Supervisory IT Specialist (Information Security) (Strategy and Risk Management Lead)
This position is located in the Consumer Financial Protection Bureau (CFPB), Operations Division, Technology and Innovation, Cybersecurity Office. The incumbent supports the Strategy and Risk Management Office across a number of areas including policy development and maintenance, information assurance management, security accreditation and risk analysis and information security compliance. Achieving these objectives will require the incumbent to work closely with stakeholders within the Cybersecurity team, Technology and Innovation and across the bureau. The incumbent reports directly to the Chief Information Security Officer.
- Occasional Travel
- 1-5 nights per month
You must meet eligibility and qualification requirements within 30 days of the closing date of this announcement.
Education may enhance the skills required for this position; however, education may not be substituted for experience at this level.
Specialized Experience for CN-60: To qualify at CN-60, you must have one year of specialized experience at or equivalent to the next lower grade/band (CN-53, GS-13 or equivalent) in the Federal service. This experience need not have been in the federal government. For this position specialized experience is defined as:
- Developing, implementing and managing security controls assessment programs and policies and procedures;
- Conducting systems security audits, risk and vulnerabilities assessments;
- Participating in the analysis of IT security requirements;
- Providing recommendations to remediate security vulnerabilities and audit findings; AND
- Providing assistance to customers in developing technical requirements for information security.
In addition to the specialized experience stated above, applicants must have IT-related experience demonstrating each of the four competencies listed below.
Attention to Detail - Is thorough when performing work and conscientious about attending to detail.
Customer Service - Working with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolving their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.
Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.
Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.
PLEASE NOTE: Experience may have been gained in either the public or private sector.
Q - Nonsensitive
The major duties of this position include:
- Lead the team responsible for conducting systems security audits, risk and vulnerability assessments. Align and execute the information security program and cybersecurity risk management activities to comply with legal and regulatory requirements for CFPB initiatives.
- Oversee the planning and coordination of security authorization reviews and risk analysis for new and existing systems, networks and third party services; assess and advise on security measures and countermeasures based on the results of reviews.
- Oversee the development, implementation and management of security controls assessment programs, policies and procedures to ensure the security, reliability and accessibility of information systems, networks, and data to meet current and future business requirements.
- Lead identification of information security and risk management control gaps and oversees the documentation, implementation and testing of the control portfolio.
- Lead the execution and refinement of an information security risk management framework.