IT Specialist (INFOSEC)

The Information System Security Officer (ISSO) is a position in the Office of Information Technology (OIT), ITOPS, ESO. In this position, you will support either a VA facility or specified program area of responsibility and reports to either the Information System Security Manager (ISSM) or District Information Security Director (DISD) as the ESO Executive Director deems appropriate.

Qualifications:

To qualify for this position, applicants must meet all requirements when a request is received to fill a vacancy.

Selective Placement Factor: This position includes a skill, knowledge, ability or other worker characteristic basic to -and essential for- satisfactory performance of the job. Selective Placement Factors are a prerequisite to appointment and represent minimum requirements for a position. Applicants who do not meet it are ineligible for further consideration. Evidence of the Selective Placement Factor must be reflected in your resume.

The Selective Placement Factor for this position is: Experience and knowledge in the application of information security guidance and laws pertaining to any of the following: National Institute of Standards and Technology (NIST) Special Publications, Federal Information Processing Standards (FIPS), Federal Information Security Modernization Act of 2014 (FISMA), Risk Management Framework (RMF), DOD Information assurance Certification and Accreditation Process (DIACAP), Sarbanes-Oxley (SOX), SAS-70.

AND

You may qualify based on your education/experience, as described below:

For all grade levels for this position individuals must have IT-related experience demonstrating each of the four competencies listed below.

1) Attention to Detail - Is thorough when performing work and conscientious about attending to detail.

2) Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.

3) Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.

4) Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.

AND

Specialized Experience: You must have one year of specialized experience equivalent to the next lower grade level in the federal service; experience that equipped the applicant with the particular knowledge, skills and abilities (KSA's) and other characteristics to perform successfully the duties of the position, and that is typically in or related to the work of the position to be filled, in the normal line of progression for the occupation in the organization.

GS-11 grade level: One year of specialized experience (equivalent to the GS-9 grade level in the federal service). Specialized experience includes: conducting systems security evaluations and reviews of policy enforcement practices to ensure secure information systems reliability and accessibility; evaluating local Automated Information System (AIS) security program(s) to protect AIS from unauthorized access.

GS-12 grade level: One year of specialized experience (equivalent to the GS-11 grade level in the federal service). Specialized experience includes: developing procedures and conducting systems security evaluations, audits and reviews of policy enforcement practices to ensure secure information systems reliability and accessibility; developing Automated Information Systems (AIS) security contingency plans and disaster recovery procedures as part of a local business continuity team.

OR

Education: Applicants may substitute education for the experience required for the GS-11level. (Transcripts Required)

For the GS-11, you must have a Ph.D. or equivalent doctoral degree; or 3 full years of progressively higher level graduate education leading to a Ph.D. or equivalent doctoral degree.

There is no educational substitution for the GS-12 level.

A transcript must be submitted with your application if you are basing our qualifications on education.

Note: Undergraduate and graduate degrees must be in computer science, engineering, information science, information systems management, mathematics, operations research, statistics, or technology management or degree that provided a minimum of 24 semester hours in one or more of the fields identified above and required the development or adaptation of applications, systems or networks. (Transcripts Required)

Experience - Experience must be IT related; the experience may be demonstrated by paid or unpaid experience and/or completion of specific, intensive training (for example, IT certification), as appropriate.

Such experience is typically gained in the IT field or through the performance of work where the primary concern is IT.

Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religions; spiritual; community; student; social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience.

Note: A full year of work is considered to be 35-40 hours of work per week. Part-time experience will be credited on the basis of time actually spent in appropriate activities. Applicants wishing to receive credit for such experience must indicate clearly the nature of their duties and responsibilities in each position and the number of hours a week spent in such employment. For more information on these qualification standards, please visit OPM's web site at http://www.opm.gov/qualifications/standards/indexes/alph-ndx.asp.

Responsibilities:

This position is primarily aligned to the following NICE Cybersecurity Workforce Framework work roles:

• OPM Cyber Code 722 - Information Systems Security Manager

For more information about these work roles, where they fit within the larger Cyber Workforce, and how they can support your unique career journey, please visit the Cyber Career Pathways tool on the National Initiative for Cybersecurity Careers and Studies website: https://niccs.us-cert.gov/workforce-development/cyber-career-pathways


This is not a bargaining unit position

Please read this public notice in its entirety prior to submitting your application.

Vacancies may not presently exist but may become available at any point during the opening period of this vacancy announcement. We will not review applicant resumes until there is a request to fill a vacancy.

You are applying to a public notice to fill current and future vacancies. Please note, there may or may not be actual/projected vacancies when you submit your application. Your resume and any supporting documentation will be retained with other applicants and reviewed as vacancies occur. You will not receive a notice regarding your application's status other than the initial acknowledgment until a request is received to fill a position.

This announcement will remain open until December 30, 2022. The cut-off date is April 5, 2022 or at the point at which the first 100 applications are received, whichever comes first. Applications submitted after April 5, 2022 may not receive consideration. In addition, due to the potential of a high volume of applicants, not all applicants may receive consideration. After the initial cut-off period, once a request to fill a vacancy is received, applications will be reviewed in increments of 100 applications in date order.

Note: Submitting multiple applications will change the order in which your application is reviewed. We will refer qualified applicants to the selecting official for consideration. The organization's hiring need will determine the referral of additional applicants. Applicants will be notified about their application's status if referred or if we fill all vacancies.


Work Schedule: Monday - Friday 8:00am - 4:30pm
Compressed/Flexible Schedule: Not Available
Telework: Available
Virtual: This is not a Virtual position
Position Description Title/PD#: IT Specialist (INFOSEC)/ PD06024A and PD06047A
Relocation/Recruitment Incentives: Not Authorized
Financial Disclosure Report: Not Authorized
Physical Demands: The work is primarily sedentary in nature. No special physical demands are required to perform the work.

Promotion Potential: The selectee may be promoted to the full performance level without further competition when all regulatory, qualification, and performance requirements are met. Selection at a lower grade level does not guarantee promotion to the full performance level.

Major Duties:

• Actively participate in network and systems design to ensure implementation of viable systems security policies and procedures
• Conduct systems security evaluations, audits and reviews; and develop Automated Information Systems (AIS) security contingency plans and disaster recovery procedures, as part of the local business continuity team
• Monitor and track controlled access programs to ensure implementation and viability of appropriate systems security policies, as well as the acquisition of IT security tools
• Investigate local AIS programs to identify possible breach of security and/or other violations
• Conduct vulnerability analysis and risk assessment studies of planned and installed information systems to assure that local AIS security plans and policies established are adequate for protection needs and comply as required by statute