Chief Information Security Officer

Full Job Description

The position reports to the Chief Information Officer. The position serves as the SBA's Chief Information Security Officer (CISO) over the SBA's Information Security Office.

The CISO provides management leadership in information security policy and guidance, expert advice, and collaboration with offices, oversight agencies, and the Congress on matters relating to protecting SBA information assets in support of the Agency's trillion-dollar portfolio of small business programs.

Candidates should be committed to improving the efficiency of the Federal government, passionate about the ideals of our American republic, and committed to upholding the rule of law and the United States Constitution.

Candidates will not be hired based on their race, sex, color, religion, or national origin.

To meet the minimum qualification requirements for this position, you must show that you possess the Executive Core Qualifications (ECQ) and Technical Qualifications (TQ) related to this position within your resume - NOT TO EXCEED 2 PAGES.

Resumes over the 2-page limit, will not be reviewed beyond page 2 or may be disqualified.

Your resume should include examples of experience, education, and accomplishments applicable to the qualification(s).

If your resume does not reflect demonstrated evidence of these qualifications, you may not receive consideration for the position.

There is NO requirement to prepare a narrative statement specifically addressing the Executive Core Qualifications (ECQs) or the Technical Qualifications (TQs).

TECHNICAL QUALIFICATIONS (TQs): Your resume should demonstrate accomplishments that would satisfy the technical qualifications.

TQ 1: Enterprise Cybersecurity and Zero Trust: Demonstrated senior leadership of enterprise cybersecurity, FISMA, and Zero Trust for large federal organizations, and results-driven improvements in cyber defense, automation, and risk reduction with objective and quantitative results.

TQ 2: AI, Architecture, Data, Cloud, and Innovation: Demonstrated expert leadership in AI, enterprise architecture, data, and hybrid/multi-cloud, driving secure digital transformation, CX improvement, and innovation through effective communication and partnerships with objective and quantitative results.

EXECUTIVE CORE QUALIFICATIONS (ECQs): In addition to the Technical Qualification Requirements listed above, all new entrants into the Senior Executive Service (SES) under a career appointment will be assessed for executive competency against the following five mandatory ECQs.

If your 2-page resume does not reflect demonstrated evidence of the ECQs and TQs, you may not receive further consideration for the position.

There are five ECQs: ECQ 1: Commitment to the Rule of Law and the Principles of the American Founding - This core qualification requires a demonstrated knowledge of the American system of government, commitment to uphold the Constitution and the rule of law, and commitment to serve the American people.

ECQ 2: Driving Efficiency - This core qualification involves the demonstrated ability to strategically and efficiently manage resources, budget effectively, cut wasteful spending, and pursue efficiency through process and technological upgrades.

ECQ 3: Merit and Competence - This core qualification involves the demonstrated knowledge, ability and technical competence to effectively and reliably produce work that is of exceptional quality.

ECQ 4: Leading People - This core qualification involves the demonstrated ability to lead and inspire a group toward meeting the organization's vision, mission, and goals, and to drive a high-performance, high-accountability culture.

This includes, when necessary, the ability to lead people through change and to hold individuals accountable.

ECQ 5: Achieving Results - This core qualification involves the demonstrated ability to achieve both individual and organizational results, and to align results to stated goals from superiors.

Note: If you are a member of the SES or have been certified through successful participation in an OPM approved SES Candidate Development Program (SESCDP), or have SES reinstatement eligibility, you do not need to respond to the ECQs.

Instead, you should attach proof (e.g., SF-50, Certification by OPM's SES Qualifications Review Board (QRB)) of your eligibility for noncompetitive appointment to the SES. Major Duties:

Provides executive leadership, direction, and oversight for the agency's enterprise-wide cybersecurity strategy, policies, and governance framework to ensure alignment with mission priorities, statutory and regulatory requirements, and Administration policy.

Plans, develops, and manages a comprehensive information security program, including the design and implementation of security architectures, technical and administrative controls, and enterprise security technologies across all systems and networks.

Directs and oversees agency-wide cybersecurity risk management activities, including risk assessments, vulnerability and threat analysis, compliance and reporting (for example, FISMA/NIST), and the prioritization of corrective actions to ensure an acceptable risk posture.

Leads and integrates security operations and incident response capabilities, including 24/7 monitoring, security operations center activities, cyber threat intelligence and hunting, and coordination of response, containment, and recovery efforts for cyber incidents.

Serves as the principal advisor to senior leadership on cybersecurity and risk; manages cybersecurity resources, including budget and workforce; and champions a security-conscious culture through communication, training, and engagement with internal and external stakeholders.