Supervisory IT Specialist (INFOSEC)
What you'd do
This position is located in the Cybersecurity Group within the Office of the Chief Information Officer (OCIO), Office of the Managing Director(OMD), Federal Communications Commission (FCC), located in Washington, DC. RELOCATION EXPENSES WILL NOT BE PAID. THIS VACANCY ANNOUNCEMENT MAY BE USED TO FILL ADDITIONAL POSITIONS WITHIN 90 DAYS.
Major duties
The incumbent serves as the Chief Information Security Officer (CISO), reporting directly to the Chief Information Officer (CIO) in the OCIO organization. As the CISO and Group Lead for Cybersecurity and Information Assurance, the incumbent provides executive leadership, strategy, technical direction, and authority for all information security functions across all 19 FCC bureaus and offices to include: Provides direct oversight, technical leadership, and administrative management of four critical sub-unit leads: the Lead Security Operations Manager, the Lead for Governance, Risk, and Compliance (GRC), the Lead Security Engineer, and the Lead for Incident Response. Establishes, maintains, and enforces the FCC's Enterprise Information Security Strategy, including the integration of emerging technology risk domains such as artificial intelligence (AI) and machine learning (ML) systems into the agency's overall security posture. Serves as the principal, authoritative advisor to the CIO, Managing Director, and Chairman on all matters concerning cybersecurity risk, systemic vulnerabilities, threat landscapes, AI-related security risks, and regulatory security compliance. Represents the FCC on interagency cybersecurity councils, including OMB, CISA, and White House cyber roundtables, contributing subject-matter expertise on AI governance, Zero Trust implementation, and vulnerability management best practices. Synthesizes complex, technical risk data, including vulnerability scan results, threat intelligence, and identity/access risk indicators, into executive-level decision memos and risk-acceptance briefs for agency leadership. Provides ultimate oversight for the FCC's 24/7/365 Security Operations Center (SOC), including oversight of SIEM platforms (e.g., Splunk) for continuous monitoring, log correlation, and threat detection across enterprise systems. Directs the agency's enterprise vulnerability management program, ensuring timely identification, prioritization, and remediation of vulnerabilities to continuously reduce the agency's attack surface. Oversees enterprise identity and access management (IAM) programs, including administration and governance of platforms such as Okta, to ensure secure authentication, privileged access controls, and alignment with ICAM and Zero Trust Architecture principles. Establishes and enforces AI security governance protocols, including risk assessments for AI/ML system deployments, safeguards against adversarial machine learning and data poisoning, and oversight of third-party AI tool usage in alignment with NIST AI RMF and applicable OMB guidance. Formulates and issues agency-wide Information Security Policies, Handbooks, and Rules of Behavior in strict alignment with FISMA, NIST guidelines (including NIST SP 800-53 and the NIST AI Risk Management Framework), and applicable Executive Orders. Leads the development and execution of the cybersecurity group's annual operating budget, prioritizing investments — including tooling for vulnerability management, SIEM, IAM, and AI security, using Capital Planning and Investment Control (CPIC) protocols to balance defense expenditures against mission requirements.
What you need to qualify
Interested candidates should be passionate about the ideals of our American republic, committed to upholding the rule of law and the U.S. Constitution, and committed to improving the efficiency of the Federal government. Hiring decisions will not be based on race, sex, color, religion, or national origin. Applicants must meet eligibility and qualification requirements by the closing date of this announcement. Time in grade restrictions do not apply to Direct Hire procedures. SME REVIEW Individuals must have IT-related experience demonstrating each of the competencies listed below. SME's will be conducting a scored structured resume review to determine if candidate's resumes demonstrate all required competencies as outlined below. To be eligible for referral to the selecting official, candidates must receive a score of at least 75.56. Attention to Detail - Is thorough when performing work and conscientious about attending to detail. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. Decision Making - Makes sound, well-informed, and objective decisions; perceives the impact and implications of decisions; commits to action, even in uncertain situations, to accomplish organizational goals; causes change. Information Management - Identifies a need for and knows where or how to gather information; organizes and maintains information or information management systems. Interpersonal Skills - Shows understanding, friendliness, courtesy, tact, empathy, concern, and politeness to others; develops and maintains effective relationships with others; may include effectively dealing with individuals who are difficult, hostile, or distressed; relates well to people from varied backgrounds and different situations Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations Teamwork - Encourages and facilitates cooperation, pride, trust, and group identity; fosters commitment and team spirit; works with others to achieve goals. Technical Competence – Uses knowledge that is acquired through formal training or on-the-job experience to perform one's job; works with, understands, and evaluates technical information related to the job; advises others on technical issues. Cyber-Expert knowledge of Federal cyber and cybersecurity policy, procedures, and guidelines, cyber and cybersecurity concepts, terms, and technical aspects. Advice-Expert ability to provide advice, guidance, and recommendations to senior management on critical policy issues; make decisions or recommendations that significantly influence important Commission IT and Cybersecurity policies or programs. IT Principles-Skill in applying advanced IT principles, concepts, methods, standards, and practices sufficient to accomplish assignments such as develop and interpret policies, procedures, and strategies governing the planning and delivery of IT services throughout the agency. AND GS-15 In order to be deemed as qualified, candidates must have one year of specialized experience which is equivalent to the GS-14 level in the Federal service. Specialized experience is defined as follows: • Demonstrated experience implementing and maintaining compliance with FISMA, FedRAMP, and NIST Risk Management Framework (RMF), including NIST SP 800-37, 800-53, and 800-171 • Experience managing Authorization to Operate (ATO) processes, including Security Assessment and Authorization (SA&A) packages. • Experience with CMMC (Cybersecurity Maturity Model Certification) requirements, if applicable to the agency. • Experience managing Plans of Action and Milestones (POA&Ms) and reporting to CISA/OMB. • Experience working with Continuous Diagnostics and Mitigation (CDM) program requirements. • Experience developing or implementing AI governance frameworks aligned with NIST AI Risk Management Framework (AI RMF) and OMB M-24-10. • Experience overseeing Security Operations Center (SOC) functions, including detection engineering and incident triage. • Experience leading enterprise vulnerability management programs, including use of tools such as Tenable. • Experience reducing organizational attack surface through patch management, configuration hardening, and risk-based prioritization. • Experience implementing Zero Trust Architecture (ZTA) principles across network, identity, and data layers. • Experience securing FedRAMP-authorized cloud environments (AWS GovCloud, Azure Government, or similar). • Experience with cloud security posture management (CSPM) and container/Kubernetes security. • Experience coordinating with CISA, US-CERT, and other federal partners on incident reporting and response. • Experience developing and testing incident response plans, tabletop exercises, and continuity of operations (COOP) planning. • Experience leading cross-functional security teams and managing federal IT security budgets. • Experience developing agency/company-wide cybersecurity strategy, policy, and workforce training programs. • Experience presenting risk posture and compliance status to agency leadership, Inspectors General, or GAO auditors or similar. PART-TIME OR UNPAID EXPERIENCE: Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community, student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience.
Before you apply
Federal applications are different: your resume should be 3–5 pages and mirror the language of this announcement. Read our federal resume guide first — it's the #1 reason qualified people get screened out.
Don't miss the next one.
Get an email the moment a similar federal job opens — postings can close in as little as 5 days.