Head of Cybersecurity (CISO)

Full Job Description

The Head of Cybersecurity serves as the Chief Information Security Officer (CISO) for the Social Security Administration (SSA).

The incumbent leads the agency's comprehensive cybersecurity security program, providing strategic direction for the development and implementation of IT security policies, procedures, and operations to protect SSA's information systems and sensitive personal information for millions of Americans.

Candidates should be committed to improving the efficiency of the Federal government, passionate about the ideals of our American republic, and committed to upholding the rule of law and the United States Constitution.

Candidates will not be hired based on their race, sex, color, religion, or national origin. The application process used to recruit for this position is RESUME BASED.

It is important that your resume be complete and thorough, following the requirements outlined below.

As a basic requirement, to meet the minimum qualification requirements for this position, applicants MUST demonstrate progressively responsible leadership experience that is indicative of senior executive level managerial capability and directly related to the skills and abilities outlined under Executive Core Qualifications and Mandatory Professional/Technical Qualifications within their resume - NOT TO EXCEED 2 PAGES.

Resumes over the 2-page limit, will not be reviewed beyond page 2, or may be disqualified.

Your resume should include examples of experience, education, and accomplishments applicable to the qualification(s).

If your resume does not reflect demonstrated evidence of these qualifications, you may not receive consideration for the position.

There is NO requirement to prepare a narrative statement specifically addressing the Executive Core Qualifications (ECQs) or the Technical Qualifications (TQs).

To be considered minimally qualified for this position, candidates must have had responsible professional experience at a senior level (equivalent to the GS-15 in either the General Schedule (GS) or a comparable pay plan).

Typically, experience of this nature will have been gained at or above the GS-15 grade level in the Federal service or its equivalent with state or local government, the private sector, or non-governmental organizations.

Failure to meet this basic qualification requirement and all executive and technical qualification factors automatically disqualifies an applicant.

NOTE: If you are (1) a member of the SES, (2) have been certified through successful participation in an OPM approved SES Candidate Development Program (SESCDP), or (3) have SES reinstatement eligibility, you do not need to respond to the ECQs.

Instead, you should attach proof (e.g., SF-50, Certification by OPM's SES Qualifications Review Board (QRB)) of your eligibility for noncompetitive appointment to the SES.

TECHNICAL QUALIFICATIONS (TQs): Your resume should demonstrate accomplishments that would satisfy the technical qualifications. 1.

Senior level experience leading the development, implementation, and administration of cybersecurity policies and procedures at the enterprise level. 2.

Senior level experience directing cybersecurity controls, risk management processes, and disaster recovery planning for an organization. DESIRABLE QUALIFICATION (DQ): 1.

Senior level experience leading the development and implementation of organization-wide cybersecurity awareness and training programs.

EXECUTIVE CORE QUALIFICATIONS (ECQs): In addition to the Technical Qualification requirements listed above, all new entrants into the Senior Executive Service (SES) under a career appointment will be assessed for executive competency against the following five mandatory ECQs.

If your 2-page resume does not reflect demonstrated evidence of the ECQs, TQs, and DQ, you may not receive further consideration for the position.

There are five ECQs: ECQ 1: Commitment to the Rule of Law and the Principles of the American Founding - Demonstrated knowledge of the American system of government, commitment to uphold the Constitution and the rule of law, and commitment to serve the American people; ECQ 2: Driving Efficiency - Demonstrated ability to strategically and efficiently manage resources, budget effectively, cut wasteful spending, and pursue efficiency through process and technological upgrades; ECQ 3: Merit and Competence - Demonstrated knowledge, ability, and technical competence to effectively and reliably produce work that is of exceptional quality; ECQ 4: Leading People - Demonstrated ability to lead and inspire a group toward meeting the organization's vision, mission, and goals, and to drive a high-performance, high-accountability culture.

This includes, when necessary, the ability to lead people through change and to hold individuals accountable; and ECQ 5: Achieving Results - Demonstrated ability to achieve both individual and organizational results, and to align results to stated goals from superiors.

**Note for Current and/or Former Political Appointees: OPM must authorize any employment offers we make to current or former (within the last 5 years) political Schedule A, Schedule C, or Non-Career SES employees in the executive branch.

If you are currently, or have been within the last 5 years, a political Schedule A, Schedule C or Non-Career SES employee in the Executive Branch, you must disclose that to the Human Resources Office within your application package.

Major Duties:

In addition to advising senior leadership on security matters, ensuring compliance with federal regulations, and collaborating with stakeholders to manage risks and support SSA's technology and business needs, the Head of Cybersecurity/CISO: Oversees the development and implementation of national cybersecurity policies and controls to safeguard sensitive personal information from unauthorized access, breaches, and cyber threats.

They ensure cybersecurity strategy, policies, and standards comply with the Federal Information Systems Management Act, the Privacy Act, guidance from the National Institute of Standards and Technology (NIST) and Office of Management and Budget, other federal requirements (e.g., FedRAMP), and industry best practices.

Provides strategic direction for comprehensive, national cybersecurity operations, including network security, endpoint protection, identity and access management, incident detection and response, and disaster recovery planning.

They provide guidance, direction, and advice on the Continuity of Operations Plan (COOP), incident response, containment, and recovery efforts to minimize potential damage and ensure timely communication with stakeholders.

Directs the design, development, and maintenance of SSA's information security compliance program.

This encompasses the design, development, and maintenance of the information security compliance policy and reviews for data exchange partners, including developing and implementing compliance and monitoring reviews (protocols and oversight), as well as, training and coordination with the data exchange network.

They oversees the Critical Infrastructure Protection Program and ensures secure data exchange with partners through robust compliance and monitoring protocols.

Designs, develops, and maintains SSA's overall information security policy. This encompasses the design, development, and implementation of information security training for SSA.

They develop and implements ongoing cybersecurity training, awareness, and phishing simulation programs for all personnel and contractors.