IT Cybersecurity Specialist
What you'd do
The National Gallery of Art welcomes all people to explore art, creativity, and our shared humanity. Millions of people come through our doors each year, with even more online, making us one of the most visited art museums in the world. Our renowned collection includes over 160,000 works of art, from the ancient world to today. Admission to the West and East Buildings, Sculpture Garden, special exhibitions, and public programs is always free.
Major duties
The Gallery's Digital Solutions division (TDS) reports to the Gallery's Treasurer and provides IT solutions, services and innovation. This Information System Security Officer (ISSO) position reports to the Chief Information Security Officer (CISO) and maintains a secure operating environment for business applications including the continuous monitoring of information technology assets, services and processes to which they are assigned. Duties for this position include Maintain the Gallery catalog of IT enterprise and departmental systems with information including but not limited to: (i) system points of contact, (ii) vendor point of contact, (iii) Tier, (iv) location, (v) type (i.e., Cloud, on-premise, hybrid, colocation, etc.). Review vendor capabilities and security posture for potentially new IT systems/applications/services and provide recommendation on risk to the Gallery. Collaborate with the CISO, CIO, system managers, and other stakeholders to finalize IT security requirements for third-party IT systems/applications/services. Ensure vendors/contractors/providers comply with the Gallery IT security policies and procedures established as part of the third-party risk management program. Work with the Gallery's Contracts and Procurement Office (APC) to ensure all applicable IT security requirement. Review results of vulnerability scans (internal or third-party) for third-party applications/systems/devices and work with the appropriate system managers and operations (TDS-OPS) personnel to remediate critical and high vulnerabilities. Support the triage of potential security incidents related to third-party breaches, following the established IT security incident response process, and supporting remediation efforts.
What you need to qualify
Basic Requirements This standard allows eligibility through meeting either the requirements specified in the section titled Education or the requirements specified in the section titled Experience. Education: All academic degrees and coursework must be from accredited or pre-accredited institutions Undergraduate or Graduate Education: Degree in computer science, engineering, information science, information systems management, mathematics, operations research, statistics, or technology management or degree that provided a minimum of 24 semester hours in one or more of the fields identified above and required the development or adaptation of applications, systems or networks. OR GS-5 through GS-15 (or equivalent): For all positions individuals must have IT-related experience demonstrating each of the four competencies listed below. The employing agency is responsible for identifying the specific level of proficiency required for each competency at each grade level based on the requirements of the position being filled. Attention to Detail - Is thorough when performing work and conscientious about attending to detail. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to gen AND Specialized Experience for GS-7 (or equivalent) and Above: Positions at GS-7 (or equivalent) and above require one year of specialized experience at the next lower GS-grade (or equivalent). Specialized experience is experience that has equipped the applicant with the particular competencies/knowledge, skills, and abilities to successfully perform the duties of the position and is typically in or related to the work of the position to be filled. Such experience is typically gained in the IT field or through the performance of work where the primary concern is IT. The employing agency is responsible for defining the specialized experience based on the requirements of the position being filled. Information Technology (IT) Management Series 2210 Specialized Experience Statement: To qualify for the GS-13 level, you need to have at least one year of full-time experience equivalent to the GS-12 level defined as: experience assessing and managing third-party cybersecurity risks associated with vendor-managed services, cloud service providers, software-as-a-service (SaaS) platforms, and other externally hosted systems and applications; conducting security reviews to identify and mitigate vulnerabilities; implementing vulnerability management processes; and recommending safeguards to protect information systems, networks, and organizational data OPM Qualifications Standard: You must meet all qualification and eligibility requirements by the closing date of this announcement. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community, student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience.
Before you apply
Federal applications are different: your resume should be 3–5 pages and mirror the language of this announcement. Read our federal resume guide first — it's the #1 reason qualified people get screened out.
Don't miss the next one.
Get an email the moment a similar federal job opens — postings can close in as little as 5 days.