IT SPECIALIST (INFOSEC)

POSITION SUMMARY

The incumbent serves as an Information Technology (IT) Specialist Information Security (INFOSEC) responsible for a wide range of complex assignments and projects relative to information systems and security matters.

As such, incumbent develops, implements, and coordinates activities designed to ensure, protect, and restore IT systems, services and capabilities.

Ensures the confidentiality, integrity, and availability of systems, networks, and data through analyzing information systems security profiles and related security programs, policies, procedures and tools.

Monitors and evaluates systems’ compliance with IT security requirements and provides advice and guidance in implementing IT security policies and procedures in the development and operation of network systems.

Formulates policies and guidance based on assessment of requirements not addressed in existing security directives and operations. POSITION DUTIES

The incumbent serves as the Cyber Security Subject Matter Expert (SME) for the Cyber Security Policy Team. This position is located in QUANTICO, VA and is with the COMMAND ELEMENT DIRECTORATE / CHIEF INFORMATION OFFICE;

RISK MANANGEMENT FRAMEWORK BRANCH. Location negotiable after acceptance of an offer but must be within the Continental United States (CONUS).

Remote and local telework may be authorized with approval of the supervisor. Local Telework Requests : Request to telework at an alternate location within the normal commuting area (e.

g., an employee who is officially assigned to the DIA HQ duty station in Washington, D.C. requests to work at another DIA Facility in the National Capital Region).

Remote Telework Requests : Request to telework at an alternate location outside the employee’s normal commuting area (e.

g., an employee who is officially assigned to the DIA HQ duty station in Washington, D.C. requests to telework at another DIA Facility not in the National Capital Region).

DoD 8570 cybersecurity certification is required for this position. Selectee without this certification will have 6 months after start date to obtain it or they may be reassigned to a position that doesn’t require it.

This position is responsible for performing the following duties :

Serves as the Cyber Security Subject Matter Expert (SME) for the Cyber Security Policy Team.

Demonstrates, and utilizes, a thorough knowledge of cyber specific polices and how those policies apply within the various IT environments (SCI, non-SCI, and SAP).

Researches, proposes, and develops cyber security policy documents (e.g. directives, instructions, memos, policy related responses to inspection findings, security classification guides, etc.

to support and align with organizational cyber security missions, initiatives, and environment.

Interprets policies promulgated by higher level authorities (e.g. Federal, DoD, IC, etc.) and determines their effect on cyber security program.

Modifies, adapts, and / or refines broader guidelines to resolve specific complex and / or intricate issues and problems.

Interprets cyber IT policies, standards, and guidelines.

Provides recommendations on policy impacts to senior management, staff, and customers.

Identifies and provides impacts on cyber policy implications of new organizational strategies and / or processes.

Provides comprehensive responses to policy related taskings (e.g. review of IC & DoD draft policies, inspection / audit findings, security classification guides, etc.

ensuring responses align with the agency’s position and include consideration of the various IT environments.

As Technical cyber security policy writer / editor, uses sufficient knowledge of the basic cyber security principles and specialized vocabulary, equipment, and systems to deal with related professional and technical information.

Uses this knowledge, along with new source material found during research and in interviews with subject-matter specialists, to develop or edit in-depth, technical documents concerning cyber security policy.

Utilizes knowledge of grammar, writing and editing practices, and the style requirements of the media and the publications used and knowledge of readily available sources of information on the appropriate subjects including resources and subject-matter experts.

Coordinates final documents with stakeholders, staffs and routes packages to cognizant signature authority, and follows status to completion.

Develops cyber security policy summation (factual information that is clear and meaningful to the intended audience), to include impact, for consumption by management, staff, stakeholders, and customers.

Submits into appropriate communication chain(s) / venue(s).

Supports cyber security policy actions related to the preparation, execution, and after-action phases of inspections by internal and external entities.

Assesses cyber policy related findings, coordinates and implements corrective actions, monitors progress of correction actions, request closure of findings, and track to completion.

Develops, maintains, and coordinates cyber security policy workplan utilizing appropriate project planning processes.

Ensures workplan is adjusted based on the needs of the cyber security program.

Policies govern IT activities, guidance to IT management, staff, stakeholders, and customers to ensure the rigorous application of cyber security policies, principles, and practices.

Interprets and provides cyber security policy guidance to management, staff, and customers.

Conducts, oversees, and monitors security analyses, testing, evaluations and certification and accreditation (C&A) of systems and networks processing both sensitive compartmented intelligence and collateral intelligence information.

Provides input to recommendations on final security accreditation of system or network.

Develops all supporting data necessary to justify and defend certification results.

Analyzes and evaluates designs and plans for DoD and DoD contractor systems and networks for compliance with automated information system, (AIS) security policies and requirements in the context of meeting established or anticipated intelligence objectives in support of military and national strategic objectives.

Provides identification of specific security strengths, vulnerabilities, feasibility, costs and associated issues.

Creates reports, guidance and direction for enhancement of security for such systems / networks.

Recommends and directs changes in network and system designs, plans, or documentation to ensure compliance with security policy.

Assists DoD functional, AIS managers and contractors on application of AIS security for all phases of AIS life-cycle management.

Monitors systems implementation and participates in position implementation testing and evaluation.

Conducts analytical studies of programs that are broad in scope with frequently undefined limits, to evaluate effectiveness of current programs, feasibility of future programs and development of planning efforts.

Plans and advises on implementation of new ideas, procedures, processes, methods or approaches of substantial scope and difficulty.

Designs, implements, and manages operational security services designed to protect, detect and react to malicious traffic or events.

Provides recommendations and implementations of countermeasures used in defense tactics.

Advises appropriate management officials on IT security actions, issues, problems, and events having significant consequences on operational programs / projects.

