Clarification from the agency

Special Authorities: Other miscellaneous authorities & Veterans - Only VEOA eligibles

• Develops high level plans, techniques, and measurable objectives to improve the development of cybersecurity and privacy measures and practices in meeting goals and objectives of the agency and to protect sensitive information.
• Make decisions that are data driven and recommend solutions that measure cybersecurity and privacy protection performance.
• Works in collaboration with the CISO in developing a comprehensive cybersecurity strategy for the agency, including leveraging DNFSB's cybersecurity and privacy program as a mission enabler, and creating performance measures for the DNFSB cybersecurity and privacy program.
• Provides leadership and managerial direction to subordinate staff responsible for providing information security management and the rigorous application of cybersecurity/information assurance policies, principles, and practices in the delivery of planning and management services to all components of the enterprise.
• Provides policy guidance to staff through the discussion of overall specific problems, which may be precedent setting, extremely complex, and/or very unusual.
• Develops and maintains information security guidelines, policies, plans and procedures ensuring effective conduct of assigned missions, functions, and operations of the bureau/office.
• Ensure compliance with federal regulations: FISMA, NIST SP 800-53, OMB Guidance, and agency-specific policies. Support audits and inspections: provide evidence, respond to findings, and ensure corrective actions are completed.
• Monitor day-to-day security operations: track incidents, review audit logs, and ensure operational security procedures are followed.
• Conduct vulnerability management: Perform or oversee scanning, patching, log reviews, and remediation.
• Prepare and maintain documentation: Maintain SSPs, POA&Ms, risk assessments, and other required artifacts.

Conditions of employment

• US Citizenship is required.
• Suitable for Federal employment, determined by background investigation.
• Must pass a drug screening.
• Direct Deposit of pay is required.
• Selective Service registration required for male applicants, unless exempt.
• Status candidates must meet time-in-grade (see Qualifications).

Qualifications

Basic Qualifications for IT Specialist (INFOSEC) position(s)You must possess IT-related experience demonstrating each of the four competencies listed below. (You must have IT-related experience demonstrating each of these four competencies on your resume, if you do not, you will be rated ineligible for further consideration.):

Attention to Detail - Is thorough when performing work and conscientious about attending to detail.

Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.

Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.

Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.

In addition to the four competencies above, you must meet the following:

Specialized Experience Requirement: At the GS-14 level, you must meet the following qualification: Must have at least one (1) full year of specialized experience equivalent to at least the next lower grade level (GS-13) in the Federal Service that has given you the particular knowledge, skills and abilities required to successfully perform the duties the position. Specialized experience for this position is defined as: Managed information technology (IT) security projects that require extensive knowledge of IT hardware/software technology; Prepared IT systems documentation to support system certification/accreditation in accordance with FISMA, FedRAMP, and/or other Federal guidelines or regulations; Provided technical guidance and interpretation of IT cybersecurity policies, processes and procedures and privacy guidance for the management and protection of agency information and assets, including the protection of personally identifiable information (PII), controlled unclassified information (CUI), and other sensitive information that is received, transmitted, and stored in information systems; Led the development of system security plans, privacy threshold assessments, plans of actions & milestones (POA&M) and other documentation to support system authorization activities; Developed scenarios in support of disaster recovery, contingency planning, breach response and other annual exercises; Monitored and evaluated system compliance with IT security requirements; and Assisted in IT-related audits, such as the annual FISMA audit.

Only experience and education obtained by the closing date of this announcement will be considered.

Time-In-Grade Requirement:
Current career or career-conditional employees of the Federal government, or former career or career-conditional employees, who have a break in service of less than one year, are required to meet the time-in-grade restriction of one year of Federal experience at the next lower grade, with few exceptions outlined in 5 CFR 300.603(b).

Selective Placement Factor
This position requires a current and valid certification in order to be found qualified. Please provide a current and valid copy of one (1) of the three (3) certifications below in your application package. Failure to provide a current and valid copy of the certification will result in loss of consideration.

• ISACA Certified Information Systems Security Professional (CISSP); or
• ISACA Certified Information Security Manager (CISM); or
• ISACA Certified Information Systems Security Officer (CISSO).

How you will be evaluated

You will be evaluated for this job based on how well you meet the qualifications above.

You will be evaluated based on how well you meet the qualifications listed in this vacancy announcement. Your qualifications will be evaluated based on your application materials (e.g., resume, supporting documents), the responses you provide on the application questionnaire, and the result of the USA Hire Competency Based Assessment(s) required for this position (if applicable). You will be assessed on the following competencies (knowledge, skills, abilities, and other characteristics):

Note: Duplicative competencies indicate that the competency is being assessed in both the Assessment Questionnaire and additional assessment.

• Accountability
• Attention to Detail
• Customer Service
• Decision Making
• Flexibility
• Influencing/Negotiating
• Information Security Policies, Practices, Programs and Techniques
• Integrity/Honesty
• Interpersonal Skills
• Learning
• Reading Comprehension
• Reasoning
• Security Architecture, Compliance and Risk Management
• Self-Management
• Stress Tolerance
• Teamwork
• Technical Competency – Information System Security
• Technical Competency – Information Systems / Network Security
• Technical Competency – Information Systems Security Certification