HiringCafe
Posted 14h ago

IT Spec (Infosec), GS-2210-14, FPL 14 (DH) (Open-Continuous)

@ Federal Student Aid
View All Jobs
District of Columbia, District of Columbia, United States
$144k-$187k/yrOnsiteFull Time
Responsibilities:leading cybersecurity, managing compliance, conducting assessments
Requirements Summary:Experience leading enterprise cybersecurity and compliance programs (FISMA, FedRAMP, NIST), ATO/RMF implementation, incident response, ERM and audit readiness; strong written and oral communication and leadership.
Technical Tools Mentioned:Federal Information Security Modernization Act (FISMA), Federal Risk and Authorization Management Program (FedRAMP), Department of Homeland Security Binding Operational Directives (DHS BODs), NIST SP 800-53, NIST SP 800-171, Risk Management Framework (RMF), Authority to Operate (ATO), Operational Security Assessment (OSA), Internal Revenue Service (IRS) Publication 1075, Gramm-Leach-Bliley Act (GLBA), Enterprise Risk Management (ERM)
Save
Mark Applied
Hide Job
Report & Hide
Job Description
Security Clearance

Other

Duties

This is an open continuous announcement to fill current and future vacancies, until 08/14/2026. This is an open continuous announcement with cutoff dates. Applications will be referred based on receipt of application and established cutoff dates as follows: 1st cutoff date: 07/10/2026 2nd cutoff date: 07/20/2026 Last cutoff date: 07/30/2026 We encourage you to read this entire vacancy announcement prior to submitting your application. As a IT Spec (INFOSEC), GS-2210-14, you will be responsible for: • Leading enterprise cybersecurity program oversight across the Federal Student Aid (FSA) environment with in‐depth knowledge of the Federal Information Security Modernization Act (FISMA), Federal Risk and Authorization Management Program (FedRAMP), Department of Homeland Security Binding Operational Directives (DHS BODs), and related federal directives; ensure stakeholder security requirements are implemented across Zero Trust, segmented, and cloud architectures; and advise senior leadership on emerging threats and overall enterprise security posture. • Managing enterprise safeguards and compliance programs with expert knowledge of Internal Revenue Service (IRS) Publication 1075, Gramm Leach Bliley Act (GLBA) Safeguards Rule, NIST Special Publication (SP) 800 53, and NIST SP 800 171; oversee implementation and continuous monitoring of required controls across systems processing Federal Tax Information (FTI) and Controlled Unclassified information (CUI); and lead the full NIST SP 800 171 compliance lifecycle for Institutions of Higher Education (IHE). • Directing and leading Authority to Operate (ATO) and Operational Security Assessment (OSA) processes; perform Risk Management Framework (RMF)-aligned risk assessments, impact analyses, control evaluations, and continuous monitoring; serve as the technical authority for enterprise risk posture with strong skill in ATO, Enterprise Risk Management (ERM), continuous monitoring, and enterprise risk analysis; and provide authoritative recommendations supported by strong written and oral communication and leadership. • Overseeing incident response & compliance case management: triage, investigation, documentation, corrective action tracking, and regulatory reporting; provide senior advisory support during high risk events affecting significant data/systems. • Driving enterprise risk management artifacts (risk register, dashboards), committee support (Enterprise Cyber Risk Committee (ECRC), Chief Technology Officer (CTO) Risk Committee), training, and cybersecurity communications; manage Enterprise Risk Management (ERM) tool and user support.

Requirements

Condition of Employment: As a condition of employment for accepting this position, you may be required to serve a probationary period or trial period during which we will evaluate your fitness and whether your continued employment advances the public interest. In determining if your employment advances the public interest, we may consider: • your performance and conduct; • the needs and interests of the agency; • whether your continued employment would advance organizational goals of the agency or the Government; and • whether your continued employment would advance the efficiency of the Federal service. Upon completion of your probationary period OR trial period your employment will be terminated unless you receive certification, in writing, that your continued employment advances the public interest. You must meet all qualification requirements within 30 days of the closing date of this vacancy announcement. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community, student, social). Volunteer work helps build critical competencies, knowledge, and skills, and can provide valuable training and experience that translates directly to paid employment. We will consider all qualifying experience, including any volunteer experience.

