IT Specialist - Info Sec, Info Systems Security Officer PD 20R133 - Office

at  US Health Resources and Services Administration

APPLICATIONS RECEIVED AS A RESULT OF JOB FAIRS, RECRUITMENT EVENTS, AND EMERGENCY HIRING MECHANISMS IN SUPPORT OF THIS HIRING INITIATIVE WILL ALSO BE ACCEPTED DURING OPEN AND CLOSING DATE OF THIS ANNOUNCEMENT.

IT Specialists (INFOSEC) are a mission critical occupation for HRSA. These positions are responsible for the analysis of system and/or security requirements, the development and implementation of mission critical applications for the agency’s Information Technology operations.
As an IT Specialist - Info Sec - Information Systems Security Officer (ISSO), you will serve as a technical authority/subject matter expert for HRSA on matters involving the vulnerabilities and threats to HHS’ information technology systems.

Your major duties and responsibilities will include:

• Developing/updating system security plans, risk assessments, disaster recovery, and contingency plans, incident response and additional system development life-cycle security documentation.
• Overseeing the security posture for one or more system(s) throughout the entire lifecycle; providing continuous monitoring through scheduled audits, controls testing, and audit reviews, and escalates issues as needed.
• Facilitating remediation/mitigation of weaknesses tracked on the Plan of Action and Milestones to reduce risk and address weaknesses to the system.
• Providing Continuous Monitoring support/guidance by reviewing security documentation, logs, scans and ensuring system backups are performed.
• Conducting security impact assessments when system changes or additions occur to the system, evaluate compliance with IT security requirements, compare them with expected results, and make recommendations.

NOTE: Do not cut and paste the duties, specialized experience, or occupational assessment questionnaire from this announcement into your resume as that will not be considered a demonstration of your qualifications for this position.

EDUCATION

This job does not have an education qualification requirement.

To qualify for this position, your resume must clearly demonstrate that you have IT-related information security experience in each of the four competencies listed below:

• Attention to Detail - Is thorough when performing work and conscientious about attending to detail;
• Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services;
• Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations: listens to others, attends to nonverbal cues, and responds appropriately;
• Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations

DUTIES

This position is 100% remote and the US location is negotiable after selection. Work sites outside of the U.S. are prohibited. Your salary will be based upon the locality pay of your work site after selection.
To view the salary range including locality pay for your particular location, please visit this link to the 2024 OPM Salary Tables.

DO NOT CUT AND PASTE THE DUTIES, SPECIALIZED EXPERIENCE, OR OCCUPATIONAL ASSESSMENT QUESTIONNAIRE FROM THIS ANNOUNCEMENT INTO YOUR RESUME AS THAT WILL NOT BE CONSIDERED A DEMONSTRATION OF YOUR QUALIFICATIONS FOR THIS POSITION.

To qualify for this position, your resume must clearly demonstrate that you have IT-related information security experience in each of the four competencies listed below:

• Attention to Detail - Is thorough when performing work and conscientious about attending to detail;
• Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services;
• Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations: listens to others, attends to nonverbal cues, and responds appropriately;
• Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.

MINIMUM QUALIFYING SPECIALIZED EXPERIENCE IS EXPERIENCE THAT HAS EQUIPPED THE APPLICANT WITH THE PARTICULAR KNOWLEDGE, SKILLS, AND ABILITIES TO PERFORM SUCCESSFULLY THE DUTIES OF THE POSITION AND IS TYPICALLY IN OR RELATED TO THE WORK OF THE POSITION TO BE FILLED. TO BE CREDITABLE, AN APPLICANT’S ONE FULL YEAR OF SPECIALIZED EXPERIENCE MUST DEMONSTRATE THE KNOWLEDGE, SKILLS, AND ABILITIES NECESSARY FOR SUCCESSFUL JOB PERFORMANCE.

Examples of minimum qualifying experience equal to the GS-12 level include performing the following types of tasks on a regular and recurring basis:

• Implementing security across all enterprise applications that protect against external attacks, privilege abuse and data theft;

Your major duties and responsibilities will include:

• Developing/updating system security plans, risk assessments, disaster recovery, and contingency plans, incident response and additional system development life-cycle security documentation.
• Overseeing the security posture for one or more system(s) throughout the entire lifecycle; providing continuous monitoring through scheduled audits, controls testing, and audit reviews, and escalates issues as needed.
• Facilitating remediation/mitigation of weaknesses tracked on the Plan of Action and Milestones to reduce risk and address weaknesses to the system.
• Providing Continuous Monitoring support/guidance by reviewing security documentation, logs, scans and ensuring system backups are performed.
• Conducting security impact assessments when system changes or additions occur to the system, evaluate compliance with IT security requirements, compare them with expected results, and make recommendations