IT Specialist (INFOSEC) GS-2210-14, FPL 14 (Direct Hire)

Full Job Description

This position is located in the U.S. Department of Education (ED), Federal Student Aid (FSA), Office of the Chief Technology Officer.

The Office of the Chief Technology Officer is responsible for providing IT services to all FSA systems and promoting the effective and secure use of technology to achieve FSA's strategic objectives through sound planning, investments, integrated technology architectures and standards, effective systems development, production support, and cybersecurity services.

Minimum Qualification Requirements You may meet the minimum qualifications for the GS-14, if you possess the specialize experience, education, or a combination of the two.

Specialized Experience for the GS-14 One year of experience in either federal or non-federal service that is equivalent to at least a GS-13 performing two (2) out of three (3) of the following duties or work assignments: 1.

Experience supporting risk assessment efforts during the Security Assessment and Authorization process. 2.

Experience in ensuring Plans of Actions and Milestones (POA&Ms) are processed in a timely manner and remediation plans are in place for identified vulnerabilities. 3.

Experience supporting successful implementation and functionality of security requirements and information technology (IT) policies and procedures consistent with an organization's mission and goals.

Basic Experience Requirements You must possess IT related experience (paid or unpaid experience and/or completion of specific, intensive training (e.g., IT certification), as appropriate) demonstrating each of the four competencies listed below.

1. Attention to Detail - Is thorough when performing work and conscientious about attending to detail. 2.

Customer Service - Works with clients and customers (i.e., any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.

3.

Oral Communication - Expresses information (e.g., ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (e.g., technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.

4. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.

Knowledge, Skills, and Abilities (KSAs) The quality of your experience will be measured by the extent to which you possess the following knowledge, skills and abilities (KSAs).

You do not need to provide separate narrative responses to these KSAs, as they will be measured by your responses to the occupational questionnaire (you may preview the occupational questionnaire by clicking the link at the end of the Evaluations section of this vacancy announcement).

1. Knowledge of risk management processes (e.g., methods for assessing and mitigating risks). 2.

Knowledge of cybersecurity and privacy principles; cyberthreats and vulnerabilities; impacts of cybersecurity lapses; encryption algorithms; and applicable business processes of operations of customer organization.

3. Knowledge of vulnerability information dissemination sources (e.g.

alerts, advisories, errata and bulletins); incident response and handling methodologies; and industry standard and organizationally accepted analysis principles and methods. 4.

Ability to integrate information security requirements into the acquisition process using applicable baseline security controls as one of the sources for security requirements; ensuring a robust software quality control process; and, establishing multiple sources (e.g., delivery routes for critical system elements).

5. Skill in researching, choosing, interpreting, modifying, and applying available guidelines for adaptation to specific problem or issues. Major Duties:

APPLICATION LIMIT: This vacancy announcement is limited to the first 100 applications received and will close at 11:59PM Eastern Time on the day that we receive the 100th application, or at 11:59PM Eastern Time on the listed closing date, whichever occurs first.

We encourage you to read this entire vacancy announcement prior to submitting your application.

As a Information Technology Specialist (INFOSEC) GS-2210-14, you will be responsible for: • Oversees the implementation of information technology (IT) security controls and security authorization documents; and assures the system is compliant with mandated security policies and requirements.

• Provides technical recommendations for all Risk Assessments conducted for the system or site.

• Provides security analysis of IT activities to ensure that appropriate security measures are in place and being enforced.

• Ensures that plans of action and milestones [POA&Ms], or remediation plans, are in place and timely processed for vulnerabilities identified during risk assessments, audits, inspections, etc.

• Recognizes a possible security violation and takes appropriate action to report the incident as required.

• Supervises or manages protective or corrective measures when a cybersecurity incident when a vulnerability is discovered.

• Supports necessary compliance activities (e.g., ensures that system security configuration guidelines are followed and compliance monitoring occurs.

• Ensures that all acquisitions, procurements and outsourcing efforts address information security requirements consistent with organizational goals.

• Continuously validates the organization against policies/ guidelines/ procedures/ regulations/ laws to ensure compliance.

• Define and/or implement policies and procedures to ensure protection of critical infrastructure as appropriate. • Recommends policy and coordinates review and approval.