Qualifications

Minimum Qualification Requirements You may meet the minimum qualifications for the GS-14, if you possess the specialized experience. Specialized Experience for the GS-14 One year of experience in either federal or non-federal service that is equivalent to at least a GS-13 performing two (2) out of three (3) of the following duties or work assignments: 1. Experience managing cybersecurity compliance programs (e.g., NIST SP 800 171, Gramm‐Leach‐Bliley Act (GLBA), Federal Tax Information (FTI)) in complex enterprise or higher education environments; coordinating controls, assessments, and audit readiness. 2. Experience leading federal or private cybersecurity audits, producing corrective action plans (CAPs), interpreting findings, and coordinating remediation across multiple stakeholders. 3. Experience developing and executing enterprise cybersecurity training, governance artifacts (risk registers, dashboards), and documentation in support of Enterprise Risk Management (ERM) and committee reporting. Basic Experience Requirements You must possess IT related experience (paid or unpaid experience and/or completion of specific, intensive training (e.g., IT certification), as appropriate) demonstrating each of the nine competencies listed below. 1. Attention to Detail - Is thorough when performing work and conscientious about attending to detail. 2. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. 3. Decision Making - Makes sound, well-informed, and objective decisions; perceives the impact and implications of decisions; commits to action, even in uncertain situations, to accomplish organizational goals; causes change. 4. Information Management - Identifies a need for and knows where or how to gather information; organizes and maintains information or information management systems. 5. Interpersonal Skills - Shows understanding, friendliness, courtesy, tact, empathy, concern, and politeness to others; develops and maintains effective relationships with others; may include effectively dealing with individuals who are difficult, hostile, or distressed; relates well to people from varied backgrounds and different situations 6. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. 7. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. 8. Teamwork - Encourages and facilitates cooperation, pride, trust, and group identity; fosters commitment and team spirit; works with others to achieve goals. 9. Technical Competence – Uses knowledge that is acquired through formal training or on-the-job experience to perform one's job; works with, understands, and evaluates technical information related to the job; advises others on technical issues. Knowledge, Skills, and Abilities (KSAs) The quality of your experience will be measured by the extent to which you possess the following knowledge, skills and abilities (KSAs). You do not need to provide separate narrative responses to these KSAs, as they will be measured by your responses to the occupational questionnaire (you may preview the occupational questionnaire by clicking the link at the end of the Evaluations section of this vacancy announcement). 1. Knowledge of enterprise security programs, risk mitigation, vulnerability management, penetration testing coordination, and executive communication. 2. Ability to interpret federal cybersecurity regulations; experience implementing controls and audit readiness for Federal Tax Information (FTI)/Controlled Unclassified Information (CUI) environments. 3. Skill in Risk Management Framework (RMF) / Authority to Operate (ATO), continuous monitoring, and enterprise risk analysis and communication 4. Skill in Incident handling, regulatory reporting, stakeholder coordination, escalation leadership. 5. Knowledge of ERM frameworks, governance, training development, tooling administration.

Education

Education cannot be substituted for experience for this position and grade level.

Other Information

Veterans' Career Counseling: If you are a veteran interested in receiving tips on preparing a Federal resume and/or how to prepare for an interview, you may email [email protected] to schedule a session with a career counselor (“Veterans Counseling Session” should be placed in the subject line of the email). Student Loan Default: If selected for this position, we will verify that you have not defaulted on any loan funded or guaranteed by the U.S. Department of Education. If you are found to be in default, we will contact you to make arrangements for repayment prior to making an official offer of employment. Suitability and Investigation: If selected for this position, you will be required to complete the Declaration for Federal Employment (OF-306) to determine your suitability for federal employment and successfully complete a pre-appointment investigation/background check. Essential/Non-Essential: This position is considered essential for purposes of reporting to work during federal government closures. Financial Disclosure: This position does not require financial disclosure. Bargaining Unit: This position is not included in the bargaining unit. Selections: Agencies have broad authority under law to hire from any appropriate source of eligibles and may fill a vacancy in the competitive service by any method authorized. We may make additional selections from this vacancy announcement within 90 days from the date the selection certificates are issued, should vacancies occur. We may also share selection certificates amongst program offices across the agency. Preferred certifications: Certified Information Systems Security Professional (CISSP) or Certified Information Systems Auditor (CISA) professional certification in IT Security or IT Risk from a recognized, credentialed, professional association.