This position is in the Data Breach Response Service (DBRS), Office of Information Technology (OIT), Department of Veterans Affairs (VA). The incumbent will develop, maintain, and administer a highly complex information security program that provides oversight to ensure that VA promptly identifies and responds appropriately to Privacy and Security related breaches involving Protected Health Information (PHI), Personally Identifiable Information (PII) and Sensitive Personal Information (SPI).
To qualify for this position, all qualification requirements must be met by the closing date of this announcement 08/22/2025. Time-In-Grade Requirement: Applicants who are current Federal employees and have held a GS grade any time in the past 52 weeks must also meet time-in-grade requirements by the closing date of this announcement. For the GS-14 position you must have served 52 weeks at the GS-13. The grade may have been in any occupation, but must have been held in the Federal service. An SF-50 that shows your time-in-grade eligibility must be submitted with your application materials. If the most recent SF-50 has an effective date within the past year, it may not clearly demonstrate you possess one-year time-in-grade, as required by the announcement. In this instance, you must provide an additional SF-50 that clearly demonstrates one-year time-in-grade. Applicants must meet all requirements when a request is received to fill a vacancy. You may qualify based on your experience as described below: Basic Requirements Experience: Experience must be IT related; the experience may be demonstrated by paid or unpaid experience and/or completion of specific, intensive training (for example, IT certification), as appropriate. For all positions individuals must have IT-related experience demonstrating each of the five competencies listed below. The employing agency is responsible for identifying the specific level of proficiency required for each competency at each grade level based on the requirements of the position being filled. Attention to Detail - Is thorough when performing work and conscientious about attending to detail. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. AND Specialized Experience: You must have one year of specialized experience equivalent to at least the next lower grade GS-13 in the normal line of progression for the occupation in the organization. Specialized experience is defined as: extensive knowledge and expertise in privacy and security incident response, federal privacy regulations (including HIPAA), IT project management, risk assessments, policy development, and strategic planning. Applicants must have experience collaborating with cross-functional teams and providing high-level guidance to senior management, as well as demonstrating a proven ability to manage and implement effective breach mitigation strategies. Applicants should possess existing knowledge or prior experience with Privacy or Information Security incident response processes at VA and have a background or experience in privacy and/or information security actions specific to the protection of VA and Veteran data. The ideal candidate would be a former Privacy Officer, Information Systems Security Officer, or have prior experience working with or for the VA Data Breach Response Service (DBRS). A candidate with experience as a Contracting Officers Representative (COR) at Level 3 or higher, with prior experience managing IT contracts is preferred. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religions; spiritual; community; student; social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience. Note: A full year of work is considered to be 35-40 hours of work per week. Part-time experience will be credited on the basis of time actually spent in appropriate activities. Applicants wishing to receive credit for such experience must indicate clearly the nature of their duties and responsibilities in each position and the number of hours a week spent in such employment. Veterans and Transitioning Service Members: Please visit the VA for Vets site for career-search tools for Veterans seeking employment at VA, career development services for our existing Veterans, and coaching and reintegration support for military service members.
OIT Mission: The mission of the Office of Information and Technology (OIT) is to collaborate with our business partners to create the best experience for all Veterans. OIT Vision: To become a world-class organization that provides a seamless, unified Veteran experience through the delivery of state-of-the-art technology. Major Duties: Performs specialized and complex information security work with includes conducting and executing studies/projects that have Federal regulations, public laws, directives, handbooks and other mandates regarding major department policy implications and providing management with information necessary for decision-making and long-range planning. Operates as a team member of a resource base that supports core security program functions and crosscutting initiatives and advises senior management on information security issues. Plans, directs and coordinates a unified organizational position on information security as it relates to Privacy and Security related breaches involving Protected Health Information, Personally Identifiable Information, and Sensitive Personal Information. Partners to share information, develop positions related to Privacy and Security issues, develops security products, such as policies/directives, and responses to statutory reporting requirements. Directs the maintenance and dissemination of information needed by Privacy Officers, Information System Security Officers, and system administrators on all governing guidance (e.g., statues and regulations), best practices, new vulnerabilities, and other contemporary issues using a variety of media to include the web, and electronic and print mailings. Develops and oversees privacy compliance program and privacy program staff, supporting privacy compliance, governance/policy, and incident response needs of privacy and security executives and their teams. Provides coordinated responses and follow-up actions to Privacy and Security data breach audits and external oversight organizations and maintains secure files of such responses and actions. Coordinates Privacy and Security data breach program responses for external reporting requirements. Directs the planning, evaluation, and coordination of Privacy and Security breach issues. Synchronizes and reconciles the response to Federal-wide Privacy and Security breach related initiatives and proposals. The incumbent provides data breach analysis utilizing the Privacy and Security Events Tracking System (PSETS). Incumbent timely reviews information provided in PSETS, prioritizes relevant facts, analyzes and assesses the submission, point out errors, incomplete or inconsistent data, and illogical arguments or conclusions. Incumbent decides based on the available facts as to whether a breach has occurred. Incumbent will determine the level of risk and whether notification and credit protection services are warranted if breach has occurred. Position Description/PD#: IT Specialist (Infosec)/PD16736A Relocation/Recruitment Incentives: Not Authorized Permanent Change of Station (PCS): Not Authorized Financial Disclosure Report: Not Required Travel Required: Occasional travel may be required as needed for this position. Work Schedule: Monday - Friday 8AM-4:30PM; Tour of duty will be determined based on organizational needs. Compressed/Flexible: As determined by the Agency Policy Virtual: This is not a virtual position. Physical Demands: The work is primarily sedentary, although some slight physical effort may be required. Working Conditions: Work is typically performed in an adequately lighted and climate-controlled office. May require occasional travel.