This is a Direct Hire Authority (DHA) solicitation utilizing the DHA for Information Technology Management (INFOSEC) to recruit and appoint qualified candidates to positions in the competitive service. About the Position: This position is located in the Chief Information Office, US Army War College, Carlisle Barracks, PA.

Duties

Serve as the Information System Security Manager (ISSM) for the US Army War College Oversee the command Cyber Security program Provide technical and procedural advice to the CIO and the Authorizing Official (AO) Offer guidance to any contracted service providers Drive the Information Assurance (IA) Program across various domains including security management, software security, Cloud Security, IT equipment security, procedural security, data communications security, and AIS media security. As the key leadership figure, foster a proactive approach towards comprehensive system security. Lead the planning, development, implementation, and maintenance of CIO programs, policies, and procedures. Aim to protect the integrity and confidentiality of automated systems, networks, and data across platforms such as computers, cloud environments, on-premises systems, networks, databases, and websites. Govern and monitor the application of the DoD Risk Management Framework (RMF) for the Army War College networks. Ensure the currency of AIS accreditation statements and initiate re-accreditation processes proactively when security-impacting changes occur. Regularly lead the review of risk assessments and analyze potential vulnerabilities. Take responsibility for maintaining system accreditation and developing an alert system to identify events that necessitate re-accreditation. Head the assembly of required documentation to process Approval to Operate/Connect networks. Utilize expert judgment to make informed recommendations for approval/disapproval to the Authorizing Official (AO). Lead the evaluation and assurance of secure configuration of cloud-based technologies. Take ownership of the design and development of both on-premises and cloud-based information systems, ensuring they align with Department of Defense (DOD) and Army IA requirements. Champion the development and implementation of system security contingency plans and data recovery procedures. Lead the team towards a resilient system architecture that can withstand potential security threats. Oversee rigorous network resource monitoring and scanning using approved Army scanning and security tools. Ensure the network is used in accordance with applicable Army and DoD directives, promoting a culture of compliance and vigilance. Conduct periodic reviews and assessments to identify vulnerabilities, confirm compliance, and prepare detailed reports on findings. Use leadership position to drive corrective actions and improve the overall security posture of the organization. Serve as an expert-level resource for tools such as the Enterprise Mission Assurance Support Service (eMASS), Army Training Certificate Tracking System (ATCTS), and Assured Compliance Assessment Solution (ACAS). Manage, review, and audit the technical work of the Information Assurance Network Manager, the Information Assurance Network Officer, and other CIO personnel involved in Information System Security. Enforce that all information management systems are operated, maintained, and updated according to higher authority regulations, ensuring the organization meets all regulatory requirements and stays ahead of the evolving cyber threat landscape.

Requirements

• Appointment may be subject to a suitability or fitness determination, as determined by a completed background investigation.
• Must be able to obtain and maintain a TOP SECRET security clearance.
• Must comply with the Drug Testing Program requirements (pre-employment testing and random testing after appointment).
• May be required to work weekends, evenings, and/or holidays to support the mission.
• May be required to be on-call after normal duty hours to support the mission.
• This is a Mission Essential position.
• Must possess an IAM III Certification CISSP (or associate) or CISM or GSLC or CCISO or CASP+ upon entry.
• Required to satisfactorily complete the appropriate training and obtain the required certification/recertification for this position as outlined in DoD Publication 8570.01-M.

Qualifications

Who May Apply: US Citizens In order to qualify, you must meet the experience requirements described below. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community; student; social). You will receive credit for all qualifying experience, including volunteer experience. Your resume must clearly describe your relevant experience. Basic Requirement for IT Specialist (INFOSEC): Specialized and Other Experience: One year of specialized experience which includes 1) Conducting detailed analysis of security requirements for new systems or modification to existing systems; 2) designing security solutions and recommending countermeasures to mitigate risks; 3) recommending changes to meet evolving cybersecurity requirements as they apply to existing systems and servers. This definition of specialized experience is typical of work performed at the next lower grade/level position in the federal service (GS-12). The specialized experience must include, or be supplemented by, information technology related experience (paid or unpaid experience and/or completion of specific, intensive training, as appropriate) which demonstrates each of the four competencies, as defined: (1) Attention to Detail - Is thorough when performing work and conscientious about attending to detail. Examples of IT-related experience demonstrating this competency include: completing thorough and accurate work independently, even in the most difficult or stressful situations; occasionally reviewing work completed by others. (2) Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. Examples of IT-related experience demonstrating this competency include: resolving routine and non-routine problems, questions, or complaints; developing and maintaining strong, mutually supportive working relationships with customers; conducting evaluation of support to determine quality of services and customer satisfaction, and recommending procedural changes based on customer need or changes in policy and/or regulation. (3) Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. Examples of IT-related experience demonstrating this competency include: convincingly conveying complex information to customers; presenting thoughts that are well-organized and demonstrating confidence in the facts and ideas; adjusting style when working with individuals with different levels of understanding; using various methods to explain and convey information. (4) Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. Examples of IT-related experience demonstrating this competency include: solving complex or sensitive problems by developing and proposing strategic alternatives; identifying possible conflicts and shared benefits; helping team anticipate problems and identifying and evaluating potential sources of information; providing feedback and coaching to others to help solve problems; engaging appropriate stakeholders when developing solutions in order to understand and incorporate multiple perspectives and needs; evaluating the effectiveness of decisions and adjusting future decisions as appropriate. You will be evaluated on the basis of your level of competency in the following areas: Communications Security ManagementCybersecurityInformation AssuranceInformation Systems/Network SecurityInformation Technology Configuration Management

Education

Some federal jobs allow you to substitute your education for the required experience in order to qualify. For this job, you must meet the qualification requirement using experience alone--no substitution of education for experience is permitted.

Contacts

• Address DQ-APF-W2H6AA US ARMY WAR COLLEGE DO NOT MAIL Carlisle, PA 17013 US
• Name: Army Applicant Help Desk