You will serve as an INFORMATION SYSTEM SECURITY OFFICER (ISSO) in the PLANS & PROGRAMS DIVISION (SP10)/ COMMAND INFORMATION OFFICER BRANCH (SPCIO) of STRATEGIC SYSTEMS PROGRAMS. The Secretary of Defense has ordered a department-wide hiring freeze subject to certain limited exceptions. This position is subject to the DoD hiring freeze. Offers of employment related to this vacancy announcement will not be executed until the position has an approved exemption.
For the NH-04: Your experience must reflect skill in the following areas: 1. Attention to Detail - Is thorough when performing work and conscientious about attending to detail. IT-related experience demonstrating this competency include: reviewing access logs to report suspicious activity. 2. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. IT-related experience demonstrating this competency include: assessing partner requests for application migration and provide recommendations. 3. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. IT-related experience demonstrating this competency include: providing guidance to management, peers and end users. 4. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. IT-related experience demonstrating this competency include: monitoring logs and reports to resolve or escalate detected issues. In addition to my experience demonstrating the four competencies above, I have one year of specialized experience equivalent to the next pay band (NH-3) or grade level (GS-13) in the federal service or equivalent experience in the private or public sector :Executing cybersecurity oversight by conducting risk assessments, validating risk management framework (RMF) controls, and guiding system owners though authority to operate processes to ensure compliance with DoD cybersecurity policies and minimize residual risk. For the NH-03: Your experience must reflect skill in the following areas: attention to detail, customer service, oral communication, and problem solving.one year of information technology related experience in the federal service or private or public sector demonstrating the following four competencies, as defined: 1. Attention to Detail - Is thorough when performing work and conscientious about attending to detail. IT-related experience demonstrating this competency include: reviewing access logs to report suspicious activity. 2. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. IT-related experience demonstrating this competency include: assessing partner requests for application migration and provide recommendations. 3. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. IT-related experience demonstrating this competency include: providing guidance to management, peers and end users. 4. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. IT-related experience demonstrating this competency include monitoring logs and reports to resolve or escalate detected issues. In addition to my experience demonstrating the four competencies above, I have one year of specialized experience equivalent to the next lower pay band (NH-2) or grade level (GS-11) in the federal service or equivalent experience in the private or public sector : Supporting cybersecurity operations by applying risk management framework (RMF) principles, reviewing system security controls, and assisting with risk assessments to maintain compliance and reduce systems vulnerabilities. Additional qualification information can be found from the following Office of Personnel Management website: https://www.opm.gov/policy-data-oversight/classification-qualifications/general-schedule-qualification-standards/2200/information-technology-it-management-series-2210-alternative-a/ OR https://www.opm.gov/policy-data-oversight/classification-qualifications/general-schedule-qualification-standards/2200/information-technology-it-management-series-2210-alternative-b/ . Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., professional, philanthropic, religious, spiritual, community, student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment.
You will monitor and assess the Cybersecurity Program.
You will conduct periodic reviews of information systems to ensure compliance with RMF requirements.
You will conduct cyber risk and strategic analysis.
You will conduct audits of the information system to ensure that CS requirements are being met in accordance with applicable federal laws, RMF controls, SSP policies and SSP procedures.
You will advise the ISSM on CS policies, procedures, issues, threats, incident response, requirements, resources, and solutions.
You will coordinate with external agencies to ensure all external connections meet protection requirements and are documented in the appropriate set of RMF artifacts.