DIRECT HIRE AUTHORITY: This position is being filled through the office of Personnel Management's (OPM) Government-Wide Direct-Hire Authority for this occupation and is open to all U.S. Citizens. Since the Direct-Hire Recruitment Authority is being used, traditional Veterans' Preference rules do not apply. Qualified Veterans will, however, be given full consideration for this position.

Duties

This position is located within the Department of the Interior, Bureau of Safety and Environmental Enforcement (BSEE), Tehnical Services Division, Information Security Branch in Sterling, VA.. At the full performance level (GS-14) the major duties of this position include, but are not limited to the following: 1. Ensures confidentiality, integrity, and availability of systems, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information system security program policies, procedures, and tools within and across the enterprise. 2. Develops policies, plans, and procedures to ensure the continued reliability, security and accessibility of systems, network, and data infrastructure. Leads Departmental deployment of security systems technologies for a variety of administrative, financial, technical and security applications; and provides authoritative input on all matters pertaining to security services. Promotes the awareness of cybersecurity issues ensuring sound security principles and assures appropriate project and resource integration are documented and justified. 3. Leads efforts to develop, implement, and manage long and short-term IT security plans in compliance with the bureau's security and IT strategic plan to ensure information security programs and procedures are aligned with the Department's IT security program. 4. Evaluates the impact of new cybersecurity guidance on current programs and recommends changes to existing policies and processes to ensure compliance and responsiveness. Provides expert advice, counsel, and instruction to senior management on cybersecurity issues and conducts decision-type briefings, as required, to perform missions and achieve goals and objectives. Reviews and analyzes existing processes; and recommends to senior management improvements, new workflows, and revised business models. 5. Reviews and evaluates security policies to determine impact and implements corrective actions; ensuring the rigorous application of information security/information assurance policies, principles, and practices in the delivery of all IT services. 6. Evaluates and implements security products, procedures and/or requirements to ensure systems meet applicable integrity requirements. Participates in network and systems design initiatives to ensure implementation of appropriate systems security policies. Adjusts program guidelines in response to changing technologies. Applies new theories, developments, and procedures to solve processing problems not applicable to standard guidelines or policies. 7. Participates in formal and informal management planning, policy and decision- making sessions regarding legislative changes, technological improvements, and changes in Federal and nonfederal policies and standards are followed during development, implementation and maintenance of security programs. BSEE has determined that the duties of this position are sutiable for telework and may be allowed to telework with supervisor approval. Salary InformationGS-14: $139,395 - $181,216 per annum. This vacancy may be used to fill additional positions as vacancies become available.

Requirements

Qualifications

Selective Placement Factor:This position requires that you hold either the Certified Information System Security Professional (CISSP) Certification or the Certified Information Security Manager (CISM) Certification. Minimum Qualification Requirements: To qualify for this position, you must meet the (1) Basic Requirements AND (2) Specialized Experience for the series to which you are applying. (1) Basic Requirements:Experience must be IT related; the experience may be demonstrated by paid or unpaid experience and/or completion of specific, intensive training (for example, IT certification), as appropriate. GS-5 through GS-15 (or equivalent): For all positions individuals must have IT-related experience demonstrating each of the four competencies listed below. Attention to Detail - Is thorough when performing work and conscientious about attending to detail. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. AND (2) Specialized Experience: To qualify for the GS-14, you must possess at least one full year of specialized experience equivalent to at least the GS-13 grade level in the Federal service, or comparable experience not gained through Federal service. Specialized experience is experience that equipped the applicant with the particular knowledge, skills, and abilities to perform successfully the duties of the position, and that is typically in or related to the work of the position to be filled. Specialized experience is defined as demonstrated experience: 1) applying the National Institute of Standards and Technology (NIST) Risk Management Framework to the full life cycle of an information system; 2) working with Security Control Frameworks such as NIST SP800-53 Rev.5, International Standards Organization (ISO) 27001/27002, Service Organization Controls (SOC) SOC2, or Center for Internet Security (CIS) Critical Security Controls including applying security controls to an enterprise information system and crafting meaningful and applicable implementation statements for both On-Premises and Cloud systems to include reading and interpreting Customer Responsibility Matrices and Control Implementation Summaries; security control selection and tailoring; and continuous monitoring; 3) with third-party cybersecurity auditing and audit response including coordinating artifact collection and advising management on appropriate responses to notices of findings; 4) using an enterprise-level Governance, Risk, and Compliance tool such as Xacta or Cyber Security Assessment and Management (CSAM); and 5) managing information system security documentation and compliance; assessing administrative and technical security controls, interpreting cybersecurity policies and standards; and auditing implementation statements for on-premises and cloud-based systems. MUST MEET ALL. Additional information on the qualification requirements is outlined in the OPM Qualification Standards Handbook of General Schedule Positions and is available at OPM's website: https://www.opm.gov/qualifications/standards/indexes/num-ndx.asp All qualification requirements must be met by the closing date of this announcement.

Contacts

• Address Bureau of Safety and Environmental Enforcement 45600 Woodland Road Sterling, VA 20166 US
• Name: Gerri Sullivan
• Email: [email protected]