The Associate Chief Information Officer for Cybersecurity (ACIO, CYBERSECURITY) as serves as the Department of the Treasury's Chief Information Security Officer (CISO). The incumbent is responsible for leading, directing, and managing Treasury's enterprise Cybersecurity Program, including the formulation of cybersecurity policy, ensuring bureau compliance, overseeing the High Value Asset (HVA) program, and addressing government-wide and Departmental cybersecurity mandates.
To meet the minimum qualifications for the position of Director for Analysis position, applicants must possess the Executive Core Qualifications listed below. Typically, qualified applicants will have gained experience of this nature at or above the (GS)-15 grade level or its equivalent in the public or private sector. To be qualified for this position, your resume must reflect experience in a managerial capacity. Typically, experience of this nature is gained at or above the GS-15 grade level in the Federal service, or its equivalent with state or local government, the private sector, or nongovernmental organizations. As such, your resume must demonstrate that you have the knowledge, skills, and abilities to successfully fulfill responsibilities inherent in most SES positions such as: Directing the work of an organizational unit; Accountability for the success of one or more specific programs or projects; Monitoring progress toward organizational goals and periodically evaluates and makes adjustments to such goals; Supervising the work of employees (other than personnel assistants) at least 25% of the time; or Exercising important policy-making, policy-determining, or other executive functions Resume: Applicants must meet all qualifications and eligibility requirements by the closing date of this announcement. When describing your experience in your two-page resume, be clear and specific. Do not assume that we will infer details - your resume must clearly support the responses provided in your assessment questionnaire. If your resume does not substantiate your answers, credit cannot be given for those responses. Your resume must include your legal first and last name, city, state, and zip code, phone number, email address, and complete employment history. For each position listed, please include: Employment dates in MM/YYY - MM/YYY format (or MM/YYYY - Present), Agency/Employer name, Position title, Grade level(s) held (if applicable), hours worked per week (if less than full-time) and a detailed description of duties performed. For positions worked on less than a full-time basis, specify the percentage of time and length of time spent performing those duties. Applicants seeking initial career appointment to the Senior Executive Service (SES) must clearly demonstrate the ability to meet the ECQs within their two (2) page resume (any experience exceeding 2 pages will not be reviewed). Current or former SES members must submit an SF-50 and/or QRB Certification of ECQs to show current or former service in the SES. OPM's Guide to the Senior Executive Services Qualifications provides detailed information on the ECQs. If you are currently serving under a career SES appointment, are eligible for reinstatement into the SES (this means you were previously employed as a Career SES employee and successfully completed a one-year probationary period) or have successfully completed an OPM-certified SES Candidate Development Program (CDP), your resume must clearly state that you are a current career SES, eligible for reinstatement, or SES CDP certified, including the year of certification. In addition to meeting the minimum qualifications, you must also demonstrate the following Executive Core Qualifications (ECQs) and Mandatory Technical Qualifications (MTQs): EXECUTIVE CORE QUALIFICATIONS (ECQs): By statute, OPM prescribes ECQs for the appointment of career SES members. The ECQs were designed to evaluate executive experience and not technical expertise. The following ECQs provide the focus for certification of executive core qualifications for initial appointment to the Senior Executive Service. Your two-page resume should show that you possess the Executive Core Qualifications. ECQ 1 - Commitment to the Rule of Law and the Principles of the American Founding: Demonstrated knowledge of the American system of government, commitment to uphold the Constitution and the rule of law, and commitment to serve the American people. Leadership Competencies: Knowledge of the American System of Government, Commitment to the Rule of Law, Civic-Mindedness. ECQ 2 - Driving Efficiency: Demonstrated ability to strategically and efficiently manage resources, budget effectively, cut wasteful spending, and pursue efficiency through process and technological upgrades. Leadership Competencies: Fiscal Responsibility, Managing Resources, Leveraging Technology. ECQ 3 - Merit and Competence: Demonstrated knowledge, ability, and technical competence to effectively and reliably produce work that is of exceptional quality. Leadership Competencies: Technical Skill, Problem Solving, Agility and Resilience. ECQ 4 - Leading People: Demonstrated ability to lead and inspire a group toward meeting the organization's vision, mission, and goals, and to drive a high-performance, high-accountability culture. This includes, when necessary, the ability to lead people through change and to hold individuals accountable. Leadership Competencies: Accountability, Developing Others, Executive Judgement. ECQ 5 - Achieving Results: Demonstrated ability to achieve both individual and organizational results, and to align results to stated goals from superiors. Leadership Competencies: Operational Mindset, Innovation, Strategic