You are viewing a preview of this job. Log in or register to view more details about this job.

Supervisory Information Technology Specialist (Security)

Please only apply for position at https://www.usajobs.gov/GetJob/ViewDetails/497123300. Applications will not be accepted on Handshake.


Summary

Make a Career Connection! We are looking for individuals who would like to come to work for a small, independent regulatory agency dedicated to saving lives. We work very hard to protect the public from the unreasonable risk of injury and death from consumer products. Every U. S. Consumer Product Safety Commission (CPSC) employee is proud to be a part of a team that works together to assure that the products you use every day are safe. Consider a position at the CPSC as your career choice.

Join the team! This is an opportunity to join a group of IT professionals taking CPSC's information systems to another level. We're looking for a bright, creative, hard-working individual equally as passionate about protecting CPSC information systems against unauthorized disclosure. The work is demanding and exciting. Consider a position at the CPSC as your career choice.


Responsibilities

The incumbent supervises the agency’s IT security team and oversees the security posture for major agency information systems throughout the entire lifecycle; provides continuous monitoring through scheduled audits, controls testing, and audit reviews, and escalates issues as needed. Reviews the implementation of information technology (IT) security controls and security authorization documents; and ensures information systems are compliant with mandated security policies and requirements. Provides technical recommendations for all risk assessments and vulnerability assessments conducted for information systems or the IT security program. Provides security analysis of IT activities to ensure that appropriate security measures are in place and being enforced. Coordinates security control testing or other audit activities that might occur at/or traverse the system’s infrastructure as part of ongoing security authorizations and security program evaluations. Promotes IT security awareness information to the user community. Oversees and maintains regulatory requirements and participates in configuration management by reviewing changes for security implications.

Additionally, the incumbent will:

  1. Supervise IT security staff performing security assessment & authorization (SA&A) tasks for major agency information systems; this includes coordinating assessments, updating security plans, updating security control implementation information, validating security assessment reports (SAR), etc.; determine deviations from acceptable configurations, enterprise, or local policy; asses the level of risk; and develop and/or recommend appropriate mitigation countermeasures in operational and nonoperational situations.
  2. Manage the plan of action & milestones (POA&M) process for major agency information systems; this includes creating POA&M items for new vulnerabilities, tracking existing POA&Ms, and updating POA&M status information.
  3. Oversee the monitoring of security controls within agency IT systems and/or networks, in accordance with applicable agency policies, NIST guidance, OMB requirements, and federal laws. The incumbent ensures the integrity of agency cybersecurity processes, and protects the privacy of employees and the public.
  4. Oversee the agency’s security operations efforts and manages incident response activities; responds to urgent cybersecurity situations to mitigate immediate and potential threats; ensure IT security staff utilize appropriate incident analysis techniques, procedures, and tools; ensure cyber incidents are thoroughly and appropriately investigated and the proper response actions are taken; ensure cyber incidents are adequately documented and tracked; coordinate incident response activities, where appropriate, with other IT staff, other offices, and external organizations.
  5. Coordinate/collaborate with other agency IT staff on the remediation of identified vulnerabilities; provide cybersecurity guidance to application developers, data management specialists, network engineers, and others involved in the planning, design, implementation, and maintenance of agency applications and information systems; ensure that security is addressed throughout the life cycle of each agency information system.
  6. Develop, implement, and maintain cybersecurity plans, strategies, and policies to support and align with agency cybersecurity initiatives and regulatory compliance.

Requirements

Conditions of Employment

    This appointment requires completion of a one year supervisory probationary period unless you have previously successfully completed a probationary period that meets the following: 1) in the same agency, 2) in the same line of work (determined by the employee’s actual duties and responsibilities) and 3) contains or is followed by no more than a single break in service that does not exceed 30 calendar days. Failure to successfully complete the probationary period may result in termination of employment.

