Serves as a Security Control Assessor (SCA) for the Enterprise Assessment Service (EAS) Team within the Cyber Security and Privacy Division (CSPD) Service Line. You will provide oversight to daily work performed by contractor SCAs, conduct risk management framework assessments, and advise on risk mitigation. As part of the EAS team you will conduct enterprise assessments across NASA, briefing leaders on risk posture, and advising on continuous monitoring and cybersecurity posture improvements.

Duties

Duties described below are at the full-performance level. Duties assigned at a lower grade level will be of more limited scope, performed with less independence and limited complexity; duties will be commensurate with the grade of selected employee. Conduct Risk Management Framework (RMF) security control assessment activities resulting in authorization decisions. Review contractor led RMF security control assessments. Provide weekly feedback to Enterprise Assessment Services (EAS) Lead pertaining to all assessment activities performed and overseen. Collaborate with NASA IT system security plan stakeholders in order to address their requirements, identify assessment services continuous improvement opportunities, concerns, and challenges. Participate in EAS meetings across NASA to promote community outreach for the Cybersecurity Enterprise Assessment Service. Analyze current IT security/cybersecurity assessment processes and make recommendations to the EAS Lead on potential areas of improvement. Foster a culture of engagement, diversity, inclusiveness, excellence and innovation. Champion NASA's commitment to Diversity, Equity, Inclusion and Accessibility to create an environment that promotes a commitment to safety, integrity, and teamwork.

Requirements

• This position is open to U.S. citizens, nationals or those who owe allegiance to the U.S.
• Position subject to pre-employment background security investigation or higher-level clearance. Investigation/Clearance may differ and be required based on the duties/location-NASA Center requirements.
• You must meet qualifications requirements by the closing date of this announcement.
• This position may require a one-year probationary period.
• Financial Disclosure, Drug Testing, and/or the Travel Requirements for this position may differ and be required based on the duty location/NASA Center requirements.
• Selected applicant(s) must be assigned to a duty location listed on the announcement.

Qualifications

Specialized experience is experience that has equipped you with the particular ability, skill, and knowledge to successfully perform the duties of this position and is typically in or related to this line of work. You may meet the basic requirements through substitution of education for experience. To qualify for the GS-11, you must have: a) One year of directly related specialized experience equivalent to the GS-09 level: Applying National Institute of Standards and Technology (NIST) - Based Risk Management principles, methods and practices to analyze IT systems and identify deficiencies or risks; Participating in or conducting systems security evaluations, assessments audits, or reviews, escalating issues as needed to senior staff/management and proposing corrective actions; Working collaboratively on a team and across functional lines to coordinate and deliver IT security/cybersecurity mission services and solutions to stakeholders. OR b) Completed all requirements for a Ph.D. degree or equivalent doctoral degree with (1) a major in computer science, engineering, information science, information systems management, mathematics, operations research, statistics, or technology management OR (2) a major that provided a minimum of 24 semester hours in one or more fields of computer science, engineering, information science, information systems management, mathematics, operations research, statistics, or technology management, and that required the development or adaptation of applications, systems, or networks. OR c) Completed 3 full academic years of progressively higher-level graduate education leading to a Ph.D. degree or equivalent doctoral degree with (1) a major in computer science, engineering, information science, information systems management, mathematics, operations research, statistics, or technology management OR (2) a major that provided a minimum of 24 semester hours in one or more of fields of computer science, engineering, information science, information systems management, mathematics, operations research, statistics, or technology management, and that required the development or adaptation of applications, systems, or networks. To qualify for GS-12, you must have one year of directly related specialized experience equivalent to the GS-11 level: Conducting National Institute of Standards and Technology (NIST) - Based Risk Management Framework security control assessments, identifying corrective actions to mitigate IT security/cybersecurity control deficiencies, documenting assessment results and conducting post-assessment briefings; Providing guidance and support to IT Specialists performing work on NIST-based risk management framework; Performing NIST-Based risk or vulnerability assessments of planned or installed information systems to identify vulnerabilities, risks, or protection of systems related to Cloud, Information Technology systems and networks, Operational Technologies, External Risk Management Framework Assessments, or Internet of Things. AND IF you are qualifying based on experience, you MUST also have IT-related experience demonstrating each of the four competencies listed below: Attention to Detail - Is thorough when performing work and conscientious about attending to detail. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. Your resume must include a clear and detailed narrative description, in your own words, of how you meet the required specialized experience. Experience statements copied from a position description, vacancy announcement or other reference material constitutes plagiarism and may result in disqualification and losing consideration for the job.

Education

If you are using education completed in the United States to meet the qualification requirements, your degree must have been awarded from a college or university that is accredited by a recognized accrediting organization. For a list of schools that meet this criteria, go to http://ope.ed.gov/accreditation/.

If you are using education completed in foreign colleges or universities to meet the qualification requirements, you must show that the education credentials have been evaluated by a private organization that specializes in interpretation of foreign education programs. These education credentials must be deemed equivalent to that gained in an accredited U.S. education program; or full credit has been given for the courses at a U.S. accredited college or university. For further information, visit: https://www2.ed.gov/about/offices/list/ous/international/usnei/us/edlite-visitus-forrecog.html.

All degrees must have been received in the year of, or any year subsequent to the original date of accreditation.

Contacts

• Address NASA Headquarters 300 E St SW Washington, DC 20546 US
• Name: NASA Shared Services Contact Center
• Phone: 1-877-677-2123
• Email: [email protected]