Information Technology Specialist (INFOSEC), GS-2210-11/12 (RF-DH)
The purpose of this position is to serve as an Information Systems Security Officer (ISSO) for the Bureau of Reclamation. The ISSO ensures that the appropriate operational security posture is implemented and maintained for information technology (IT) systems in accordance with all applicable cybersecurity requirements.
LOCATION: Policy, Administration, and Budget; Infomation Resources Office; Risk management Services Group, Lakewood, CO.
Duty Station Location is negotiable after selection. Salary will vary based on duty location.
DOI uses E-Verify to confirm the employment eligibility of all newly hired employees. To learn more about E-Verify, including your rights and responsibilities, please visit www.dhs.gov/E-Verify.
- Not Required
Specialized Experience - All applicants must possess one year of specialized experience. To meet specialized experience, your resume must describe experience that demonstrates the particular knowledge, skills, and abilities as defined below:
GS-11: One year of specialized experience equivalent in difficulty and complexity to at least the GS-9 level in the Federal Government. Specialized experience is that which has equipped the applicant with the particular knowledge, skills, and abilities to successfully perform the duties of the position and is typically in or related to the position to be filled.
GS-12: One year of specialized experience equivalent in difficulty and complexity to at least the GS-11 level in the Federal Government. Specialized experience is that which has equipped the applicant with the particular knowledge, skills, and abilities to successfully perform the duties of the position and is typically in or related to the position to be filled.
GS-11: Specialized experience for this position must include 3 of the following:
GS-12: Specialized experience for this position must include ALL of the following:
- Experience with using the Federal information security requirements including but not limited to the Federal Information Security Modernization Act (FISMA), National Institute of Standards and Technology (NIST) standards and guidelines, applicable Homeland Security Presidential Directives, and Office of Management and Budget (OMB) directives.
- Experience ensuring that the appropriate operational cybersecurity posture is maintained for assigned IT systems.
- Experience developing, maintaining and updating the system security plan and all associated documents in accordance with NIST requirements.
- Experience conducting assessments to determine the overall effectiveness of security controls, identify the severity of weaknesses and recommending corrective actions to address identified vulnerabilities.
Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community, student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience.
GS-11: Ph.D. or equivalent doctoral degree or 3 full years of progressively higher level graduate education leading to a Ph.D. or equivalent doctoral degree
GS-12: Does now allow substituting education for experience. This vacancy announcement does not allow substituting education for experience.
You must meet all qualification requirements by the closing date of this announcement.
Public Trust - Background Investigation
- Developing and maintaining detailed System Security Plans and procedures in accordance with the Federal Information Security Modernization Act (FISMA).
- Conducting security control assessments in accordance with National Institutes of Standards and Technology (NIST) requirements to determine the overall effectiveness of the controls.
- Monitoring cybersecurity controls to ensure that they continue to be implemented correctly, operating as intended and producing the desired outcome.
- Opening Plan of Action & Milestones (POA&M) for cybersecurity controls that are not fully implemented or operating as intended and managing the POA&M process for assigned IT systems.
- Providing the required system access, information and documentation to independent security assessment teams and external auditors.
- Serving as a cybersecurity advisor, assessing the security impact of proposed system changes and notifying the system owner of changes that increase the risk to Reclamation operations, assets or individuals.