IT CYBERSECURITY SPECIALIST (INFOSEC)

Full Job Description

Defense Finance and Accounting Services (DFAS) mission is to lead the Department of Defense (DoD) in finance and accounting by ensuring the delivery of efficient, exceptional quality pay and financial information.

We are seeking a visionary Principal Cyber Strategy and Risk Lead to serve as the lead technical authority and engine for modernizing our agency's cybersecurity landscape.

This senior GS-14 role is for a proactive leader who will sustain and evolve our cybersecurity programs, with a primary focus on evolving our Risk Management Framework (RMF) to ensure successful financial management system audits.

The ideal candidate will apply their deep technical expertise to engineer more secure systems from the ground up, establish authoritative enterprise-wide standards, and act as a principal advisor to leadership on cybersecurity strategy and risk.

Resumes for federal government positions need more detailed work descriptions and accomplishments than a typical private sector resume.

Please be sure to clearly describe the full scope of your work experiences in your resume.

Basic Requirement: Applicants must have IT-related experience demonstrating the following competencies appropriate to, or above, the level of this position.

Your resume and work experience should clearly support your ability to meet these competencies and will be evaluated as part of the entire application process.

Attention to Detail - Is thorough when performing work and conscientious about attending to detail.

Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.

Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.

Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.

In addition to the Basic Competency Requirements listed above, one year of specialized experience equivalent in level of difficulty and responsibility to that of the next lower grade GS-13 in the federal service, which demonstrates the ability to perform the duties of the position, is required.

Specialized experience is defined as leading enterprise-level cybersecurity programs AND providing direct oversight and governance for a complex Risk Management Framework (RMF) process.

This experience must include developing cybersecurity policy and advising senior leadership on risk.

Volunteer Experience: Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual, community, student, social).

Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates to paid employment.

You will receive credit for all qualifying experience, including volunteer experience.

You may qualify for consideration if meeting time-in grade, specialized experience, education requirement, 90 days after competitive appointment requirement, and all other qualification requirements within 30 calendar days after the closing date of the announcement, unless otherwise indicated on the announcement.

We may use this announcement to fill additional vacancies within 90 days of the closing date. Major Duties:

• Evolve and manage the agency's RMF program, providing expert-level guidance to ensure it remains effective, efficient, and aligned with emerging threats and methodologies.
• Develop and enforce all enterprise cybersecurity standards, directly supporting financial system audits by ensuring RMF documentation and processes meet stringent compliance requirements.
• Establish and manage a risk-based oversight program for RMF.
• Conduct targeted reviews of high-impact systems, new deployments, and a representative sample of authorization packages to identify systemic risks and enforce quality standards across the enterprise.
• Serve as the primary cybersecurity liaison to the enterprise architect, security architect and IT acquisition teams.
• Ensure all new technologies, cloud services, and system designs have security requirements integrated from the beginning to streamline future authorization efforts.
• Act as a principal cybersecurity advisor to the CISO and other senior leaders.