Who may apply: Current, permanent DoD Federal Civilian Employees in the competitive service, eligible Defense Cyber Excepted Service Employees, eligible Priority Placement Program DoD Military Spouse Preference applicants and current DoD VRA employees. Position is located in IT DIR OFFICE, ACCOUNTING SRVCS, NAVY MARINE CORPS FINANCE AND ACCOUNTING SYSTEMS, ZTCCA This job announcement may be used to fill similar positions on other teams in the I&T Directorate.

Duties

Serve as the Information Systems Security Manager (ISSM) responsible for implementing, executing, and evaluating financial information system security and cybersecurity programs according to DFAS directives. Apply Information Technology (IT) security principles, methods, and security products to design, protect, and maintain the Confidentiality, Integrity, Availability, and Accountability (CIA) of financial Information System resources. Analyze operating and application systems software using various techniques to identify security vulnerabilities. Prepare and maintain complex RMF submission documents for initial and continuing formal accreditation. Develop and maintain a comprehensive financial system cybersecurity program, including cybersecurity architecture, requirements, objectives, policies, personnel, processes, and procedures. Review IT and control systems programs for compliance with cybersecurity plans, policies, and alignment with business and mission requirements. Modify IT and control systems plans and policies to adapt to changes in business or mission requirements, processes, legislation, or regulatory requirements. Conduct risk and vulnerability assessments of DFAS financial information systems to identify associated vulnerabilities, risks, and protection needs. Perform risk management, security, and contingency planning in accordance with the Risk Management Framework (RMF) program. Implement a Cybersecurity training and education program to ensure all users understand and comply with cybersecurity requirements in accordance with applicable regulations and safeguards. Conduct internal audit functions related to risk management. Proficient in applying IT security principles and methods to safeguard Information System resources and analyze software for security vulnerabilities. Expertise in preparing and maintaining RMF submission documents, developing comprehensive cybersecurity programs, and reviewing IT systems for compliance is essential. Capable of adapting policies to meet evolving business or mission requirements and conducting risk and vulnerability assessments.

Requirements

• Must be a U.S. Citizen or National
• Registered for Selective Service (males born after 12-31-1959)
• Suitable for Federal employment
• Time after Competitive Appointment: Candidates must have served 3 months after latest competitive appointment in the Federal service.
• This national security position, which may require access to classified information, requires a favorable suitability review and security clearance as a condition of employment. Failure to maintain security eligibility may result in termination.
• Time in Grade Requirement - see the Qualifications field below for more details.

Qualifications

Basic Requirement: Applicants must have IT-related experience demonstrating the following competencies appropriate to, or above, the level of this position. For vacancies below the full-performance level of the position, the basic requirement will be evaluated on a developmental basis. Your resume and work experience should clearly support your ability to meet these competencies and will be evaluated as part of the entire application process. Attention to Detail - experience reviewing my own information technology-related work or data and have been asked by others to review their work or data to ensure accuracy, completeness, and consistency with standards. Customer Service - experience maintaining relationships with customers, assessing current information technology needs of customers, and developing or identifying information technology products and services that are tailored to meet customer needs. Oral Communication - briefing mid-level management and IT staff on the status of information technology systems, projects, or daily operations, including the communication of technical information to a non-technical audience. Problem Solving - identifying alternatives to address complex information technology-related issues by gathering and applying information from a variety of sources that provide a number of potential solutions. One year of specialized experience equivalent in level of difficulty and responsibility to that of the next lower grade (GS-11) within the federal service, which demonstrates the ability to perform the duties of the position, is required. Specialized Experience is defined as: ensuring compliance with regulations, monitoring risk management framework (RMF), identifying weaknesses and evaluating procedures and systems; implementing cybersecurity training programs, risk management, contingency planning, and internal audit functions in alignment with the Risk Management Framework (RMF). Time-in-Grade: Current or former federal employees who have held a GS position in the preceding 52 weeks, must meet the time in grade requirement. Applicant must have served 52 weeks as a GS-11 or higher grade in Federal Service. You may qualify for consideration if meeting time-in grade, specialized experience, education requirement, 90 days after competitive appointment requirement, and all other qualification requirements within 30 calendar days after the closing date of the announcement, unless otherwise indicated on the announcement.

Education

Education is not substitutable for specialized experience at the GS-12 grade level.

Contacts

• Address DFAS - INFO AND TECHNOLOGY DIR OFFICE 4800 Mark Center Drive Alexandria, VA 22350 US
• Name: HR Customer Care Center
• Phone: (317) 212-0454
• Email: [email protected]