IT Spec (Infosec), GS-2210-14, FPL 14 (DH) (Open-Continuous)
What you'd do
This position is in the U.S. Department of Education (ED), Federal Student Aid (FSA). FSA is modernizing the systems that serve over 17 million students and power more than $120 billion in financial aid each year. We are building a team of IT professionals to strengthen the technical foundation of one of the federal government's highest-impact digital ecosystems.
Major duties
This is an open continuous announcement to fill current and future vacancies, until 07/30/2026. This is an open continuous announcement with cutoff dates. Applications will be referred based on receipt of application and established cutoff dates as follows: 1st cutoff date: 07/10/2026 2nd cutoff date: 07/20/2026 Last cutoff date: 07/30/2026 We encourage you to read this entire vacancy announcement prior to submitting your application. As a IT Spec (INFOSEC), GS-2210-14, you will be responsible for: • Leading enterprise cybersecurity program oversight across the Federal Student Aid (FSA) environment with in‐depth knowledge of the Federal Information Security Modernization Act (FISMA), Federal Risk and Authorization Management Program (FedRAMP), Department of Homeland Security Binding Operational Directives (DHS BODs), and related federal directives; ensure stakeholder security requirements are implemented across Zero Trust, segmented, and cloud architectures; and advise senior leadership on emerging threats and overall enterprise security posture. • Managing enterprise safeguards and compliance programs with expert knowledge of Internal Revenue Service (IRS) Publication 1075, Gramm Leach Bliley Act (GLBA) Safeguards Rule, NIST Special Publication (SP) 800 53, and NIST SP 800 171; oversee implementation and continuous monitoring of required controls across systems processing Federal Tax Information (FTI) and Controlled Unclassified information (CUI); and lead the full NIST SP 800 171 compliance lifecycle for Institutions of Higher Education (IHE). • Directing and leading Authority to Operate (ATO) and Operational Security Assessment (OSA) processes; perform Risk Management Framework (RMF)-aligned risk assessments, impact analyses, control evaluations, and continuous monitoring; serve as the technical authority for enterprise risk posture with strong skill in ATO, Enterprise Risk Management (ERM), continuous monitoring, and enterprise risk analysis; and provide authoritative recommendations supported by strong written and oral communication and leadership. • Overseeing incident response & compliance case management: triage, investigation, documentation, corrective action tracking, and regulatory reporting; provide senior advisory support during high risk events affecting significant data/systems. • Driving enterprise risk management artifacts (risk register, dashboards), committee support (Enterprise Cyber Risk Committee (ECRC), Chief Technology Officer (CTO) Risk Committee), training, and cybersecurity communications; manage Enterprise Risk Management (ERM) tool and user support.
What you need to qualify
Minimum Qualification Requirements You may meet the minimum qualifications for the GS-14, if you possess the specialized experience. Specialized Experience for the GS-14 One year of experience in either federal or non-federal service that is equivalent to at least a GS-13 performing two (2) out of three (3) of the following duties or work assignments: 1. Experience managing cybersecurity compliance programs (e.g., NIST SP 800 171, Gramm‐Leach‐Bliley Act (GLBA), Federal Tax Information (FTI)) in complex enterprise or higher education environments; coordinating controls, assessments, and audit readiness. 2. Experience leading federal or private cybersecurity audits, producing corrective action plans (CAPs), interpreting findings, and coordinating remediation across multiple stakeholders. 3. Experience developing and executing enterprise cybersecurity training, governance artifacts (risk registers, dashboards), and documentation in support of Enterprise Risk Management (ERM) and committee reporting. Basic Experience Requirements You must possess IT related experience (paid or unpaid experience and/or completion of specific, intensive training (e.g., IT certification), as appropriate) demonstrating each of the nine competencies listed below. 1. Attention to Detail - Is thorough when performing work and conscientious about attending to detail. 2. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. 3. Decision Making - Makes sound, well-informed, and objective decisions; perceives the impact and implications of decisions; commits to action, even in uncertain situations, to accomplish organizational goals; causes change. 4. Information Management - Identifies a need for and knows where or how to gather information; organizes and maintains information or information management systems. 5. Interpersonal Skills - Shows understanding, friendliness, courtesy, tact, empathy, concern, and politeness to others; develops and maintains effective relationships with others; may include effectively dealing with individuals who are difficult, hostile, or distressed; relates well to people from varied backgrounds and different situations 6. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. 7. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. 8. Teamwork - Encourages and facilitates cooperation, pride, trust, and group identity; fosters commitment and team spirit; works with others to achieve goals. 9. Technical Competence – Uses knowledge that is acquired through formal training or on-the-job experience to perform one's job; works with, understands, and evaluates technical information related to the job; advises others on technical issues. Knowledge, Skills, and Abilities (KSAs) The quality of your experience will be measured by the extent to which you possess the following knowledge, skills and abilities (KSAs). You do not need to provide separate narrative responses to these KSAs, as they will be measured by your responses to the occupational questionnaire (you may preview the occupational questionnaire by clicking the link at the end of the Evaluations section of this vacancy announcement). 1. Knowledge of enterprise security programs, risk mitigation, vulnerability management, penetration testing coordination, and executive communication. 2. Ability to interpret federal cybersecurity regulations; experience implementing controls and audit readiness for Federal Tax Information (FTI)/Controlled Unclassified Information (CUI) environments. 3. Skill in Risk Management Framework (RMF) / Authority to Operate (ATO), continuous monitoring, and enterprise risk analysis and communication 4. Skill in Incident handling, regulatory reporting, stakeholder coordination, escalation leadership. 5. Knowledge of ERM frameworks, governance, training development, tooling administration.
Before you apply
Federal applications are different: your resume should be 3–5 pages and mirror the language of this announcement. Read our federal resume guide first — it's the #1 reason qualified people get screened out.
Don't miss the next one.
Get an email the moment a similar federal job opens — postings can close in as little as 5 days.