This position is located at the NCUA in the Office of the Chief Information Officer (OCIO). The primary purpose of the position is to manage the OCIO's cybersecurity risk function for the agency, including processes to identify, assess, measure, manage, monitor, and report risks.

Duties

As the IT Cybersecurity Program Director your responsibilities will include: Providing subject matter expertise on IT risk assessment management. Participating in and providing expertise in the Risk Governance process in managing, reviewing, developing, and revising information and security policies and procedures to ensure the agency's information security risk, compliance, and assurance efforts conform with security, resilience, and dependability requirements at the software application, system, and network environment levels. Directing the provision of accurate technical evaluations of the software application, system, or network, documenting the security posture, capabilities, and vulnerabilities against relevant risk compliance. To include evaluating the current system security posture and ensures the confidentiality, availability, and integrity of the IT systems is in full compliance with the Federal Information Security Modernization Act (FISMA), related National Institute of Standards and Technology (NIST) standards, and the agency IT security policies and standards. Overseeing the development and maintenance of technical security configuration baselines that are minimally acceptable for use across the agency. Monitoring the IT system for major and critical risks ensuring that adequate attention and action is taken. To include managing the process to elevate controlled risks to more senior levels when appropriate. Communicating the value of IT security to stakeholders throughout all levels of the NCUA, including the Cybersecurity Steering Committee, Enterprise Risk Management Council, Information Technology Oversight Council. Providing authoritative guidance in security audits, security reviews, and risk assessments. Maintains and tracks results of audit findings from the FISMA reviews, develops contingency plans for realized risks, and ensures appropriate mitigation actions are taken to resolve any discrepancies that may be noted. Directing the Security Authorization team and Security Assessment and Test function to ensure appropriate assessment and assurance activities are undertaken to establish confidence in existing controls. Serving as a second-level supervisor and providing direction, instructions, guidance, and technical oversight to the staff through supervisor(s). Keeping abreast of changes in cybersecurity technology, tools, and methodologies through active engagement in continuous learning, including independent formal study and research, and informal technical reading and study.

Requirements

• You must be a U.S. Citizen.
• A probationary period may be required.
• This position is telework eligible.
• Supervisory probationary period may be required if not previously served.
• Drug testing is required.
• Financial disclosure is required.
• Must be able to obtain and maintain a Top Secret/SCI clearance.

Qualifications

You must meet the qualifications and the basic requirements (as described below) for this position by the closing date of this announcement. Applicants must possess IT related experience demonstrating EACH of the four IT Specialist competencies AND one year of specialized experience as described below: 1. Attention to Detail - Is thorough when performing work and conscientious about attending to detail. 2. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; and is committed to providing quality products and services. 3. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. 4. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. Specialized Experience Statement: To qualify for the CU-15 level, you must have one full year of experience equivalent to the CU/GS-14 level in federal service (obtained in either the public or private sectors.) This experience must include all of the following: 1. Developing and implementing security controls and continuous monitoring; 2. Identifying IT security emerging threats, risks, and vulnerabilities to maintain compliance and safeguard the organization's information and IT resources; and 3. Leading a team consisting of IT security professionals. The ideal candidate will possess the following certification: Certified Information Systems Security Professional (CISSP) You must meet the qualifications for this position by the closing date of this announcement. Experience statements (i.e., duties, specialized experience, or occupational assessment questionnaire) copied from this announcement and pasted into your resume will not be considered as a demonstration of your qualifications for this position. YOUR RESUME MUST provide specific details as to how your experience meets the specialized experience and competencies, as well as support your responses to the online questionnaire as described in the vacancy announcement. When describing your experience in your resume, please be specific. We will not make assumptions regarding your experience. Please ensure that your resume includes the grade (if you are a current or previous federal employee), month, and year that you began and ended for each position held or that position may not be credited toward meeting the specialized experience requirement. Full-time employment will be assumed unless otherwise stated on your resume. Part-time employment will be prorated in crediting experience. Failure to provide details will result in an ineligible rating.Your resume must also support your responses to the online questionnaire. Failure to provide support may result in a lower rating and/or you may be excluded from consideration. Your latest resume submitted for this vacancy announcement will be used to determine qualifications and supersedes previous submissions. Please note: Under the provisions of the Direct-Hire Authority, veterans' preference does not apply. Applicants who meet the minimum qualifications and the basic requirements and who are otherwise eligible to apply for this position, may be referred for selection consideration. Traditional rating and ranking of applications does not apply.

Education

Education may not be used in lieu of experience for this opportunity.

Contacts

• Address National Credit Union Administration 1775 Duke Street Alexandria, VA 22314 US
• Name: Jasmin Sneed
• Phone: (703) 548-2799
• Email: [email protected]