The incumbent serves as as member of the Office of Information and Technology (OIT); Office of Information Security (OIS), Information Security Operations (ISO), Enterprise Security Operations (ESO); Data Center Support Division (DCSD) as a National Data Center Information System Security Officer (NDC ISSO) and ensures al National Data Centers in their area of responsibility (AOR) are in compliance with all information security laws and regulations.
To qualify for this position, all qualification requirements must be met by the closing date of this announcement-08/11/2025. Time-In-Grade Requirement: Applicants who are current Federal employees and have held a GS grade any time in the past 52 weeks must also meet time-in-grade requirements by the closing date of this announcement. For the GS-13 position you must have served 52 weeks at the GS-12. The grade may have been in any occupation, but must have been held in the Federal service. An SF-50 that shows your time-in-grade eligibility must be submitted with your application materials. If the most recent SF-50 has an effective date within the past year, it may not clearly demonstrate you possess one-year time-in-grade, as required by the announcement. In this instance, you must provide an additional SF-50 that clearly demonstrates one-year time-in-grade. Applicants must meet all requirements when a request is received to fill a vacancy. You may qualify based on your experience as described below: Basic Requirements Experience: Experience must be IT related; the experience may be demonstrated by paid or unpaid experience and/or completion of specific, intensive training (for example, IT certification), as appropriate. For all positions individuals must have IT-related experience demonstrating each of the five competencies listed below. The employing agency is responsible for identifying the specific level of proficiency required for each competency at each grade level based on the requirements of the position being filled. Attention to Detail - Is thorough when performing work and conscientious about attending to detail. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. -AND- Specialized Experience: You must have one year of specialized experience equivalent to at least the next lower grade GS-12 in the normal line of progression for the occupation in the organization. Specialized experience is defined as: ability to apply NDC security and network management procedures, concepts and methods sufficient to support mandated risk and vulnerability protection policies associated with all information systems and cloud environments within the assigned NDC IT enterprise architecture. Skill in coordinating, monitoring and overseeing information systems and cloud environment security for NDC's Expert knowledge of the OIT organizational structure, IT architecture, EO ITC IT protocol, Cloud Service environments, VBA Regional Offices, VHA Medical Centers, NDC stakeholders, etc. Skill in applying new state of the art IT security advances and cloud security methodologies as well as project management principles and methods. Comprehensive knowledge of the Federal Information Security Management Act (FISMA), Federal Information Systems Controls Consolidated Audit Manual (FISCAM), Health Insurance Portability and Accountability Act HIPAA, Federal Risk and Authorization Management Program (FedRAMP), Interagency Program Office (IPO), and a myriad of operating systems, including but not limited to: Virtual Memory System operating system (VMS), Windows Server, and zOS. Comprehensive knowledge of IT Network management, Systems Administration and the Assessment and Authorization (AA) processes. Knowledge of physical, managerial, and operational controls associated with protecting the confidentiality, integrity, and availability of protected VA information. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religions; spiritual; community; student; social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience. Note: A full year of work is considered to be 35-40 hours of work per week. Part-time experience will be credited on the basis of time actually spent in appropriate activities. Applicants wishing to receive credit for such experience must indicate clearly the nature of their duties and responsibilities in each position and the number of hours a week spent in such employment. Veterans and Transitioning Service Members: Please visit the VA for Vets site for career-search tools for Veterans seeking employment at VA, career development services for our existing Veterans, and coaching and reintegration support for military service members.
OIT Mission: The mission of the Office of Information and Technology (OIT) is to collaborate with our business partners to create the best experience for all Veterans. OIT Vision: To become a world-class organization that provides a seamless, unified Veteran experience through the delivery of state-of-the-art technology. Major Duties: Serves as a National Data Center Information System Security Officer (NDC ISSO) and, within the ESO, Data Center Support Division (DCSD). The incumbent administers National Data Center (NDC) information security programs, through planning, analysis, development, implementation, maintenance, and enhancement of information systems programs, policies, procedures, and tools, under the leadership of the Deputy Director, DCSD. Communicates security processes and methodology for NDCs located throughout the department, and shares methodology, processes, and procedures with affected stakeholders for joint understanding and common baselines. Coordinates Assessment and Authorization (AA) activities for NDCs in conjunction with Infrastructure Operations (IO), Service Delivery and Engineering (SDE), Enterprise Systems Engineers, CyberSecurity Operations Center (CSOC), OIT Directors, ESO District Information Security Directors, DCSD Deputy Director, Network ISSMs, and facility ISSOs. Assists with the development, recommendations, and implementation of procedures and standards within their AOR, and provides an appropriate level of security, centered on acceptable risk, and industry best practices. Coordinates NDC Disaster Recovery efforts, contingency planning, and testing of approaches for: incorporating NDC contingency planning into local plans; testing site's disaster recovery plan; assessing the type of recovery required; assist in implementing recovery priorities; integrating all recovery actions. Performs planning and assessment tasks by developing security for information systems, contingency plans and disaster recovery procedures. Recommends and contributes to developing policies and procedures regarding prevention of unauthorized access to NDC systems, networks, and data. Conducts risk and vulnerability assessments to identify vulnerabilities, risks, and protection needs. Conducts enterprise systems security evaluations, audits, and reviews. Performs specialized enterprise project management and oversight by guiding projects; determining time frames, assignments, and processes to apply in achieving project milestones. Identifies and implements solutions regarding assignment issues, consulting with supervisor when appropriate. Performs problem solving by contributing to the resolution of information security issues, applying relevant security principles and practices to develop compensating controls or solve operational issues. Provides advice and technical support to the Deputy Director, Data Center Support Division on security related issues. Champions security awareness by promoting awareness of security requirements among employees located in data centers and VA facilities. Ensures sound security principles are reflected in all tasks to be accomplished (independently undertaken and group /team projects). Assesses security events to determine impact; select and implement corrective action as well as, gather and analyze data to provide focused reports on security compliance to appropriate oversight organizations. Ensures that IT security weaknesses identified in external or internal audits are documented. Ensure that issues are mitigated or risk is acceptable to ensure the integrity of IT systems and the employees who work with those systems. Position Description/PD#: IT Specialist (Infosec)/PD09173A Relocation/Recruitment Incentives: Not Authorized Permanent Change of Station (PCS): Not Authorized Financial Disclosure Report: Not Required Travel Required: Occasional travel may be required as needed for this position. Work Schedule: Monday - Friday, 8AM-4:30PM; Tour of duty will be determined based on organizational needs. Compressed/Flexible: As determined by the Agency Policy Virtual: This is not a virtual position. Physical Demands: The work performed is primarily sedentary in nature. Some work may require walking and standing in conjunction with travel and to attendance at meetings and conferences away from the work site. May carry light items such as papers, books, or small parts, or drive a motor vehicle. The work does not require any special physical effort. Working Conditions: The work is performed in a well-lighted and climate-controlled office environment that involves everyday risks or discomforts that require normal safety precautions. Employee may occasionally be exposed to uncomfortable conditions in such places as research and productions facilities.