Chief Information Security Officer

Full Job Description

The General Services Administration is actively seeking top-tier talent for our Senior Executive Service (SES).

We are hiring a new Chief Information Security Officer (CISO) who will join GSA IT's executive team and bring a passion for improving government services through technology.

We have streamlined our recruitment process which will require you to submit an online resume (not-to-exceed 2 pages) to apply for this position.

All applicants must meet the Mandatory Technical Competency and Executive Core Qualification requirements listed below to be eligible for consideration.

Eligibility will be based on a clear demonstration that the applicant's training and experience are of the scope, quality and level of responsibility sufficient to successfully perform the duties and responsibilities of this executive position.

Note: Your 2-page resume must show possession of the Mandatory Technical Competencies (MTCs) and the Executive Core Qualifications (ECQs) listed below; please do not address the MTCs nor ECQs through submission of separate narrative responses- written narratives will not be reviewed for consideration.

MANDATORY TECHNICAL COMPETENCIES: Demonstrated experience leading enterprise cybersecurity transformation and large-scale cybersecurity implementation including advancement of Dev/Sec/Ops and Zero Trust principles for new and emerging technologies (e.g.

AI, quantum), modern technologies (e.g.

cloud, low code/no code, open software, agile delivery), and legacy technology, data, infrastructure, and network environments in various stages of modernization.

Demonstrated experience working with technology and non-tech executives, IT and cybersecurity professionals, and non-technical representatives in government and/or private sector to continuously improve cybersecurity services and products to achieve strategic business goals and enhance business performance.

EXECUTIVE CORE QUALIFICATIONS (ECQs): 1.

Commitment to the Rule of Law and the Principles of the American Founding- This core qualification requires a demonstrated knowledge of the American system of government, commitment to uphold the Constitution and the rule of law, and commitment to serve the American people.

2.

Driving Efficiency - This core qualification involves the demonstrated ability to strategically and efficiently manage resources, budget effectively, cut wasteful spending, and pursue efficiency through process and technological upgrades.

3. Merit and Competence - This core qualification involves the demonstrated knowledge, ability and technical competence to effectively and reliably produce work that is of exceptional quality. 4.

Leading People - This core qualification involves the demonstrated ability to lead and inspire a group towards meeting the organization's vision, mission and goals, and to drive a high-performance, high-accountability culture.

This includes, when necessary, the ability to lead people through change and to hold individuals accountable 5.

Achieving Results- This core qualification involves the demonstrated ability to achieve both individual and organizational results, and to align results to stated goals from superiors. Major Duties:

The Chief Information Security Officer oversees the development and implementation of GSA's comprehensive cybersecurity strategy, ensuring alignment with agency mission, federal mandates, and emerging threat landscape Provides executive leadership and strategic direction for enterprise-wide cybersecurity transformation, including Zero Trust Architecture implementation, DevSecOps integration, and secure-by-design principles.

Serves as the principal advisor to the CIO, Administrator, and senior leadership on cybersecurity risk management, emerging technologies (AI, quantum computing), and innovative security solutions.

Provides broad leadership and direction to ensure effectiveness and efficiency of GSA's enterprise cybersecurity program encompassing cloud, hybrid, and legacy environments across all regions, services, staff offices, and Agency products and related services.

The CISO manages and oversees functions to drive optimization of the entire cybersecurity stack and cyber supply chain, ensuring secure integration of modern technologies including low-code/no-code platforms, agile delivery methods, and automated security controls.

Provides broad oversight of GSA wide functions to ensure efficiencies in the continuous monitoring, threat detection, and incident response capabilities that enable rapid adaptation to evolving cyber threats.

The CISO champions cybersecurity transformation initiatives that enhance business performance while maintaining security posture, including evaluation and implementation of emerging security technologies.

Ensure the success in change management efforts implemented to modernize cybersecurity processes, integrate DevSecOps practices and to ensure the effective implementation of automated security controls throughout the software development lifecycle.

Manages high level functions to ensure GSA IT and business teams adopt modern development and cybersecurity best practices that deliver business value faster and more securely.

Manages and provides oversight to ensure effectiveness in implementing new prototypes, innovative and transformative cybersecurity tooling, operations and practices.