IT Cybersecurity Specialist

Summary

The National Gallery of Art welcomes all people to explore art, creativity, and our shared humanity. Millions of people come through our doors each year, with even more online, making us one of the most visited art museums in the world. Our renowned collection includes over 160,000 works of art, from the ancient world to today. Admission to the West and East Buildings, Sculpture Garden, special exhibitions, and public programs is always free.

Duties

• The Gallery's Digital Solutions division (TDS) reports to the Gallery's Treasurer and provides IT solutions, services and innovation. This Information System Security Officer (ISSO) position reports to the Chief Information Security Officer (CISO) and maintains a secure operating environment for business applications including the continuous monitoring of information technology assets, services and processes to which they are assigned. Duties for this position include Maintain the Gallery catalog of IT enterprise and departmental systems with information including but not limited to: (i) system points of contact, (ii) vendor point of contact, (iii) Tier, (iv) location, (v) type (i.e., Cloud, on-premise, hybrid, colocation, etc.). Review vendor capabilities and security posture for potentially new IT systems/applications/services and provide recommendation on risk to the Gallery. Collaborate with the CISO, CIO, system managers, and other stakeholders to finalize IT security requirements for third-party IT systems/applications/services. Ensure vendors/contractors/providers comply with the Gallery IT security policies and procedures established as part of the third-party risk management program. Work with the Gallery's Contracts and Procurement Office (APC) to ensure all applicable IT security requirement. Review results of vulnerability scans (internal or third-party) for third-party applications/systems/devices and work with the appropriate system managers and operations (TDS-OPS) personnel to remediate critical and high vulnerabilities. Support the triage of potential security incidents related to third-party breaches, following the established IT security incident response process, and supporting remediation efforts.

Qualifications

Basic Requirements This standard allows eligibility through meeting either the requirements specified in the section titled Education or the requirements specified in the section titled Experience. Education: All academic degrees and coursework must be from accredited or pre-accredited institutions Undergraduate or Graduate Education: Degree in computer science, engineering, information science, information systems management, mathematics, operations research, statistics, or technology management or degree that provided a minimum of 24 semester hours in one or more of the fields identified above and required the development or adaptation of applications, systems or networks. OR GS-5 through GS-15 (or equivalent): For all positions individuals must have IT-related experience demonstrating each of the four competencies listed below. The employing agency is responsible for identifying the specific level of proficiency required for each competency at each grade level based on the requirements of the position being filled. Attention to Detail - Is thorough when performing work and conscientious about attending to detail. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to gen AND Specialized Experience for GS-7 (or equivalent) and Above: Positions at GS-7 (or equivalent) and above require one year of specialized experience at the next lower GS-grade (or equivalent). Specialized experience is experience that has equipped the applicant with the particular competencies/knowledge, skills, and abilities to successfully perform the duties of the position and is typically in or related to the work of the position to be filled. Such experience is typically gained in the IT field or through the performance of work where the primary concern is IT. The employing agency is responsible for defining the specialized experience based on the requirements of the position being filled. Information Technology (IT) Management Series 2210 Specialized Experience Statement: To qualify for the GS-13 level, you need to have at least one year of full-time experience equivalent to the GS-12 level defined as: experience assessing and managing third-party cybersecurity risks associated with vendor-managed services, cloud service providers, software-as-a-service (SaaS) platforms, and other externally hosted systems and applications; conducting security reviews to identify and mitigate vulnerabilities; implementing vulnerability management processes; and recommending safeguards to protect information systems, networks, and organizational data OPM Qualifications Standard: You must meet all qualification and eligibility requirements by the closing date of this announcement. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community, student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience.

Education

This position does not have an education requirement.

Requirements

Qualification requirements must be met by the closing date of the announcement. For information on qualification requirements, see Qualification Standards Handbook for General Schedule Positions viewable on OPM Website. It is your responsibility to ensure that you submit appropriate documentation prior to the closing date. Your resume serves as the basis for qualification determinations and must highlight your most relevant and significant experience as it relates to this job announcement. Be clear and specific when describing your work history since human resources cannot make assumptions regarding your experience. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community, student, social). Your resume must include the dates of all qualifying experience (from month/year to month/year) and the number of hours worked/volunteered per week.

Key requirements

• You must be a United States Citizen.
• This employer participates in the e-Verify program.
• Males born after 12/31/59 must be registered for Selective Service
• Pass Pre-employment Background Investigation
• Suitable for Federal employment, determined by a background investigation
• May be required to successfully complete a probationary period

Evaluations

Your resume will be used to evaluate your experience, education, and/or training that address the competencies below: Attention to Detail, Customer Service, Decision Making, Information Management, Interpersonnal Skills, Oral Communication, Problem Solving, Team Work, Technical Competence. • Information Systems/Network Security - Knowledge of methods, tools, and procedures, including development of information security plans, to prevent information systems vulnerabilities, and provide or restore security of information systems and network services. • Information Assurance - Knowledge of methods and procedures to protect information systems and data by ensuring their availability, authentication, confidentiality, and integrity. • Technology Awareness - Knowledge of developments and new applications of information technology (hardware, software, telecommunications), emerging technologies and their applications to business processes, and applications and implementation of information systems to meet organizational requirements. This announcement is issued under the "direct-hire" authority. Consistent with 5 U.S.C. 3304(a)(3) and OPM regulations (5 CFR 337 Subpart B) on direct-hire: All candidates who meet all the qualifications and other eligibility requirements may be referred for consideration. Competitive examining rules providing for rating and ranking and veterans' preference do not apply. Overstating your qualifications and/or experience in your application materials or application questionnaire may result in your removal from consideration. Cheating on an assessment may also result in your removal from consideration. Note: Applicants who are referred to the hiring office for selection consideration may be required to submit writing and/or work samples as part of the interview/selection process. If the hiring office decides to request a writing and/or work sample as part of its selection process, the vacancy contact will reach out to you by email to: (1) inform you of this requirement; and (2) provide further instructions. You may preview questions for this vacancy.