Thinking. Additional information about the SES and ECQs can be found on the Office of Personnel Management (OPM) SES Website: Executive Core Qualifications. MANDATORY TECHNICAL QUALIFICATIONS (MTQs): In addition to the ECQs, candidates must address MTQs. MTQs are designed to assess an applicant's experience relevant to the specific position requirements. All applicants must clearly demonstrate in their two-page resume, experience and accomplishments related to the MTQs below: MTQ 1 - Demonstrated ability to provide executive leadership in developing and executing enterprise-wide cybersecurity strategy. It emphasizes aligning cybersecurity with mission objectives, balancing compliance and innovation, and influencing outcomes across a large, federated enterprise comparable to the U.S. Treasury. MTQ 2 - Executive-level experience in designing and leading governance structures that establish accountability, ensure compliance with federal mandates, and manage cybersecurity risk across an enterprise. It emphasizes setting Department-wide policies, chairing councils or boards, and demonstrating measurable governance impact. MTQ 3 - Demonstrated experience in overseeing and managing enterprise-wide cybersecurity operations. It emphasizes responsibility for resources, contracts, and staff, as well as measurable success in incident response, monitoring, compliance, and strengthening enterprise resilience. MTQ 4 - Demonstrated ability and experience in representing the Department externally on cybersecurity issues, drive innovation, and lead organizational transformation. It emphasizes engaging with stakeholders across government and industry, adopting emerging technologies, and leading cultural or structural change to improve enterprise cybersecurity maturity. Please DO NOT submit separate documents addressing the ECQs or MTQs.
The CISO is the head of U.S. Treasury's Cybersecurity Program and is fully responsible for accomplishing the cybersecurity program objectives, which have Treasury-wide and government-wide impact. The specific duties and responsibilities of the incumbent include: Provides management leadership, guidance, expert advice, and collaboration in developing and deploying a comprehensive framework for effective implementation of the Treasury Cybersecurity Program. Oversight of the department-wide security program including strategic planning and development of standardized cybersecurity policies, procedures, tools, and performance metrics in Compliance with federal regulations and legislation. Provides guidance and advice to Bureaus on policy and industry best practices. Actively evaluates and assesses the security posture and operational risks of deployed IT-systems and services for the Department and its Bureaus. Determines the priorities of the programs, projects, and activities the Cybersecurity organization undertakes based on management of financial budget and staffing resources, other administrative functions, and procurement/contract opportunities. Administers contracts in assigned areas of responsibility. Serves as Treasury's focal point for cybersecurity oversight and compliance and as the Treasury liaison to external organizations such as OMB, GAO, CIO Council subcommittees, and Congress. Coordinates and monitors Departmental and Federal Information Security Management Act (FISMA) compliance. Ensures that the Department provides timely responses to externally driven legislation, mandates, and reviews. Monitors remedial measures to correct deficiencies identified in audits or inspections. Manages and oversee systems, activities and initiatives required to support the Department's National Security System responsibilities such as securing systems and information critical to national security, coordinating with the intelligence community and other external agencies, and providing technical support and consultation for classified networks and systems. Directs the Department-wide high-value asset program. Ensures all Treasury-wide IT- contingency planning requirements are met, and associated plans and guidance are current. Promotes and coordinates training and awareness related to Treasury's computer, network, and information systems security policies. Reviews and analyzes Treasury-wide and Bureau IT-investments and activities to assess and identify security requirements to ensure compliance with Cybersecurity policies and guidelines. Provides expert assistance, advice, and counsel to the CIO, DCIO, and other program and policy officials regarding Treasury's Cybersecurity programs. Provides authoritative recommendations and solutions to problems and challenges with respect to federal mandates/legislation, risk management, and improvement of security policy and operational processes. Represents the CIO and DCIO internally and externally, as requested, on matters in assigned areas of responsibility. Provides overall program management for a large and complex organization, leading efforts to meet strategic objectives, manage organizational and operational change, and leverage technology to improve efficiency and effectiveness in implementing program goals. Establishes program emphases and goals, develops plans and policies and issues pertinent guidelines and instructions to achieve them. Plans work to be accomplished by cybersecurity staff, establishes priorities, schedules work completion based on priorities and resources. Ensures that resources are planned for, acquired, and managed in a manner that achieves the strategic objectives of a large public organization while conforming to Treasury's policies. Coordinates program efforts and policy initiatives with Headquarters Offices, bureaus, other Federal agencies, and other interested parties.