Duties

Serves as the cybersecurity advisor to FHFA business offices, system owners, developers, vendors and other technical and non-technical stakeholders to ensure all existing and newly developed systems or applications remain appropriately secure.

Defines and establishes security and privacy requirements for agency systems, including planning for Information Security Contingency Planning and ensures compliance with applicable regulations and agency policy.

Interprets NIST security and privacy control requirements and best practices as appropriate to each system. Identify and applies these requirements and practices and consults with system owners and other stakeholders to ensure standards can be implemented with minimal disruption.

Develops and maintains security and privacy artifacts supporting ongoing authorization of internally hosted and cloud-based solutions.

Serves as primary point of contact for security and privacy audits and reviews. Coordinates involvement with control assessors and auditors, providing artifacts and evidence on behalf of FHFA system owners to demonstrating the effective implementation of security and privacy controls.

Develops and delivers annual training to FHFA system owners on their security and privacy responsibilities. Reviews and revises training on an on-going basis to ensure continued compliance with regulations and other guidance.

Supports FHFA system owners in tracking and remediating information system weaknesses and vulnerabilities. Provides guidance and assistance in proactively identifying these issues and coordinates responses.

Advises FHFA contracting officers and contracting officer representatives on applicable security requirements for third-party systems.

Assist in conducting special projects related to information security or privacy on projects across OTIM and the agency as assigned. Stays abreast of changes in policies and procedures of both Federal and private sector to remain current in relevant IT practices and makes and implements recommendations to improve FHFA processes.

Provides advice, guidance, and training to lower-graded IT specialists, and may lead IT project teams working on information security efforts. Oversees project responsibilities within assigned area to ensure the proper resources and plans are put into place and are on target

Performs other duties as assigned.

Requirements

Conditions of Employment

• Must be a U.S. Citizen or National
• Males born after 12-31-59 must be registered for Selective Service
• Suitable for Federal employment, as determined by background investigation
• May be required to successfully complete a probationary period
• Only experience and education obtained by the closing date of this announcement will be considered.
• Resume and supporting documents (See How To Apply)
• These positions are being filled through an OPM Direct Hire Authority for IT Cybersecurity Specialist Positions and are not subject to veteran's preference.

Qualifications

Qualifying experience for the EL-13 level includes one year of specialized experience at least equivalent to EL/GS-12 which is in or directly related to the line of work of the position to be filled and which has equipped the applicant with the particular knowledge, skills, and abilities to successfully perform the duties of the position.

Specialized experience for this position includes:

Providing expert advice and guidance to staff on information security requirements and best practices for new or recently enhanced applications or systems.

Coordinating security audits or reviews, including serving as the liaison between auditors and both technical and program staff, providing materials and artifacts to auditors, and supporting program and technical staff in responding to audit requests.

Developing and managing a variety of information security documents, plans, and other materials, such as Security Categorization Worksheets, System Security and Privacy Plans, System Contingency Plans, eAuthentication Risk Assessments, Security Impact Assessments, or Audit Log Reports.

Identifying and supporting the resolution of vulnerabilities in systems and applications including the organization's information security program.

Tracking and remediating information system weaknesses and vulnerabilities and coordinating responses to identified issues.

Leading IT project teams working on information security efforts.

Qualifying experience for the EL-12 level includes one year of specialized experience at least equivalent to EL/GS-11 which is in or directly related to the line of work of the position to be filled and which has equipped the applicant with the particular knowledge, skills, and abilities to successfully perform the duties of the position.

Specialized experience for this position includes:

Providing advice and guidance to staff on information security requirements and best practices an application or information system.

Coordinating security audits or reviews, including serving as the liaison between auditors and both technical and program staff, and supporting program and technical staff in responding to audit requests.

Coordinating a variety of information security documents, plans, and other materials, such as Security Categorization Worksheets, System Security and Privacy Plans, System Contingency Plans, eAuthentication Risk Assessments, Security Impact Assessments, or Audit Log Reports.

Identifying vulnerabilities in systems and applications including the organization's information security program and assisting in their resolution.

Tracking information system weaknesses and vulnerabilities and coordinating responses to identified issue.

Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community, student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience.

Education

This job does not have an education qualification requirement.

Additional information

Veterans preference does not apply when selecting individuals under this DHA. Candidates with Veteran's preference, who meet the requirements for this vacancy, will be referred to the selecting official just as any qualified non-preference eligible candidate.

Males born after 12-31-59 must be registered or exempt from Selective Service (see https://www.sss.gov/RegVer/wfRegistration.aspx ).

Career Transition Assistance Programs: These programs apply to employees who have been involuntarily separated from a Federal service position within the competitive service or Federal service employees whose positions have been deemed surplus or no longer needed. To receive selection priority for this position, you must: (1) meet CTAP or ICTAP eligibility criteria; (2) be rated well-qualified for the position ; and, (3) submit the appropriate documentation to support your CTAP or ICTAP eligibility. For more information visit: http://www.opm.gov/rif/employee_guides/career_transition.asp .

FHFA is an Equal Opportunity Employer and all qualified applicants will receive consideration for employment regardless of race, color, religion, gender (including pregnancy, sexual orientation, and gender identity), national origin, disability (physical or mental), age (40 years of age or over), genetic information, parental status, marital status, prior protected EEO activity, political affiliation, or other non-merit factors.

REASONABLE ACCOMODATION:
FHFA provides reasonable accommodations to applicants with disabilities, except when doing so would pose an undue hardship on the Agency. If you need a reasonable accommodation for any part of the application and hiring process, please notify FHFA. The Agency's decision on granting a reasonable accommodation will be made on a case-by-case basis.

• (202) 649-3963
• 7-1-1 TTY
• reasonableaccommodations@fhfa.gov

Ethics: FHFA employees are subject to government-wide ethical standards of conduct, financial disclosure requirements, and post-employment prohibitions. In addition, certain FHFA employees are prohibited from accepting compensation from Fannie Mae and Freddie Mac for a two-year period after terminating employment with FHFA. Furthermore, to avoid financial conflicts-of interest or the appearance of conflicts-of-interest, FHFA employees may need to divest or sell certain assets they, their spouse, or minor children own or control, including securities issued by Fannie Mae, Freddie Mac, or the Federal Home Loan Banks. Employees who work on Federal Home Loan Bank issues may need to sell or divest financial interests with any of the Federal Home Loan Bank members, which may include stock in bank holding companies, insurance companies, and other financial services firms. Questions regarding these requirements and prohibitions should be directed to the Office of General Counsel at (202) 649-3088.