The Information System Security Officer (ISSO) is a position in
the Office of Information Technology (OIT), ITOPS, ESO. In this
position, you will support either a VA facility or specified
program area of responsibility and reports to either the
Information System Security Manager (ISSM) or District Information
Security Director (DISD) as the ESO Executive Director deems
Learn more about this agency
This is not a bargaining unit position
Please read this public notice in its entirety prior to
submitting your application.
Vacancies may not presently exist but may become available at
any point during the opening period of this vacancy announcement.
We will not review applicant resumes until there is a request to
fill a vacancy.
You are applying to a public notice to fill current and future
vacancies. Please note, there may or may not be actual/projected
vacancies when you submit your application. Your resume and any
supporting documentation will be retained with other applicants and
reviewed as vacancies occur. You will not receive a notice
regarding your application's status other than the initial
acknowledgment until a request is received to fill a position.
Once a request to fill a vacancy is received, we will review
applicants in increments of 100 in application date order. We will
refer qualified applicants to the selecting official for
consideration. The organization's hiring need will determine the
referral of additional applicants. Applicants will be notified
about their application's status if referred or if we fill all
This position is primarily aligned to the following NICE
Cybersecurity Workforce Framework work roles: "OPM Cyber Code 722 -
Information Systems Security Manager. For more information about
these work roles, where they fit within the larger Cyber Workforce,
and how they can support your unique career journey, please visit
the Cyber Career Pathways tool on the National Initiative for
Cybersecurity Careers and Studies website (https://niccs.us-cert.gov/workforce-development/cyber-career-pathways)
Work Schedule: Monday - Friday 8:00am - 4:30pm
Virtual: Not a virtual position
Relocation/Recruitment Incentives: Not Authorized
Financial Disclosure Report: Not Required
Compressed/Flexible Schedule: May be available
Position Description Title/PD#: IT Specialist (INFOSEC)/PD#
Physical Requirements: The work is primarily sedentary in
nature. No special physical demands are required to perform the
Promotion Potential: The selectee may be promoted to the full
performance level without further competition when all regulatory,
qualification, and performance requirements are met. Selection at a
lower grade level does not guarantee promotion to the full
This position involves a multi-grade career ladder. The major
duties listed below represent the full performance level of GS-12.
At the GS-11 grade level, you will perform assignments of a more
limited scope and with less independence. You will progressively
acquire the background necessary to perform at the full performance
level of GS-12. Promotion is at the discretion of the supervisor
and is contingent upon satisfactory performance, availability of
higher level work, and availability of funds.
- Actively participate in network and systems design to ensure
implementation of viable systems security policies and
- Conduct systems security evaluations, audits and reviews; and
develop Automated Information Systems (AIS) security contingency
plans and disaster recovery procedures, as part of the local
business continuity team
- Monitor and track controlled access programs to ensure
implementation and viability of appropriate systems security
policies, as well as the acquisition of IT security tools
- Investigate local AIS programs to identify possible breach of
security and/or other violations
- Conduct vulnerability analysis and risk assessment studies of
planned and installed information systems to assure that local AIS
security plans and policies established are adequate for protection
needs and comply as required by statute
Occasional travel - You may be expected to travel for this
position 10% of the time
2210 Information Technology Management
Conditions of Employment
- You must be a U.S. citizen to apply for this job
- Subject to a background/suitability investigation
- Designated and/or random drug testing may be required
- May serve a probationary period
- Selective Service Registration is required for males born after
- A complete application package; Resume, Transcripts, etc.
- Selected applicants will be required to complete an online
To qualify for this position, applicants must meet all
requirements by the closing date of this announcement.
Selective Placement Factor: This position includes a skill,
knowledge, ability or other worker characteristic basic to -and
essential for- satisfactory performance of the job. Selective
Placement Factors are a prerequisite to appointment and represent
minimum requirements for a position. Applicants who do not meet it
are ineligible for further consideration. Evidence of the Selective
Placement Factor must be reflected in your resume.
