This announcement may be used to fill similar positions at the Federal Retirement Thrift Investment Board (FRTIB) in the same location. The position is filled under the government-wide Direct Hire Authority for Cybersecurity roles, which allows agencies to hire without applying certain category rating and veterans' preference rules.
This announcement is issued under the Direct-Hire Authority (DHA) to recruit for positions for which there is a critical hiring need. Appointee(s) will receive a career or career-conditional appointment in the competitive service and may be required to serve a one-year probationary period. Under this DHA announcement applicants who meet the basic qualification requirements will be forwarded to the Selecting Official. Veterans' preference, Category Rating and traditional rating and ranking of applicants do not apply under the Direct-Hire Authority. To qualify for this position applicants must meet the Basic Experience requirement and the Specialized Experience as described below. To qualify for this position, applicants must meet the Basic Experience requirement and the Specialized Experience as described below. Basic Experience: Experience must be IT related; the experience may be demonstrated by paid or unpaid experience and/or completion of specific, intensive training (for example, IT certification), as appropriate. For all positions individuals must have IT-related experience demonstrating each of the four competencies listed below. The employing agency is responsible for identifying the specific level of proficiency required for each competency at each grade level based on the requirements of the position being filled. Attention to Detail - Is thorough when performing work and conscientious about attending to detail. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. Specialized Experience: Applicants must have at least one year of full-time specialized work experience comparable in scope and responsibility to the next lower level, GS-13, in the federal government. Specialized experience is defined as: Leading cybersecurity risk management initiatives for enterprise-scale information systems to ensure security controls are properly implemented, documented, and aligned with industry-recognized cybersecurity frameworks and organizational security objectives. Directing cross-functional cybersecurity teams and guiding system owners, security specialists, and technical experts to ensure security requirements are understood, executed, and maintained throughout the system lifecycle. Assessing system architecture, technologies, and software solutions to identify vulnerabilities, evaluate security implications, and recommend risk-based strategies that strengthen system resilience and support informed decision-making. Overseeing independent security evaluations and validating security documentation and remediation plans to confirm accuracy, completeness, and effectiveness, enabling senior leadership to make well-supported risk acceptance and operational readiness decisions. *Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations. Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience. A full year of work is considered to be 35-40 hours of work per week. Part-time experience will be credited on the basis of time actually spent in appropriate activities. Applicants wishing to receive credit for such experience must indicate clearly the nature of their duties and responsibilities in each position and the number of hours a week spent in such employment.
Manage the security status and authorization of assigned systems under the Federal Information Security Modernization Act (FISMA).
Oversee the Risk Management Framework (RMF) process for assigned systems, following National Institute of Standards and Technology (NIST) guidance and federal requirements.
Track Plans of Action and Milestones (POA/M), address risks, and complete annual security control reviews on time.
Work with offices and teams to create required system documentation, such as contingency plans and other materials for Security Assessment and Authorization (SA/A).
Provide cybersecurity advice to Business Owners (BOs), System Owners (SOs), technical teams, and Information System Security Officers (ISSOs).