    This is a Public Trust Position. Employment in this position requires a background investigation. If you are selected and cannot obtain a favorable security determination within a reasonable period of time due to disclosed or undisclosed background issues, the tentative employment offer may be withdrawn.

    If you are a male born after December 31, 1959 you must certify that you have registered with the Selective Service System, or are exempt from having to do so under the Selective Service Law. Please see http://www.sss.gov for more information.

    Selectees will be required to complete a "Declaration of Federal Employment", (OF-306), prior to appointment and the appropriate background investigation forms to determine suitability for Federal employment. False statements or responses on these forms can jeopardize your employment opportunity and subject you to disciplinary action, including removal from Federal service.

    Upon appointment, you will be required to complete a Confidential Financial Disclosure Report, OGE-450. You will need to provide the information annually.

    Go through a Personal Identity Verification (PIV) process that requires two forms of identification from the I-9 Form (http://www.uscis.gov/sites/default/files/files/form/i-9.pdf).

    Compare employment eligibility verification from information provided on the I-9 Form to records available to the U.S. Department of Homeland Security. The system confirms employee’s identity and eligibility to work in the United States. Learn more about E-Verify, including your rights and responsibilities.

    Must be a U.S. Citizen.

    Qualifications

    SPECIALIZED EXPERIENCE: Applicants must have 52 weeks of specialized experience equivalent to at least the next lower grade level in the Federal Service. Specialized experience is experience that has equipped the candidate with the particular knowledge, skills, and abilities to perform successfully the duties of the position.

    Applicants must meet the qualifications for this position within thirty (30) days of the closing date of this announcement.

    Qualifying specialized experience must demonstrate the following: 1) experience coordinating agency-level compliance with Federal information security requirements, such as FISMA; 2) experience implementing and managing NIST Risk Management Framework processes; 3) experience implementing and managing incident response and handling methodologies; 4) experience interpreting and applying laws, regulations, policies, and guidance relevant to organization cyber objectives; and 5) experience managing cybersecurity and privacy risks related to the use, processing, storage, and transmission of information or data.

    In addition to the above specialized experience, applicants must also meet the IT-Related proficiency level for all four of the competencies listed below:

    IT related for each compencies:

    Attention to Detail: Is thorough when performing work and conscientious about attending to detail.

    Customer Service: Ability to coordinate cyber operations with other agency functions or support activities.

    Oral communication: Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal means.

    Problem Solving: Ability to interpret and understand complex and rapidly evolving concepts; ability to think critically.

    Evidence of the above specialized experience and IT-related experience must be supported by detailed documentation of duties performed in positions held. Your resume is the key means we have for evaluating your skills, knowledge, and abilities as they relate to this position. Therefore, we encourage you to be clear and specific when describing your experience.

    Education

    There is no substitution for specialized experience at this grade level.


    Required Documents

    Your package must be complete and submitted in the manner specified in this section. Packages that are submitted in any other manner without prior approval from the agency point of contact will not be considered.

    A complete application includes: 1. Resume; 2. Vacancy question responses; and 3. Submission of any required documents. Please note that if you do not provide all required information, as specified in this announcement, you may not be considered for this position (or may not receive the special consideration for which you may be eligible).

    Current and former federal employees: a copy of your most recent SF Form 50, Notification of Personnel Action, that shows: (1) permanent or career-conditional tenure (codes 1 or 2, in block 24), and (2) position occupied in the competitive service (code 1, in block 34). To be considered as a non-competitive eligible candidate, the SF-50 must show the highest grade level or promotion potential level applicant has attained competitively and grade must be equivalent or higher than the grade for which applying. Indicate on your application the highest permanent grade you have held; if this grade is different from your current grade, submit a copy of an additional SF-50 showing this grade.

    All supplemental documents must be submitted electronically before the closing date of this vacancy announcement. You have three choices for submitting your supplemental documents:
    1. Download from your USAJOBS account; or
    2. Upload your file(s); or
    3. Fax using the online Fax Cover Sheet.