. To begin the application process, click the Apply Online button.
2. Answer the questions presented in the application and attach all necessary supporting documentation.
3. Click the Submit Application button prior to 11:59 PM (ET) on the announcement closing date.
4. After submitting an online application, you will be notified whether or not you are required to take additional online assessments through the USA Hire Competency Based Assessment system. This message will be delivered to you via email notification. The email may be routed to your "Spam" or "Junk" folder.
5. If you are asked to take the USA Hire Competency Based Assessments, you will be presented with a unique URL to access the USA Hire system. Access to USA Hire is granted through your USAJOBS login credentials. Be sure to review all instructions prior to beginning your USA Hire Assessments. Click here for Computer System Requirements (https://help.usastaffing.gov/Apply/index.php?title=USA_Hire_System_Requirements)
6. Note, set aside at least 3 hours to take these assessments; however, most applicants complete the assessments in less time. If you need to stop the assessments and continue at a later time, you can reuse the URL sent to you via email and also found in your USAJOBS account under the "Track my application" link for the corresponding application.
To update your application, including supporting documentation, at any time during the announcement open period, return to your USAJOBS account (https://usajobs.gov). There you will find a record of your application, the application status, and an option to Edit my application. This option will no longer be available once the announcement has closed.
To verify the status of your application both during and after the announcement open period, log into your USAJOBS account at https://www.usajobs.gov. On the Home page, scroll down and locate your job application. Once the job has been located, click the "Track this application" link on the right under the application date. The page will refresh to display the Agency's Application Information page where you can scroll down and review any notifications the agency has sent you. The Application Status will appear along with the date your application was last updated. For information on what each Application Status means, visit: https://www.usajobs.gov/Help/how-to/application/status/.
Please notify us if your contact information changes after the closing date of the announcement. Also, note that if you provide an email address that is inaccurate or if your mailbox is full or blocked (e.g., spam-blocker), you may not receive important communication that could affect your consideration for this position.
For additional information on how to apply, please visit the Partnership for Public Service's Go Government website.
To preview the assessment questionnaire: https://apply.usastaffing.gov/ViewQuestionnaire/11841147
Based on your application and your responses to the application questionnaire, you may be presented with instructions on how to access the USA Hire system to complete the online assessments. The online assessments must be completed within 48 hours following the close of this announcement. You will have the opportunity to request a testing accommodation for the assessment should you have a disability covered under the Americans with Disabilities Act (ADA).
Your assessment results will be kept on record for one year and used toward future positions for which you might apply that require the same assessments.
Once the online questionnaire is received, you will receive an acknowledgement email that your submission was successful. We will review your resume and transcript(s) (if appropriate) to ensure you meet the basic qualification requirements. We will evaluate each applicant who meets the basic qualifications on the information provided and may interview the best-qualified applicants. After making a tentative job offer, we will conduct any required suitability and/or security background investigation.
The Federal hiring process is set up to be fair and transparent. Please read the following guidance.
This job originated on www.usajobs.gov. For the full announcement and to apply, visit www.usajobs.gov/job/708983600. Only resumes submitted according to the instructions on the job announcement listed at www.usajobs.gov will be considered.
Learn more about
Become a part of the most challenging and important mission in the country today. The Federal Housing Finance Agency (FHFA), Office of Inspector General (FHFA-OIG) ensures that all FHFA programs and operations are effective and efficient by conducting audits, investigations and reviews of the activities, programs, and other operations of the FHFA, and recommending courses of action designed to assist the FHFA in promoting economy and efficiency in the administration of its programs and operations.
