Job opening: IT Specialist (INFOSEC)
Salary: $114 676 - 194 949 per year
Relocation: YES
Published at: Oct 23 2023
Employment Type: Full-time
The FHFA Office of Inspector General (FHFA-OIG) is responsible for, among other things, conducting audits, investigations, and other activities of the programs and operations of FHFA, and recommending polices that promote economy and efficiency in the administration of, and prevent and detect fraud, waste, and abuse in, FHFA's programs and operations.
Duties
The position is in the Office of Audit, as an IT Auditor-in-Charge team performing highly technical audits of IT systems programs and practices.
As an IT Specialist (INFOSEC), you will:
- Lead various teams in ensuring highly technical and complex audits of IT systems and information systems security programs and practices conform to applicable professional standards and FHFA OIG policy. Prepare proposals for future audits of aforementioned systems, programs, and practices. Conduct and/or review pre-audit and evaluation research of any prior audits reports, as well as related laws, regulations, policies, and procedures. Working with the IT Audit Manager and IT Audit Director, develop plans for assigned audits within the established scopes, and lead teams in the development of technical procedures and steps needed to accomplish audit objectives. Assign tasks and provide technical and administrative guidance to team members. Serve as liaison with auditee representatives.
- Conduct and/or participate in briefings with OA and auditee management to discuss issues, status of audits, outcomes of testing, and audit results. Prepare and/or review audit reports and supporting documentation prepared by team members ensuring compliance with applicable professional standards and OIG policy. Monitor implementation of corrective actions recommended in audit reports. Participate in preparing responses to Congressional requests, and in preparing summaries of Congressional hearings.
- Exercise responsibility for leading assigned teams, including assignment of audit tasks based on individual experience and specific knowledge and skills in IT security. Specifically, lead teams in conducting audits IT systems and information systems security programs and practices to determine the degree of management effectiveness, operating efficiency, economy, and security with which auditees' systems are operating; lead vulnerability assessments and penetration tests to identify security vulnerabilities, causes of systems weaknesses, and identify instances of lack of compliance with IT security requirements; and perform analysis of vulnerabilities and risks and make recommendations to improve security measures and countermeasures to mitigate IT security risks: lead audits of disaster recovery exercises to identify weaknesses in continuity of operations and make recommendations for ensuring the safeguarding of information systems and their availability in the event of a disaster.
- Review work products prepared by team members to ensure accuracy and sufficiency of support for identified weaknesses in IT systems security and information systems program and practices, and compliance with applicable professional standards and FHFA OIG policy. Provide on-the-job training on use of electronic audit documentation system and audit tasks such as interviewing, testing, program and system processes observation, and report writing. Provide input to the Supervisory IT Specialist (Audit Manager) on team members' performances and any recommended formal training for team members.
- As a Contracting Officer's Representative (COR) in the event an audit is contracted, perform technical contracting functions, including drafting statements of work (SOWS), preparing cost estimates, and developing technical standards of performance. Participate in procurement technical evaluation panels to evaluate bids.
Qualifications
The experience may have been gained in either the public, private sector or volunteer service. One year of experience refers to full-time work; part-time work is considered on a prorated basis. To ensure full credit for your work experience, please indicate dates of employment by month/day/year and indicate number of hours worked per week on your résumé.
You must meet the following requirements by the closing date of this announcement.
Specialized experience: For the EL-13, you must have one year of specialized experience at a level of difficulty and responsibility equivalent to the EL/GS-12 grade level in the Federal service. For this position, specialized experience is defined as: demonstrated experience, and applying, Federal Information Security Modernization Act, Office of Management and Budget (OMB) Circular No. A-130, Appendix III, and National Institute of Standards and Technology (NIST) standards and guidelines when conducting performance audits over information technology/cyber security, in accordance with generally accepted government auditing standards (GAGAS) or equivalent non-federal auditing standards and guidelines.
In addition to specialized experience, individuals must have IT-related experience demonstrating each of the four competencies listed below:
A. Attention to Detail - Is thorough when performing work and conscientious about attending to detail.
B. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.
C. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.
D. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendation.
Education
This job does not have an education qualification requirement.
Map