How to apply

Please read the entire announcement and all the instructions before you begin an application. To apply and be considered for this position, you must complete all required questionnaires, assessments and submit all required documentation as specified in the How to Apply and Required Documents section. The application process is as follows: Click on the "Apply Online" button on the upper right side of the page. You must have a USAJOBS account and be logged in. You must have a completed resume no more than 2 pages. (You may use the Resume Builder in USAJOBS) You must respond to all applicant assessment questions, carefully following all instructions provided. You will be able to upload additional supporting documentation, which may include, but not limited to transcripts, notification of personnel actions (SF-50), certifications and verification of veterans status (SF-15, DD-214) The complete application package, including any additional supporting documents required for this position is due in the National Gallery of Art Personnel Office on the closing date of the announcement by 11:59 PM Eastern Time. NOTE: Applicants who cannot apply on-line must request a hard copy application packet from the Agency Contact listed in the vacancy announcement. Resumes and/or supporting documentation alone will not be considered without the inclusion of a hard copy application packet. The complete package is due no later than 5:30 PM Eastern Time on the closing date of this announcement. The National Gallery of Art receives many applications for each job. Each application is reviewed carefully which may take a few weeks. You may also check your application status by logging into www.usajobs.gov and selecting the tab "My USAJOBS".

What to expect next

After each step in the recruitment process, your status will be updated in our application tracking system. Once this happens, if you have elected to receive e-mail updates, you will be notified through your USAJOBS registered e-mail address. If you have not elected e-mail updates, you can review your current application status in USAJOBS at any time. Please check that your USAJOBS profile contact information is current and correct each time you apply to a job--this will ensure we are able to contact you as quickly as possible. In addition to changing your status online, we will send you e-mail notifications at each major step in the process, to include; application received, eligible or not eligible, referred or not referred, selected or not selected. For Fair Chance Act Covered Positions: An agency may not request, orally, in writing, or electronically through the USA Jobs website or other electronic means, that an applicant for appointment for a position in the civil service disclose criminal history record information before the appointing agency extends a conditional offer of employment. If you believe you were asked about your criminal history improperly, contact the agency or visit https://www.opm.gov/about-us/careers-at-opm/opportunities/

Required documents

To apply for this position, you must provide a complete Application Package which includes: Your Resume (no more than 2 pages) showing the applicant's name, email address, work schedule, hours worked per week, dates of employment, and duties performed to include pay plan, series, and grade level for relevant federal experience. Your resume must show complete information for each job entry to support minimum qualifications. Do not include the following types of information in your resume: Classified or government sensitive information Social Security Number (SSN) Photos of yourself Personal information, such as age, gender, religious affiliation, etc. Encrypted and digitally signed documents Other supporting documents: Cover Letter, optional Most recent Performance Appraisal, optional Veterans' Preference documentation, if applicable (e.g. DD-214 Member Copy 4 showing type of discharge/character of service; Current Active Duty members must submit a certification of expected discharge or release from active duty under honorable conditions dated within 120 days; SF-15 Form and related documentation; VA letter.) If you are a veteran and you are claiming 5-point veterans' preference, you must submit a copy of your DD-214 or other proof of eligibility. If you are a veteran and you are claiming 10-point veterans' preference, you must also submit an SF-15, "Application for 10-Point Veterans' Preference" plus the proof required by that form. For more information on veterans' preference click here. Failure to submit any of the above-mentioned required documents may result in loss of consideration due to an incomplete application package.

Benefits

The Federal Government offers a comprehensive benefits package. Please see Benefits at https://www.si.edu/OHR/benefits for a complete description. Flexible Spending Accounts - https://www.fsafeds.com/ Health Insurance - http://www.opm.gov/insure/health/index.asp Leave - http://www.opm.gov/oca/leave/index.asp Life Insurance - http://www.opm.gov/insure/life/index.asp Retirement Program - https://www.opm.gov/retirement-services/

Other information

The National Gallery of Art fosters a diverse and inclusive workplace and is an Equal Opportunity Employer. EEO Policy: https://help.usajobs.gov/equal-employment-opportunity This position is not included in the bargaining unit. Relocation expenses will not be paid. Candidates should be committed to improving the efficiency of the Federal government, passionate about the ideals of our American republic, and committed to upholding the rule of law and the United States Constitution. Reasonable Accommodation Policy: https://help.usajobs.gov/reasonable-accommodation Veterans Information: https://help.usajobs.gov/working-in-government/unique-hiring-paths/veterans Selective Service Registration: http://www.sss.gov/ Veterans Employment Opportunity Act (VEOA): To be eligible for a VEOA appointment under Merit Promotion procedures, the veteran must be a preference eligible or a veteran separated after 3 years or more of continuous active service performed under honorable conditions. Noncompetitive Appointment Authorities: For more information on noncompetitive appointment authority eligibility requirements visit the following websites: Persons with Disabilities-Schedule A Special Hiring Authorities for Veterans Special Hiring Authority for Certain Military Spouses Other Special Appointment Authorities Reasonable Accommodation Requests: The National Gallery of Art provides reasonable accommodation to applicants with disabilities. If you need an accommodation for any part of the application and hiring process, please notify the contact person listed in this announcement.