HiringCafe
Posted 15h ago

IT Cybersecurity Specialist

@ National Gallery of Art
View All Jobs
Washington, District of Columbia, United States
$122k-$158k/yrOnsiteFull Time
Responsibilities:maintaining catalog, reviewing vendors, remediating vulnerabilities
Requirements Summary:Requires experience assessing and managing third-party cybersecurity risk, conducting security reviews and vulnerability management, supporting incident triage, and collaborating with stakeholders; security clearance required.
Save
Mark Applied
Hide Job
Report & Hide
Job Description
Security Clearance

Other

Duties

The Gallery's Digital Solutions division (TDS) reports to the Gallery's Treasurer and provides IT solutions, services and innovation. This Information System Security Officer (ISSO) position reports to the Chief Information Security Officer (CISO) and maintains a secure operating environment for business applications including the continuous monitoring of information technology assets, services and processes to which they are assigned. Duties for this position include Maintain the Gallery catalog of IT enterprise and departmental systems with information including but not limited to: (i) system points of contact, (ii) vendor point of contact, (iii) Tier, (iv) location, (v) type (i.e., Cloud, on-premise, hybrid, colocation, etc.). Review vendor capabilities and security posture for potentially new IT systems/applications/services and provide recommendation on risk to the Gallery. Collaborate with the CISO, CIO, system managers, and other stakeholders to finalize IT security requirements for third-party IT systems/applications/services. Ensure vendors/contractors/providers comply with the Gallery IT security policies and procedures established as part of the third-party risk management program. Work with the Gallery's Contracts and Procurement Office (APC) to ensure all applicable IT security requirement. Review results of vulnerability scans (internal or third-party) for third-party applications/systems/devices and work with the appropriate system managers and operations (TDS-OPS) personnel to remediate critical and high vulnerabilities. Support the triage of potential security incidents related to third-party breaches, following the established IT security incident response process, and supporting remediation efforts.

Requirements

Qualification requirements must be met by the closing date of the announcement. For information on qualification requirements, see Qualification Standards Handbook for General Schedule Positions viewable on OPM Website. It is your responsibility to ensure that you submit appropriate documentation prior to the closing date. Your resume serves as the basis for qualification determinations and must highlight your most relevant and significant experience as it relates to this job announcement. Be clear and specific when describing your work history since human resources cannot make assumptions regarding your experience. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community, student, social). Your resume must include the dates of all qualifying experience (from month/year to month/year) and the number of hours worked/volunteered per week.

Qualifications

Basic Requirements This standard allows eligibility through meeting either the requirements specified in the section titled Education or the requirements specified in the section titled Experience. Education: All academic degrees and coursework must be from accredited or pre-accredited institutions Undergraduate or Graduate Education: Degree in computer science, engineering, information science, information systems management, mathematics, operations research, statistics, or technology management or degree that provided a minimum of 24 semester hours in one or more of the fields identified above and required the development or adaptation of applications, systems or networks. OR GS-5 through GS-15 (or equivalent): For all positions individuals must have IT-related experience demonstrating each of the four competencies listed below. The employing agency is responsible for identifying the specific level of proficiency required for each competency at each grade level based on the requirements of the position being filled. Attention to Detail - Is thorough when performing work and conscientious about attending to detail. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to gen AND Specialized Experience for GS-7 (or equivalent) and Above: Positions at GS-7 (or equivalent) and above require one year of specialized experience at the next lower GS-grade (or equivalent). Specialized experience is experience that has equipped the applicant with the particular competencies/knowledge, skills, and abilities to successfully perform the duties of the position and is typically in or related to the work of the position to be filled. Such experience is typically gained in the IT field or through the performance of work where the primary concern is IT. The employing agency is responsible for defining the specialized experience based on the requirements of the position being filled. Information Technology (IT) Management Series 2210 Specialized Experience Statement: To qualify for the GS-13 level, you need to have at least one year of full-time experience equivalent to the GS-12 level defined as: experience assessing and managing third-party cybersecurity risks associated with vendor-managed services, cloud service providers, software-as-a-service (SaaS) platforms, and other externally hosted systems and applications; conducting security reviews to identify and mitigate vulnerabilities; implementing vulnerability management processes; and recommending safeguards to protect information systems, networks, and organizational data OPM Qualifications Standard: You must meet all qualification and eligibility requirements by the closing date of this announcement. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community, student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience.

Education

This position does not have an education requirement.

Other Information

The National Gallery of Art fosters a diverse and inclusive workplace and is an Equal Opportunity Employer. EEO Policy: https://help.usajobs.gov/equal-employment-opportunity This position is not included in the bargaining unit. Relocation expenses will not be paid. Candidates should be committed to improving the efficiency of the Federal government, passionate about the ideals of our American republic, and committed to upholding the rule of law and the United States Constitution. Reasonable Accommodation Policy: https://help.usajobs.gov/reasonable-accommodation Veterans Information: https://help.usajobs.gov/working-in-government/unique-hiring-paths/veterans Selective Service Registration: http://www.sss.gov/ Veterans Employment Opportunity Act (VEOA): To be eligible for a VEOA appointment under Merit Promotion procedures, the veteran must be a preference eligible or a veteran separated after 3 years or more of continuous active service performed under honorable conditions. Noncompetitive Appointment Authorities: For more information on noncompetitive appointment authority eligibility requirements visit the following websites: Persons with Disabilities-Schedule A Special Hiring Authorities for Veterans Special Hiring Authority for Certain Military Spouses Other Special Appointment Authorities Reasonable Accommodation Requests: The National Gallery of Art provides reasonable accommodation to applicants with disabilities. If you need an accommodation for any part of the application and hiring process, please notify the contact person listed in this announcement.