This announcement is issued under the Direct Hire Authority (DHA) to recruit for positions for which there is a critical hiring need. Selectee(s) will receive a career or career-conditional appointment in the competitive service and may be required to serve a one-year probationary period. Who May Be Considered: U.S. Citizens View common definitions of terms found in this announcement.

Duties

The National Risk Management Center (NRMC) serves as the Nation's center for critical infrastructure risk analysis. NRMC provides critical analytical support to CISA's mission to understand, manage, and reduce risk to the cyber and physical infrastructure Americans rely on every day. NRMC is looking for candidates who are interested in analyzing critical infrastructure risk; promoting a shared understanding, prioritization and mitigation of those risks; and collaborating with partners on risk assessments. In this position, you will serve as an IT Cybersecurity Specialist (INFOSEC). At full performance level, typical work assignments include: Developing cyber indicators to maintain awareness of the status of the highly dynamic operating environment. Collecting, processing, analyzing, and disseminating cyber threat/warning assessments. Leading, coordinating, communicating, integrating, and assuming accountability for the overall success of the program, ensuring alignment with CISA and DHS enterprise priorities. Conducting research to maintain and expand knowledge and understanding of the operations of assigned sectors, National Critical Functions (NCFs), technologies, and initiatives. Providing, on an ongoing basis, analysis and support for key CISA and NRMC efforts including Committee on Foreign Investment in the United States (CFIUS), Federal Acquisition security Council (FASC), NCFs, requests for information (RFIs), incident management, and requests from Sector Risk Management Agencies (SRMAs) for specific analytic products to support their requirements. Analyzing cyber and physical defense policies and configurations and evaluates compliance with regulations and organizational directives. Providing recommendations to leadership regarding the selection of cost- effective security controls to mitigate risk.

Requirements

Qualifications

To be considered minimally qualified for this position, you must demonstrate that you have the required experience for the respective grade level in which you are applying: EXPERIENCE: Experience must be Information Technology (IT)-related; the experience may be demonstrated by paid or unpaid experience and/or completion of specific, intensive training (for example, IT certification), as appropriate. You must have IT-related experience demonstrating each of the four competencies listed below: Attention to Detail - Is thorough when performing work and conscientious about attending to detail. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. AND SPECIALIZED EXPERIENCE: In addition to meeting the qualification requirement listed above, you must have at least one year of specialized experience at the next lower GS-grade level (or equivalent). Specialized experience is experience that has equipped you with the particular competencies/knowledge, skills, and abilities to successfully perform the duties of the position and is typically in or related to the work of the position to be filled. Such experience is typically gained in the IT field or through the performance of work where the primary concern is IT. GS-13 You qualify for the GS-13 grade level if you have at least one (1) year of specialized experience at the GS-12 grade level (or equivalent) performing the following duties: Providing expert technical advice, guidance and recommendations on critical IT issues. Applying interrelationships and interdependencies of multiple IT specialties, sector areas, new and emerging IT technologies, and agency/organization architecture to develop long-range plans for IT security. Applying program management principles to lead, coordinate, integrate, and be accountable for program success and align with agency and enterprise priorities. Developing plans and schedules, estimating resource requirements, defining milestones and deliverables, monitoring activities and evaluating and reporting on accomplishments. Developing analytic products which identify and evaluate cyber and physical infrastructure risks to National Critical Functions and critical infrastructure sectors. Performing risk assessments, developing insights, and sharing insights to improve an organization's risk management posture. GS-14 You qualify for the GS-14 grade level if you have at least one (1) year of specialized experience at the GS-13 grade level (or equivalent) performing the following duties: Providing expert technical advice, guidance and recommendations to management on critical IT and sector/infrastructure issues. Advising on and performing IT acquisition/procurement requirements and project management practices. Utilizing risk management processes and cyber threats and vulnerabilities to perform impact and risk assessments and develop insights about an organization's threat environment and how to mitigate risk. Developing analytic products which identify cyber and physical infrastructure risks to national critical functions and critical infrastructure sectors. Utilizing operations security and cyber decision-making processes in developing or recommending analytic approaches or solutions to problems for which information is incomplete or for which no precedent exists. Utilizing oral and written communication techniques to communicate complex technical requirements and present briefings to senior management officials on complex or controversial issues. National Service Experience (i.e., volunteer experience): Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community, student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience. All qualification requirements must be met by the closing date of this announcement.

Education

Some federal jobs allow you to substitute your education for the required experience in order to qualify. For this job, you must meet the qualification requirement using experience alone--no substitution of education for experience is permitted.

Contacts

• Address Cybersecurity and Infrastructure Security Agency 1616 N. Fort Myer Dr. CISA-FMD Stop 0380 Arlington, VA 20598-0380 US
• Name: Amber Whitlock
• Phone: 202-679-6196
• Email: [email protected]