This position is located in the Division of Information Technology (DIT), Chief Information Officer Organization (CIOO), of the Federal Deposit Insurance Corporation (FDIC) and provides support in the areas of information systems, information security, and privacy programs. Additional selections may be made from this vacancy announcement to fill identical vacancies that occur subsequent to this announcement.

Duties

Conducts assessments of controls, threats and vulnerabilities, determine deviations from acceptable configurations, enterprise or local policy, assesses the level of risk, and develop and/or recommend appropriate mitigation countermeasures in all situations. Plan and conduct cybersecurity assessment and authorization activities as systems are deployed to production for the first time and after they are transitioned to continuous monitoring. Develop assessment and authorization strategies, concepts, processes for managing cybersecurity risks through DevSecOps methods. Review assessment and authorization documents and artifacts to confirm that the level of risk is within acceptable limits for each software application, system, and network. Develop cybersecurity compliance processes and/or assessments for external services (e.g., cloud service providers, external data centers). Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risks. Provide input to the Risk Management Framework process activities and related documentation (e.g., security categorization worksheets, system security plans, configuration management plans, business impact analysis, contingency plans, concept of operations, operational procedures, maintenance training materials, security categorization worksheets, configuration management plans). Verify that controls are implemented as stated, any deviations and gaps are documented, and required actions to correct those deviations are tracked through Plan of Action and Milestones (POA&Ms). Ensure that POA&Ms or remediation plans are in place for vulnerabilities identified during security and privacy control assessments, audits, inspections, and etc.

Requirements

Qualifications

Qualifying experience may be obtained in the private or public sector. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g. Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic, religious spiritual; community; student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience.  Additional qualifications information can be found here.   To qualify, applicants must have completed at least one year of specialized experience equivalent to at least the 13-grade level or above in the Federal service.  Specialized experience is defined as: experience developing solutions to integration/interoperability issues; designing, developing, and assisting with managing IT security systems that meet current and future business requirements; and providing advice on solutions on issues that comply with federal security requirements and guidance while meeting current and future business requirements. Use of Selective Placement Factor - If there is a selective placement factor(s), include the following statement as part of the qualification requirements: “In addition to the qualification requirements listed above, you must also meet the following selective placement factor to be considered eligible for this job. The selective placement factor is defined as: You must have Information Technology (IT)-related experience which demonstrates proficiency in each of the following competencies: • Attention to Detail - Is thorough when performing work and conscientious about attending to detail. • Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. • Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. • Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.

Education

There is no substitution of education for the experience for this position.

Contacts

• Address Federal Deposit Insurance Corporation FDIC Human Resources Branch 3501 Fairfax Drive HRB (PA-1730-5007) Arlington, Virginia 22226 United States
• Name: [email protected]
• Phone: 571-629-0740
• Email: [email protected]