This position is located in the Information Security Awareness Office (ISAO), Office of the Chief Information Officer (OCIO), Office of the Director, National Institutes of Health, (NIH), U.S. Department of Health and Human Services, (DHHS). This position functions as the technical lead for risk management and is recognized as Subject Matter Expert (SME) for NIH and the ISAO team on risk management functions and activities.

Duties

Provides expert technical guidance to the NIH CIO (Chief Information Officer), Deputy CIO, NIH CISO (Chief Information Security Officer), and Deputy CISO on risk management functions. Assesses overall NIH compliance with risk management plans and policies, as well as alignment with business requirements. Develops and modifies risk management policies and processes to respond to changes in the organization's business requirements and processes and/or changes in policy or regulatory requirements. Supports efforts to develop, implement, and manage long and short-term information security plans for risk management. Participates in formal and informal management planning, policy, and decision-making sessions regarding legislative changes, technological improvements, and changes in Federal and non-Federal policies and standards for risk management. Conducts a variety of Information Systems Security related studies, security plans, reviews, risk assessments and contingency planning for risk management throughout NIH. Leads and participates in the NIH risk management program as a member to identify and mitigate cybersecurity and risk management risks in support of the NIH's objectives, strategy, and mission.

Requirements

• U.S. Citizenship requirement or proof of being a U.S. National must be met by closing date.
• Employment is subject to the successful completion of a background investigation, verification of qualifications, completion of onboarding forms, submission of required documents, and any other job-related requirement before or after appointment.
• Applicants must meet all qualification requirements by the closing date of this announcement.
• Males born after December 31, 1959 must be registered with the Selective Service.

Qualifications

In order to qualify for the IT Specialist (INFOSEC), GS-2210-14 position, you must have IT related experience demonstrated by paid or unpaid experience obtained in either the private or public sector, and/or completion of specific, intensive training that demonstrates that you possess each of the following four competencies: Attention to Detail - Is thorough when performing work and conscientious about attending to detail; Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services; Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately; Problem Solving - identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. AND You must demonstrate in your resume that you have at least one (1) year of qualifying specialized experience equivalent to at least the GS-13 level in the federal service obtained in either the private or public sector typically gained in the IT field or through performing the following types of tasks: Performing IT-related security policy compliance reviews and evaluations of information systems and computer systems to determine the adequacy of security; Recommending the development of policies, objectives, standards, and procedures concerning information security and management improvement activities; Evaluating commercial and publicly available security tools used for: system monitoring and intrusion detection, system scanning, authentication, access control, and encryption and configuration management; Advising on the vulnerability management aspects of an organization-wide security program; AND consulting with stakeholders on the resolution of difficult problems during the process of design and implementation of systems or projects. You will receive credit for all experience material to the position, including experience gained in religious, civic, welfare, service, and organizational activities, regardless of whether you received pay. Do not copy and paste the duties, specialized experience, or occupational assessment questionnaire from this announcement into your resume as that will not be considered a demonstration of your qualifications for this position. Preview assessment questionnaire before you apply: https://apply.usastaffing.gov/ViewQuestionnaire/12322502

Education

This job does not have an education qualification requirement.

Contacts

• Address National Institutes of Health 6701 Rockledge Drive Bethesda, MD 20892 US
• Name: Jeanira Johnson
• Email: [email protected]