The Selective Placement Factor for this position is: Experience
and knowledge in the application of information security guidance
and laws pertaining to any of the following: National Institute of
Standards and Technology (NIST) Special Publications, Federal
Information Processing Standards (FIPS), Federal Information
Security Modernization Act of 2014 (FISMA), Risk Management
Framework (RMF), DODInformation assurance Certification and
Accreditation Process (DIACAP), Sarbanes-Oxley (SOX), SAS-70.
You may qualify based on your education/experience, as described
For all grade levels for this position individuals must have
IT-related experience demonstrating each of the four competencies
1) Attention to Detail - Is thorough when performing work and
conscientious about attending to detail.
2) Customer Service - Works with clients and customers (that is,
any individuals who use or receive the services or products that
your work unit produces, including the general public, individuals
who work in the agency, other agencies, or organizations outside
the Government) to assess their needs, provide information or
assistance, resolve their problems, or satisfy their expectations;
knows about available products and services; is committed to
providing quality products and services.
3) Oral Communication - Expresses information (for example,
ideas or facts) to individuals or groups effectively, taking into
account the audience and nature of the information (for example,
technical, sensitive, controversial); makes clear and convincing
oral presentations; listens to others, attends to nonverbal cues,
and responds appropriately.
4) Problem Solving - Identifies problems; determines accuracy
and relevance of information; uses sound judgment to generate and
evaluate alternatives, and to make recommendations.
Specialized Experience: You must have one year of specialized
experience equivalent to the next lower grade level in the federal
service; experience that equipped the applicant with the particular
knowledge, skills and abilities (KSA's) and other characteristics
to perform successfully the duties of the position, and that is
typically in or related to the work of the position to be filled,
in the normal line of progression for the occupation in the
GS-11 grade level: One year of specialized experience
(equivalent to the GS-9 grade level in the federal service).
Specialized experience includes: conducting systems security
evaluations and reviews of policy enforcement practices to ensure
secure information systems reliability and accessibility;
evaluating local Automated Information System (AIS) security
program(s) to protect AIS from unauthorized access.
GS-12 grade level: One year of specialized experience
(equivalent to the GS-11 grade level in the federal service).
Specialized experience includes: developing procedures and
conducting systems security evaluations, audits and reviews of
policy enforcement practices to ensure secure information systems
reliability and accessibility; developing Automated Information
Systems (AIS) security contingency plans and disaster recovery
procedures as part of a local business continuity team.
Education: Applicants may substitute education for the
experience required for the GS-11level. (Transcripts Required)
For the GS-11, you must have a Ph.D. or equivalent doctoral
degree; or 3 full years of progressively higher level graduate
education leading to a Ph.D. or equivalent doctoral degree.
There is no educational substitution for the GS-12 level.
Note: Undergraduate and graduate degrees must be in computer
science, engineering, information science, information systems
management, mathematics, operations research, statistics, or
technology management or degree that provided a minimum of 24
semester hours in one or more of the fields identified above and
required the development or adaptation of applications, systems or
networks. (Transcripts Required)
Experience refers to paid and unpaid experience, including
volunteer work done through National Service programs (e.g., Peace
Corps, AmeriCorps) and other organizations (e.g., professional;
philanthropic; religions; spiritual; community; student; social).
Volunteer work helps build critical competencies, knowledge, and
skills and can provide valuable training and experience that
translates directly to paid employment. You will receive credit for
all qualifying experience, including volunteer experience.
Note: Only education or degrees recognized by the U.S.
Department of Education from accredited colleges, universities,
schools, or institutions may be used to qualify for Federal
employment. You can verify your education here: http://ope.ed.gov/accreditation/.
If you are using foreign education to meet qualification
requirements, you must send a Certificate of Foreign Equivalency
with your transcript in order to receive credit for that