IT Cybersecurity Specialist

Summary DIRECT HIRE AUTHORITY: This position is being filled through the office of Personnel Management's (OPM) Government-Wide Direct-Hire Authority for this occupation and is open to all U.S. Citizens. Since the Direct-Hire Recruitment Authority is being used, traditional Veterans' Preference rules do not apply. Qualified Veterans will, however, be given full consideration for this position. Responsibilities This position is located within the Department of the Interior, Bureau of Safety and Environmental Enforcement (BSEE), Tehnical Services Division, Information Security Branch in Sterling, VA.. At the full performance level (GS-14) the major duties of this position include, but are not limited to the following: 1. Ensures confidentiality, integrity, and availability of systems, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information system security program policies, procedures, and tools within and across the enterprise. 2. Develops policies, plans, and procedures to ensure the continued reliability, security and accessibility of systems, network, and data infrastructure. Leads Departmental deployment of security systems technologies for a variety of administrative, financial, technical and security applications; and provides authoritative input on all matters pertaining to security services. Promotes the awareness of cybersecurity issues ensuring sound security principles and assures appropriate project and resource integration are documented and justified. 3. Leads efforts to develop, implement, and manage long and short-term IT security plans in compliance with the bureau's security and IT strategic plan to ensure information security programs and procedures are aligned with the Department's IT security program. 4. Evaluates the impact of new cybersecurity guidance on current programs and recommends changes to existing policies and processes to ensure compliance and responsiveness. Provides expert advice, counsel, and instruction to senior management on cybersecurity issues and conducts decision-type briefings, as required, to perform missions and achieve goals and objectives. Reviews and analyzes existing processes; and recommends to senior management improvements, new workflows, and revised business models. 5. Reviews and evaluates security policies to determine impact and implements corrective actions; ensuring the rigorous application of information security/information assurance policies, principles, and practices in the delivery of all IT services. 6. Evaluates and implements security products, procedures and/or requirements to ensure systems meet applicable integrity requirements. Participates in network and systems design initiatives to ensure implementation of appropriate systems security policies. Adjusts program guidelines in response to changing technologies. Applies new theories, developments, and procedures to solve processing problems not applicable to standard guidelines or policies. 7. Participates in formal and informal management planning, policy and decision- making sessions regarding legislative changes, technological improvements, and changes in Federal and nonfederal policies and standards are followed during development, implementation and maintenance of security programs. BSEE has determined that the duties of this position are sutiable for telework and may be allowed to telework with supervisor approval. Salary InformationGS-14: $139,395 - $181,216 per annum. This vacancy may be used to fill additional positions as vacancies become available. Requirements Conditions of Employment You must be a U.S. Citizen. You will be subject to a background/suitability investigation/determination. You will be required to have federal payments made by Direct Deposit. You must submit ALL required documents and a completed questionnaire. Selective Service: If you are a male applicant born after December 31, 1959, you must certify that you have registered with the Selective Service system, or are exempt from having to do so under the Selective Service Law. See http://www.sss.gov/. Qualifications Selective Placement Factor:This position requires that you hold either the Certified Information System Security Professional (CISSP) Certification or the Certified Information Security Manager (CISM) Certification. Minimum Qualification Requirements: To qualify for this position, you must meet the (1) Basic Requirements AND (2) Specialized Experience for the series to which you are applying. (1) Basic Requirements:Experience must be IT related; the experience may be demonstrated by paid or unpaid experience and/or completion of specific, intensive training (for example, IT certification), as appropriate. GS-5 through GS-15 (or equivalent): For all positions individuals must have IT-related experience demonstrating each of the four competencies listed below. Attention to Detail - Is thorough when performing work and conscientious about attending to detail. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. AND (2) Specialized Experience: To qualify for the GS-14, you must possess at least one full year of specialized experience equivalent to at least the GS-13 grade level in the Federal service, or comparable experience not gained through Federal service. Specialized experience is experience that equipped the applicant with the particular knowledge, skills, and abilities to perform successfully the duties of the position, and that is typically in or related to the work of the position to be filled. Specialized experience is defined as demonstrated experience: 1) applying the National Institute of Standards and Technology (NIST) Risk Management Framework to the full life cycle of an information system; 2) working with Security Control Frameworks such as NIST SP800-53 Rev.5, International Standards Organization (ISO) 27001/27002, Service Organization Controls (SOC) SOC2, or Center for Internet Security (CIS) Critical Security Controls including applying security controls to an enterprise information system and crafting meaningful and applicable implementation statements for both On-Premises and Cloud systems to include reading and interpreting Customer Responsibility Matrices and Control Implementation Summaries; security control selection and tailoring; and continuous monitoring; 3) with third-party cybersecurity auditing and audit response including coordinating artifact collection and advising management on appropriate responses to notices of findings; 4) using an enterprise-level Governance, Risk, and Compliance tool such as Xacta or Cyber Security Assessment and Management (CSAM); and 5) managing information system security documentation and compliance; assessing administrative and technical security controls, interpreting cybersecurity policies and standards; and auditing implementation statements for on-premises and cloud-based systems. MUST MEET ALL. Additional information on the qualification requirements is outlined in the OPM Qualification Standards Handbook of General Schedule Positions and is available at OPM's website: https://www.opm.gov/qualifications/standards/indexes/num-ndx.asp All qualification requirements must be met by the closing date of this announcement. Education Additional Information Applicants who include vulgar, offensive, or inappropriate language or information in their application package will be ineligible for further consideration for this position. Identification of promotion potential in this announcement does not constitute a commitment or an obligation on the part of management to promote the employee selected at some future date. Promotion will depend upon administrative approval and the continuing need for and performance of higher-level duties. The application contains information subject to the Privacy Act (P.L. 93-579, 5 USC 552a). The information is used to determine qualifications for employment, and is authorized under Title 5, USC, Section 3302 and 3361. Important Note: All Department of the Interior (DOI) employees are subject to the conflict of interest restrictions imposed upon all employees of the Executive Branch of the Federal Government and may be required to file a Financial Disclosure Report. In addition, DOI employees, GS-15 and above, who work in the Office of the Secretary; along with the Bureau of Ocean Energy Management (BOEM) and the Bureau of Safety and Environmental Enforcement (BSEE) employees (at ALL grade levels), are further restricted concerning their interests in Federal lands and resources administered or controlled by the Department of the Interior. This includes holding stock in energy corporations which lease Federal lands (e.g.: oil, gas, coal, alternative energy resources, etc.). If you have any such investments you should contact the DOI, BOEM or BSEE Ethics Office before accepting employment. DOI employees are held to the highest level of integrity. Employees must be objective and impartial in the performance of their work. All potential issues (e.g.: work-related interactions with friends, family members, or previous employers) must be disclosed at the time of application or during the interview process. NOTICE: This employer participates in E-Verify and will utilize your Form I-9 information to confirm you are authorized to work in the U.S.