Job opening: IT SPECIALIST (INFOSEC)
Salary: $137 960 - 238 592 per year
Published at: Aug 02 2023
Employment Type: Full-time
The Technology Controls Program within the Division of Examinations is hiring an SK-2210-14 IT Specialist (INFOSEC) - Cybersecurity Risk Analyst in either Chicago, IL or Washington, DC. This position will serve as the lead subject matter expert for assessing cybersecurity risk to capital markets and investors.
Duties
At the SEC, we are committed to diversity, equity, inclusion and accessibility (DEIA) and value a workforce that reflects the diverse experiences and perspectives of the communities we serve. As such, we welcome applications from qualified individuals of all backgrounds who share our commitment to public service.
The Division of Examinations' mission is to protect investors, ensure market integrity and support responsible capital formation through risk-focused strategies that: (1) improve compliance; (2) prevent fraud; (3) monitor risk; and (4) inform policy. The results of the Division's examinations are used by the SEC to inform rule-making initiatives, identify and monitor risks, improve industry practices and pursue misconduct.
If selected, you will join a well-respected team in the Technology Controls Program that has primary responsibility for oversight and technology examinations of self-regulatory organizations as well as for broker-dealers and investment advisers.
As the Cybersecurity Risk Analyst you will serve as the lead subject matter expert supporting the Cybersecurity Program Office in assessing risks to capital markets and investors. Typical duties would include:
Serve as an alternate CyberWatch contracting officer's representative with ongoing engagement in monitoring compliance with SEC Regulation SCI and other cybersecurity related rules.
Provide expert technical and analytical support to the Cybersecurity Program Office engaging in the review and evaluation of cybersecurity events impacting the national exam program and external markets cyber incident response plans.
Produce reports and briefs on the current threat landscape and associated risks by documenting threat assessments, vulnerability analyses, and other risk assessments.
Conceive and implement new initiatives and projects to strengthen, facilitate, and integrate programs.
Requirements
- You must be a US Citizen.
- Application procedures are specific to this vacancy announcement. Please read all the instructions carefully. Failure to follow the instructions may result in you not being considered for this position.
- Supplementary vacancies may be filled in addition to the number stated in this announcement.
- This position has promotion potential to the SK-14.
- PROBATIONARY PERIOD: This appointment may require completion of a one-year probationary period.
- SECURITY CLEARANCE: Entrance on duty is contingent upon completion of a pre-employment security investigation. Favorable results on a Background Investigation may be a condition of employment or selection to another position.
- DRUG TESTING: This position may be subjected to drug testing requirements.
- PERMANENT CHANGE OF STATION (PCS): Moving/Relocation expenses are not authorized.
- DIRECT DEPOSIT: All Federal employees are required to have Federal salary payments made by direct deposit to a financial institution of their choosing.
- This position is in the collective bargaining unit.
- This position is eligible to request telework in accordance with the SEC 's telework policy.
- Existing Participants in the SEC?s Remote Telework Program are eligible to apply for this position. If selected, management will evaluate and communicate whether the position will allow for continued participation in Remote Telework.
- Typical Examiner Travel: Examination staff routinely travel to the offices of registered entities to conduct on-site inspections of facilities, to meet with and interview entity personnel, and to examine certain business records.
- The announcement will close after receipt of the 200th application or on the close date, whichever comes first.
Qualifications
All qualification requirements must be met by the closing date of this announcement.
Qualifying experience may be obtained in the private or public sector. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community, student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience.
BASIC REQUIREMENT:
Applicant must possess IT related experience demonstrating each of the four competencies:
Reviewing work to ensure it is in line with established standards or to identify deficiencies (Attention to Detail);
Collaborating with customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to identify their information technology needs or to resolve their hardware and software problems (Customer service);
Explaining technical information orally to non-technical audiences (Oral Communication); and
Evaluating alternatives to recommend solutions to hardware or software problems (Problem Solving).
MINIMUM QUALIFICATION REQUIREMENT: In addition to meeting the basic requirement, applicants must also meet the minimum qualification requirement.
SK-14: Applicant must have at least one year of specialized experience equivalent to the GS/SK-13 level:
Applying IT principles and practices in accomplishing project assignments that include securing and analyzing information technology systems; AND
Making recommendations regarding the adequacy or security of information technology systems;
AND one of the following:
Conducting audits or assessments related to systems security, networks, and software designs for potential security risks; OR
Performing risk assessments of and/or leading information security operations and IT project management governance processes.
Contacts
- Address Division of Examinations
100 F Street NE
Washington, DC 20549
US
- Name: ask HR
- Email: [email protected]