Location 2 vacancies in the following location: Oklahoma City, OK 2 vacancies * Remote job No * Telework eligible Yes-as determined by the agency policy. * Travel Required 25% or less - The job may require up to 25% travel. * Relocation expenses reimbursed No * Appointment type Permanent * Work schedule Full-time * Service Excepted * Promotion potential NA * Job family (Series) 2210 Information Technology Management * Supervisory status No * Security clearance * Drug test No * Announcement number AAC-AFN-22-AMK230-78999 * Control number 658495000 Duties As Cybersecurity Assessment Team Lead, applies comprehensive technical knowledge and experience in the technical review and analysis of independent Security Assessments (SA), Assessments in support of Continuous Monitoring (CMA) and other information security assessment related tasks under limited direction of a Manager. Exhibits constant professionalism, attention to detail and a predictable in-office presence to effectively mentor team members. Monitors and reports on the progress and status of assignments being accomplished by the Assessment Group, ensuring contractual agreements are being met. Provides inter-program coordination with customers at local, agency-wide, departmental and inter-agency offices. Mentors Assessment Group team members on technology changes. Ensures Assessment work is completed in accordance with established priorities. Identifies, distributes and balances workload among team members employees in accordance with established workflows and skill levels. Processes customer inquiries for cybersecurity assessment services. In consultation with Management and other subject matter experts (SME's), establishes the scope, complexity and schedule for proposed assessment projects. Coordinates with the appropriate stakeholders to define and articulate the Level of Effort (LoE) associated with proposed assessment projects. In consultation with Management, maintains the Assessment Group's project Dashboard. Coordinates with Management to plan Assessment projects inclusive of technical requirements and reports progress on technical tasks to Management. Ensures technical scope of work meets quality work product requirements. Provides technical review and analysis to ensure deliverables are in compliance with service levels, contractual requirements and the Federal Information Security Management/Modernization Acts (FISMA), necessitating extensive knowledge of the National Institute of Standards and Technology (NIST) Special Publication (SP) 800 series, specifically NIST SP 800-53 and Federal Information Processing Standards (FIPS). Defines, organizes, and assigns resources to accomplish organizational objectives. Allocates resources to accomplish large work activities within established schedules. Periodically develops reports and delivers briefings regarding system statuses to Management at all levels, to include Executives, throughout the Federal government. Required to act in a confidential capacity with tasks associated with formulating or implementing management policies impacting labor-management relations. The position is directly involved with the analysis and monitoring of security controls for High Value Asset (HVA) systems -- critical and high impact infrastructure and/or systems -- as defined by the Department of Homeland Security (DHS), supporting our nation's critical cybersecurity posture. Assessment/Audit activities will routinely identify shortfalls in Agency employee performance, wherein the security posture of systems is being adversely impacted. Contacts are internal and external. Often represents FAA as a senior technical point of contact on projects, programs and other work activities. Communicates results to all levels internally (within an LOB/SO or across LOB/SOs) and externally. Plays a lead role in drafting, reviewing, and editing reports or contractual documents for final approval prior to external distribution. Presents briefings to obtain consensus/approval on policies. Coordinates significant technical matters with representatives of external organizations. Provides guidance to lower-level staff on how to solve difficult technical issues. Resolves all but unique technical problems without the intervention of management or a more experienced technical specialist. Develops plans, techniques, and policies to address current or anticipated problems and issues. Works with management to solve problems. This position may require travel up to 25%. Requirements Conditions of Employment * Review the Additional Information Section of this vacancy announcement for important information regarding your COVID vaccine status. * US Citizenship is required. * Selective Service Registration is required for males born after 12/31/1959. * Must submit an SF50 (See Required Documents) * A one-year probationary period may be required. * Successful completion of a security investigation may be required. * Please review Required Documents & Additional Information. Qualifications To view the complete qualification standard, applicants should reference - U.S. Office of Personnel Management Information Technology (IT) Management Series, 2210. www.opm.gov/policy-data-oversight/classification-qualifications/general-schedule-qualification-standards/2200/information-technology-it-management-series-2210-alternative-a/ To qualify for this position at the FV-J (FG/GS-14) level, you must demonstrate in your application that you possess at least one year of specialized experience equivalent to FV-I (FG/GS-13) level, and meet the Selective Placement Factor. Specialized experience is experience that has equipped you with the particular knowledge, skills, and abilities to perform successfully the duties of the position. Specialized Experience: may include but is not limited to: management of ISS projects that require extensive knowledge of IT hardware/software technology; experience preparing ISS systems documentation for certification/accreditation in accordance with FISMA, FedRAMP, and/or other Federal IS guidelines or regulations; experience monitoring and evaluating systems' compliance with IT security requirements. AND Selective Placement Factor: Applicants must currently hold two industry-recognized cybersecurity certifications, with at least one coming from Group A. Group A * ISACA Certified Information Systems Auditor (CISA)
* (ISC)2 Certified Information Systems Security Professional (CISSP)
* (ISC)2 Certified Cloud Security Professional (CCSP)
Group B * (ISC)2 Certified Authorization Professional (CAP)
* ISACA Certified Information Security Manager (CISM)
* ISACA Certified in Risk and Information Systems Control (CRISC) AND Individuals must have IT-related experience demonstrating each of the four competencies listed below. The experience may be demonstrated by paid or unpaid experience and/or completion of specific, intensive training as appropriate. 1. Attention to Detail - Is thorough when performing work and conscientious about attending to detail. 2. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. 3. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. 4. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. Quality Ranking Factor - Well qualified applicants will possess IT experience with an emphasis on Cybersecurity roles. IT experience will demonstrate that the applicant has relevant experience with current versions of computer operating systems, software, hardware and/or associated protocols. In addition, applicants must possess information system auditing/assessing experience. This experience will have entailed evaluations against State and/or Federal requirements (e.g., NIST RMF, HIPPA, Sarbanes-Oxley, etc.). Applicant will demonstrate auditing/assessing experience is with current versions and/or requirements of Federal or State guidance (e.g., NIST 800-53 Rev 4, NIST 800-171A, DODI 8510.01 CE-03, HIPPA Security Rule 45 C.F.R., FedRAMP, ISO 27001/2-2013, SOC2, etc.). Applicants should include examples of Specialized Experience in their work history and must submit proof documentation of the certifications they hold. Qualifications must be met by the closing date of this vacancy announcement. Preview Job Questionnaire Make sure your resume includes detailed information to support your qualifications and answers to the job questionnaire. Additional information We may use this vacancy to fill other similar vacant positions.
Position may be subject to a background investigation.
A one-year probationary period may be required. The person selected for this position may be required to file a financial disclosure statement within 30 days of entry on duty. FAA policy limits certain outside employment and financial investments in aviation-related companies. www.faa.gov/jobs/working_here/financial_disclosure_requirements The U.S. Department of Transportation strives to ensure that equity, transparency, accountability, collaboration, and communication permeate all that we do for the betterment of the Department, the traveling public, and our nation. As such, DOT values a highly diverse workforce of