In order to qualify for this position, resumes must provide sufficient experience and/or education, knowledge, skills, and ability to perform the duties of the position. Applicant resumes are the key means for evaluating skills, knowledge, and abilities as they relate to this position therefore, applicants are encouraged to be clear and specific when describing experience.

Duties include but are not limited to:

• Develops policies and procedures to ensure information systems reliability and accessibility and to prevent and defend against unauthorized access to systems, networks, and data.
• Prepares and maintains information systems assurance and accreditation materials.
• Assesses threats to and vulnerabilities of computer systems to develop a security risk profile.
• Collects and maintains data needed to meet system cybersecurity reporting.
• Develops methods to monitor and measure risk, compliance, and assurance efforts.
• Ensures cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.
• Tracks audit findings and recommendations to ensure appropriate mitigation actions are taken.
• Provides technical expertise in overall risk management practices, continuous monitoring, and improvements to the security posture of the enterprise.
• Develops policies and procedures to ensure compliance with the Federal Risk and Authorization Management Program (FedRAMP) and Department of Defense FedRAMP+ Cloud Computing data security requirements.
• Coordinates and conducts systems security evaluations, audits, and reviews.
• Ensures the rigorous application of information security/information assurance policies, principles, and practices in the delivery of all IT services.

Conditions of employment

• Must successfully pass the E-Verify employment verification check. Any discrepancies must be resolved as a condition of employment.
• Must pass all applicable records and background check.
• Participation in Direct Deposit/Electronic Fund Transfer within the first 30 days of employment is required.

Qualifications

• Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
• Knowledge of Risk Management Framework requirements.
• Knowledge of information systems security principles and concepts.
• Knowledge of security assessment and authorization processes.
• Knowledge of Federal information systems security protocols sufficient to develop, implement, and coordinate activities designed to protect and restore systems.
• Skill in the interpretation of IT policies, standards, and guidelines.
• Skill in the maintenance of systems or network accreditation.
• Skill in the integration of information systems security with other security disciplines.
• Skill in analyzing/evaluating data and preparing reports.
• Ability to coordinate and/or collaborate on security activities.
• Ability to analyze and recommend resolution of complex issues affecting the specialty area.
• Ability to provide technical advice to personnel at all levels within CNIC enterprise.
• Ability to communicate effectively both orally and in writing.

How you will be evaluated

You will be evaluated for this job based on how well you meet the qualifications above.

All resumes will be reviewed to determine if they meet the hiring eligibility and qualification requirements listed in this announcement, and will be rated based on the information provided in the resume to determine the level of knowledge, skills and abilities (KSAs) related to the job requirements. Using the qualifications of the position, a predetermined rating criterion of KSAs will be used for each resume. Best qualified applicants will be referred to the hiring manager. The selecting official may choose to conduct interviews.