Information Systems Security Officer (ISSO)
The GSA OIG operates as an autonomous entity within GSA under a presidentially appointed, Senate confirmed Inspector General who supervises a diverse team of over 300 professionals in headquarters' administrative, legal, and operational components and in regional operational offices throughout the country.
The GSA OIG is dedicated to protecting the public interest by bringing about positive changes in the performance, accountability, and integrity of GSA programs and operations. Oversight is provided through auditing, inspections and evaluations, and investigations of GSA's extensive procurement, real property, and related programs and operations, which primarily support other federal agencies. OIG oversight components report their findings and recommend courses of action to promote efficiency and economy in the GSA’s activities. Last fiscal year, our OIG professionals’ efforts resulted in $243 million in criminal, civil, administrative, and other recoveries; over $1.4 billion in GSA management decisions that agreed with GSA OIG audit recommendations; over 40 successful criminal prosecutions; and numerous suspensions and debarments. Applicants are encouraged to review the work and accomplishments of the GSA OIG on our website, https://www.gsaig.gov/.
Any offers of employment made pursuant to this announcement will be consistent with all applicable authorities, including Presidential Memoranda, Executive Orders, Interpretive U.S. Office of Management and Budget (OMB) and U.S. Office of Personnel Management (OPM) guidance, and Office of Management and Budget plans and policies concerning hiring. These authorities are subject to change.
- Occasional Travel
- Selected applicant (s) must be able to acquire and maintain a government-issued travel charge card.
Applicants must meet the OPM minimum qualification standards and all selective factors (if required) and specialized experience defined in this announcement.
Applications that do not illustrate the required experience on their resume will be rated ineligible.
To qualify for this position at the GS-2210-13 level, an applicant must possess Information Technology skills and knowledge in information security equivalent to the GS-12 level. Specific skills and experience should include:
- Advanced knowledge in applying information security concepts, principles and practices Skill in providing expert technical advice, guidance, and recommendations to management and other technical specialists on critical IT issues - specifically on information security.
- Advanced knowledge of deploying, configuring, and using security tools.
- Hands-on knowledge of firewalls, intrusion detection systems, anti-virus software, data encryption, and other industry standard techniques and practices.
- Skill in interpreting policies, procedures, and strategies that govern the planning and delivery of IT communication services.
- This position may require rotational or on-call work assignments.
- Be a Certified Information Security Manager (CISM), Certified Information System Auditor (CISA), Certified Information Systems Security Professional (CISSP), or comparable certification (please be ready to validate).
- Attention to Detail - Is thorough when performing work and conscientious about attending to detail.
- Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.
- Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.
- Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.
This position may require rotational or on-call work assignments.
Public Trust - Background Investigation
This position is located in the Office of Inspector General, Office of Administration (JP), Information Technology Division (JPM). The incumbent of this position is the Information Systems Security Officer (ISSO), and serves as the focal point for ensuring the implementation, maintenance, and updating of adequate system security in order to prevent, detect, and recover from security breaches. This position reports directly to the Information System Security Manager (ISSM).
The ISSO has the technical responsibility of implementing and assessing security for IT security systems that anticipate, identify, evaluate, mitigate, and minimize risks associated with IT systems vulnerabilities. The work involves coordinating and executing the implementation of security programs/projects across platforms and establishing vulnerability reporting criteria. Applicant is expected to be expertly familiar with security tools used to audit, scan, exploit, and remediate security vulnerabilities. The incumbent ensures the confidentiality, integrity, and availability of systems, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, procedures, and tools.
As a recognized expert of Information Technology (security) procedures, the duties of the position include but are not limited to:
- Ensure necessary security controls are in place and operating as intended;
- Advise the ISSM of risks to systems and assessing risks;
- Help complete and maintain appropriate security documentation including systems security plans, ITCP, POAM, ETC.;
- Review system security audit trails and system security documentation to ensure security measures are implemented effectively and evaluating known vulnerabilities to ascertain if additional safeguards are needed;
- Ensuring systems are patched, and security hardened;
- Assist in the development, updating changes to systems and assessing the security impact of those changes;
- Identifying, reporting and responding to security incidents and reviewing security alerts on vulnerabilities; and
- Ensuring users have the required background investigations, the required authorization and need-to-know, and are familiar with internal security practices before access is granted to systems.