Clarification from the agency

Your application will be considered if you are a: GSA employee - must be employed in GSA; GSA surplus or displaced employees in the local commuting area who qualify for the Career Transition Assistance Program (CTAP). You must be serving on a career or career-conditional appointment, or under a noncompetitive Special Appointing Authority which provides for conversion to a permanent position in the Competitive Service.

Videos

This position will be in GSA, Federal Acquisition Services (FAS), Professional Services and Human Capital (PSHC). The Office of Professional Services and Human Capital Categories (PSHC) is responsible for the strategic leadership, oversight, and management of FAS’s professional services, human capital services, and charge card management programs and contracts.

This position functions as the Information System Security Officer (ISSO) within the Center for Charge Card Management, Office of Professional Services and Human Capital (PSHC), FAS. This ISSO position, in close coordination with GSA OCIO, is responsible for the review and assessment of contractor bank security deliverable against applicable GSA and Federal standards, as well as meeting with contractor banks to discuss a wide range of system security issues, address questions, and assist in problem resolution. The ISSO is also responsible for monitoring and ensuring that the GSA SmartPay (SP) contractors comply with specific GSA IT security requirements and deliverables, as well as the frequency of delivery.

Major duties include, but are not limited to the following:

• In collaboration with the GSA Office of the Chief Information Officer (OCIO), will support the Assessment and Authorization (A&A) process and assist in the review and implementation of the Plan of Action and Milestones (POA&M) from the GSA SP contractor banks.  Absent any major changes in the GSA SP contractor banks’ systems, the A&A is to be conducted once every three years to assess the IT infrastructure within the contractor banks’ GSA SP boundary to ensure the safeguard and protection of government charge card data.

• Outside of the normal A&A process, the GSA SP contractor banks are required to submit certain annual security deliverables as well as quarterly scans to GSA to demonstrate that their EAS is free of vulnerability risks in order to remain in good ATO status. As the ISSO, the incumbent’s primary responsibility is to assess the A&A submission from the contractor banks and conduct ongoing review of the contractor bank’s overall security posture via the annual security deliverables and quarterly scans submission.

• Supports the A&A process and other applicable security requirements as specified by National Institute of Standards and Technology (NIST) and GSA Security Guidance to ensure the GSA SP bank contractors maintain a valid ATO while supporting the GSA SP program.  Specifically, the incumbent assess the A&A documentations, e.g., System Security Plan (SSP), Security Assessment Report (SAR), Privacy Impact Assessment, FIPS 199 Security Categorization, Contingency Plan, Security Incident Response Plan, Penetration Test Results, Vulnerability Scan Results, and other A&A security deliverables, where applicable, such as Continuous Monitoring Plan, Rules of Behavior, and Code Review Report, etc.  In addition the incumbent assesses scan results, identifies vulnerability risks and works with the GSA SP contractor banks to develop POA&M to address the identified vulnerability risks that cannot be resolved immediately.

• Works with contractor banks on any necessary updates and revisions to the A&A documents. Determines the A&A documents to be acceptable, he/she presents findings and recommendations to the GSA SP Information System Security Manager (ISSM) for concurrence and approval.

• Collaborates with the ISSM to secure final review and approval for all Authorization to Operate (ATO) related matters including contractor banks’ proposed mitigation plan and strategy to address the vulnerability risks or requests for deviations from existing NIST or GSA IT security requirements as specified in the GSA SP master contract.

Conditions of employment

• US Citizenship or National (Residents of American Samoa and Swains Island)
• Meet all eligibility criteria within 30 days of the closing date
• Meet time-in-grade within 30 days of the closing date, if applicable
• Register with the Selective Service if you are a male born after 12/31/1959

If selected, you must meet the following conditions:

Qualifications

For each job on your resume, provide:

• the exact dates you held each job (from month/year to month/year)
• number of hours per week you worked (if part time)

If you have volunteered your service through a National Service program (e.g., Peace Corps, Americorps), we encourage you to apply and include this experience on your resume.

For a brief video on creating a Federal resume, click here. 

The GS-14 salary range starts at $122,198 per year.  

Applicants applying for the GS-14 grade level must meet the following requirements: Have IT-related experience demonstrating EACH of the four competencies AND one year of specialized experience equivalent to the GS-13 level in the Federal service as described below:

IT SPECIALIST COMPETENCY REQUIREMENTS:

• Attention to Detail - This skill is generally demonstrated by assignments where the applicant investigates and evaluates “state of the art” technology of the industry.
• Customer Service - This skill is generally demonstrated by assignments where the applicant confers with users to evaluate the effectiveness of, or identify the need for, computer programs or management systems.
• Oral Communication - This skill is generally demonstrated by assignments where the applicant persuades others to take a particular course of action or to accept findings, recommendations, changes, or alternative viewpoints.
• Problem Solving - This skill is generally demonstrated by assignments where the applicant identifies and accommodates technology and resource constraints.

SPECIALIZED EXPERIENCE REQUIREMENTS: Specialized experience is experience identifying IT system control vulnerabilities, risks and protection needs; resolving issues and problems involving IT systems security; implementing information system security policies, standards and guidelines; and, providing technical advice, comments and recommendations to management officials on security requirements.

How you will be evaluated

You will be evaluated for this job based on how well you meet the qualifications above.

You will be scored on the questions you answer during the application process, which will measure your possession of the following competencies or knowledge, skills, and abilities.  Your responses to these questions must be supported by your resume or your score may be lowered.  

• Mastery of knowledge of information technology security application within the Federal Government to advise client agencies in the analysis of complex mission requirements and applying information technology security in efficiently and effectively meeting these requirements.
• Comprehensive analytical skills to apply a wide range of qualitative and/or quantitative methods for assessment and improvement of INFOSEC program effectiveness.
• Expert knowledge of the IT Security area of specialization, its governing laws, regulations, methodologies and/or policies to provide sound and authoritative technical guidance on all issues related to the assigned program.
• Comprehensive analytical skills to apply a wide range of qualitative and/or quantitative methods for assessment and improvement of INFOSEC program effectiveness.
• Knowledge of project management principles, methods, and practices including developing plans and schedules, estimating and reporting on accomplishments.

Additional hurdle assessments, such as narrative responses or other assessments, may be administered to applicants who meet the requirements of the first hurdle, e.g., the minimum qualification requirements. If additional assessments are used, you will be provided with further instructions.

Consideration will be given to performance appraisals and incentive awards in merit promotion selection decisions in accordance with 5 CFR 335.103(b)(3). You should list any relevant performance appraisals and incentive awards in your resume so that information will be taken into consideration during the selection process.  If selected, you may be required to provide supporting documentation.

If you are eligible under GSA’s Career Transition Assistance Plan (CTAP), you must receive a score of 85 or higher to receive priority.