Join the U.S. Department of Education, Federal Student Aid in Washington, DC, onsite, to lead enterprise cybersecurity program oversight, risk management, and information security governance across the FSA environment. This IT Specialist (InfoSec) role supports modernization of IT systems serving millions of students and billions in aid, with a competitive annual salary from USD 143,913 to 187,093.
Benefits
- Family‑friendly work environment with excused leave for Parent and Teacher Conferences (3 hours)
- Excused leave for annual health screenings (4 hours)
- Matching leave for community volunteer service
- Alternative work schedules
- Potential recruitment incentive with service agreement
- Potential relocation incentive with service agreement
- Possible participation in the Student Loan Repayment Program with service agreement
Responsibilities
- Provide enterprise cybersecurity program oversight across the FSA environment, aligning with FISMA, FedRAMP, DHS BODs and related directives; ensure stakeholder security requirements are implemented across Zero Trust, segmented and cloud architectures; advise senior leadership on security matters
- Manage enterprise safeguards and compliance programs with knowledge of IRS Publication 1075, GLBA Safeguards Rule, NIST SP 800-53 and SP 800-171; oversee implementation and continuous monitoring of controls across systems handling Federal Tax Information and Controlled Unclassified Information; lead the full NIST SP 800-171 compliance lifecycle for Institutions of Higher Education
- Direct Authority to Operate and Operational Security Assessment processes; conduct RMF-aligned risk assessments, impact analyses, control evaluations and continuous monitoring; serve as technical authority for enterprise risk posture with expertise in ATO, ERM and risk analysis; provide clear written and oral guidance
- Oversee incident response and compliance case management including triage, investigation, documentation, corrective action tracking, and regulatory reporting; provide senior advisory support during high risk events
- Drive artifacts for enterprise risk management (risk registers, dashboards), support governance through Enterprise Cyber Risk Committee and CTO Risk Committee, deliver training and cybersecurity communications; manage the ERM tool and user support
Requirements
- Relocation will not be paid
- Possible one year probationary period
- Males 18 and over must be registered with Selective Service
- U.S. Citizenship required
- Background investigation and fingerprint check required
- Drug testing position
- Must meet all qualification requirements within 30 days of the vacancy closing date
Technologies
- FISMA
- FedRAMP
- DHS Binding Operational Directives
- RMF
- ATO
- OSA
- NIST SP 800-53
- NIST SP 800-171
- IRS Publication 1075
- GLBA Safeguards Rule
Open To
- The public: U.S. Citizens, Nationals or those who owe allegiance to the United States
- Career transition (CTAP ICTAP RPL): Federal employees whose position was eliminated and who are eligible for priority consideration
Clarification from the Agency
This announcement is open to all U.S. Citizens and may be filled through Direct Hire Authority for IT Specialist positions. All applicants who meet the qualifications will be forwarded for consideration. Category Rating, Veterans Preference, Schedule A, and traditional ranking do not apply to this vacancy.
Additional Information
- Veterans Career Counseling: veterans may email careers@ed.gov to schedule resume and interview guidance
- Student Loan Default: if selected, verification that there is no outstanding default on Department of Education funded or guaranteed loans will be performed
- Suitability and Investigation: you will complete the Declaration for Federal Employment (OF-306) and undergo a pre-appointment investigation/background check
- Essential/Non-Essential: this position is considered essential for federal operation during closures
- Financial Disclosure: not required
- Bargaining Unit: not part of the bargaining unit
- Selections: agencies may hire from any eligible source and may fill additional vacancies within 90 days; certificates may be shared across program offices
- Preferred certifications: CISSP or CISA in IT security or IT risk
How You Will Be Evaluated
You will be assessed on how well your qualifications match the stated requirements and competencies. The process includes review of your resume and documents, and may include a structured assessment and interviews. Expect evaluation of oral and written communications, interpersonal skills, problem solving, teamwork, technology orientation, customer service, attention to detail, and self management. Applicants with the strongest qualifications may be referred to the selecting official for further steps.
Required Documents
- Your resume showing relevant work experience, education, and contact information; for federal applicants, include pay plan, series, and grade
- A resume that demonstrates your education, experience, training, and accomplishments as they relate to the qualifications; limit to two pages
- Veterans Preference documents if applicable (DD-214 or expected discharge, SF-15, and proof of preference)
- ICTAP/CTAP documentation if claiming priority consideration
- SF-50s showing displacement or career status for CTAP/ICTAP considerations