INFORMATION SYSTEMS SECURITY MANAGER - DIRECT HIRE AUTHORITY at Department of the Air Force

Sensitive Compartmented Information

Duties

Plans, designs, implements, documents, assesses, and manages IT systems or components to align with the mission, goal, and processes of the organization.,Develops, interprets, plans / applies policy, procedures, risk analysis, and strategy in the delivery of multi-discipline IT services required to achieve data and system integration/ interoperability/protection for assigned systems and applications.,Identifies opportunities to improve IT systems to support business processes and utilize emerging technologies.,Conducts evaluations, audits, and reviews and develops contingency plans for area of responsibility.,Performs needs analyses to define opportunities for new or improved system process solutions and ensures the rigorous application of information security/ information assurance policies, principles, and practices to the systems analysis process.,Drafts or prepares a variety of documents to include responses to routine inquiries, reports, briefs, SOPs, architectures, and/or other related documents in a well-organized and timely manner.

Qualifications

BASIC REQUIREMENT OR INDIVIDUAL OCCUPATIONAL REQUIREMENT: To qualify for this position you must also meet the qualification requirements listed below: Experience requirements are described in the Office of Personnel Management (OPM) Qualification Standards for General Schedule Positions, Individual Occupational Requirements for Information Technology Management Series 2210 (Alternative A). Due to the use of 120-day rosters, this period of experience may be completed within 120 days of the closing date of this announcement. SPECIALIZED EXPERIENCE: Applicants must have at least one year (52 weeks) of IT-related experience demonstrating each of the following four competencies: Attention to Detail, Customer Service, Oral Communication, Problem Solving AND one year (52 weeks) of specialized experience equivalent to GS-13 in the Federal service or equivalent in an alternate pay system. Specialized experience includes providing technical guidance and oversight to information technology security teams; authorizing organizational information technology systems under the Risk Management Framework process to identify vulnerabilities, risks, and protection needs; and developing and implementing cybersecurity policies, procedures, and standards to protect sensitive information and systems. NOTE: Due to the use of 120-day rosters, this period of experience may be completed within 120 days of the closing date of this announcement. COMPETENCIES: Your qualifications will be evaluated on the basis of your level of knowledge, skills, abilities and/or competencies in the following areas: Problem Solving, Communication, Technology Management, and Teamwork and Leadership. IDEAL CANDIDATE: In addition to the specialized experience statements listed above, the ideal candidate would have the following skills and experience: Experience with IT security frameworks, standards, and regulations. The ideal candidate will possess experience in applying the NIST Risk Management Framework (RMF) and the Joint Special Access Program Implementation Guide (JSIG) to authorize DoD IT systems. Experience with developing, implementing, and maintaining a continuous monitoring (ConMon) program for authorized systems. The ideal candidate will possess experience with security automation and orchestration tools to support ConMon and have participated in one or more cybersecurity inspections (e.g., CCRI, CORA, DIA JCIP). Solid knowledge of cybersecurity technologies and the ability to assess cybersecurity risk. The ideal candidate will possess experience conducting risk evaluations of virtualization, containerization, cloud platforms, and software development procedures. Experience in communicating, both orally and in writing, cybersecurity concepts, threat analysis, risk mitigation strategies, and impacts of DoD IT policy and procedures. The idea candidate will show effective collaboration with other organizations to establish strategic partnerships that promote positive relationships with external assessors and stakeholders. Ability to lead and manage a team of cybersecurity professionals, with strong leadership, analytical problem-solving, and decision-making skills. The ideal candidate will have experience with project management and utilizing Jira for task management. Ability to apply industry best practices and emerging trends in cybersecurity. The ideal candidate will show a commitment to continuous learning and will have experience with automated security tools and agile methodologies. PART-TIME OR UNPAID EXPERIENCE: Credit will be given for appropriate unpaid and or part-time work. You must clearly identify the duties and responsibilities in each position held and the total number of hours per week. VOLUNTEER WORK EXPERIENCE: Refers to paid and unpaid experience, including volunteer work done through National Service Programs (i.e., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community; student and social). Volunteer work helps build critical competencies, knowledge and skills that can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience.

Other Information

Interagency Career Transition Assistance Program (ICTAP): For information on how to apply as an ICTAP eligible click here. To be well-qualified and exercise selection priority for this vacancy, displaced Federal employees must be rated well qualified or above for this position. You must submit a copy of the agency notice, your most recent performance rating, and your most recent SF-50 noting position, grade level, and duty location. Employed Annuitants (Reemployed Annuitants): Applicants in receipt of an annuity based on civilian employment in the Federal Service are subject to the DoD Policy on The Employment of Annuitants. Click here for more information. 120-Day Register: This announcement may result in a 120-day register that may be used to fill like vacancies for 120 days after the closing date. Applicants may be referred for consideration as vacancies occur. This job announcement will be used to gather applications that may or may not result in a referral or selection. If you have questions regarding this announcement and have hearing or speech difficulties click here.