Participates in senior level policy making to ensure that security issues are considered in context with current and / or projected operational programs / projects.

Serves as an action officer in response to assigned tasking, resolving important organizational issues.

Serves as a representative on working groups with functional or multi-disciplinary emphasis that involve information assurance issues.

Plans and develops internal strategies and participates in meetings to provide security advice and assistance to resolve problems.

Manages ad hoc projects and acts as a liaison with stakeholders in support of policy and / or project assignments.

Performs other duties as assigned.

Salary is subject to change to reflect the new DOD Cyber and STEM pay table once approved. ASSESSMENT FACTORS

1. Demonstrates thorough understanding of, and ability to execute, the policy lifecycle and all related elements / steps, from research through issuance or cancellation.

2. Is flexible and responds in a timely fashion to changing requirements, priorities, and short deadlines.

3. Demonstrates excellent oral and written communication skills to compose and deliver responses to complex questions in a clear, concise, and organized manner.

4. Proposes program, process, and policy changes required to enhance organizational efficiency and eliminate barriers to organizational success.

5. Demonstrates a thorough understanding of the organization’s mission, functions, values, applicable policies and procedures, and internal and external factors that may impact the organization. HIGHLY DESIRED SKILLS

1. Demonstrated ability to provide advice and guidance in the proper and accurate interpretation of IT / cyber security policies and procedures that support the development and operation of network systems.

2. Demonstrated ability to lead and / or support a wide variety of policy efforts, including but not limited to, Security Classification Guides (SCGs), directives, instructions, memorandums, and policy exceptions.

3. Demonstrated ability to research policy need or implications to organization, organize work plan, draft policy document, format per agency requirements, coordinate with stakeholders, staff for signature, educate workforce, and evaluate policy documents. POSITION REQUIREMENTS

All Applicants must meet the following minimum qualification requirements in order to be considered for this position :

Requirements may be met either through Education and / or Experience and / or a combination of both.

Education :

All academic degrees and coursework must be from accredited or pre-accredited institutions. The coursework must be either undergraduate or graduate and must include a minimum of 24 semester hours in one, or a combination of the following : computer science, engineering, information science, information systems management, mathematics, operations research, statistics, or technology management.

Level / Education :

GG-07 : One (1) full year of graduate level education; or Bachelor’s degree with superior academic achievement

GG-09 : Master’s degree or equivalent graduate degree; OR two (2) full years of progressively higher level graduate education leading to a master’s degree or equivalent graduate degree

GG-11 and above : Ph.D or equivalent doctoral degree; OR three (3) full years of progressively higher level graduate education leading to a Ph.

D. or equivalent doctoral degree

Experience

• Must be IT-related (paid or unpaid);
• May have involved the completion of specific and intensive training (for example, IT certification);
• Should have equipped the applicant with the particular competencies / knowledge, skills and abilities to successfully perform the duties of the position and should have been gained in the same or related field as the work of the position being filled;
• Should have been gained in the IT field or through the performance of work where the primary concern was IT;
• Should consist of at least one year at a level equivalent to the next lower GG level;
• Must have demonstrated each of the following four competencies :
• 1. Attention to detail : thorough when performing work and conscientious about attending to detail;
• 2. Customer Service : works with clients and customers to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations, knows about available products and services and is committed to providing quality products and services;
• 3. Oral Communication : effectively expresses information, takes into account the audience and nature of the information, makes clear and convincing oral presentations, listens to others, attends to nonverbal cues and responds appropriately;

4. Problem Solving : identifies problems, determines accuracy and relevance of information, uses sound judgment to generate and evaluate alternatives and makes appropriate recommendations.

Specialized Experience

Specialized experience is experience that has equipped the applicant with the particular competencies / knowledge, skills and abilities to successfully perform the duties of the position and is typically in or related to the work of the position to be filled. APPLICATIONS RECEIVED

Applications must be received by MIDNIGHT (Eastern Time) on the closing date of the announcement. All qualification requirements must be met by the closing date of the announcement.

EVALUATION

DIA will evaluate your online application to ensure it demonstrates the knowledge, skills, abilities, work experience, and any mandatory education, certification, and / or license requirements, to successfully perform the duties of the advertised position.

Failure to respond to the position-related assessment factors or to provide clear examples of claimed experience levels will preclude further consideration of your application.

Applicants must have directly applicable experience that demonstrates the possession of the knowledge, skills, abilities and competencies necessary for immediate success in the position.

Qualifying experience may have been acquired in any public or private sector job, but will clearly demonstrate past experience in the application of the particular competencies / knowledge, skills, and abilities necessary to successfully perform the duties of the position at the advertised grade.

Such experience is typically in or directly related to the work of the position to be filled.

ASSESSMENT FACTOR RESPONSES

For each of the following position-related assessment factors use the drop-down menu to select a response from the choices below (A-E) that best describes your highest level of training and / or experience in performing the task.

Responses must be substantiated in your application.

A - Lacks education, training or experience in performing this task

B - Has education / training in performing task, not yet performed on job

C - Performed this task on the job while monitored by supervisor or manager

D - Independently performed this task with minimal supervision or oversight

E - Supervised performance / trained others / consulted as expert for this task

HIGHLY DESIRED ASSESSMENT FACTOR RESPONSES

Although not required, applicants are highly encouraged to submit responses to the highly desired assessment factors. DIA uses these factors to help identify and differentiate the best qualified applicants for the position.

For each of the preceding highly desired assessment factors (optional) select "Yes" or "No" from the drop-down menu as your response.

Ensure your affirmative responses are supported in the appropriate section of your application.

VETERANS’ PREFERENCE

DoD Components with DCIPS positions apply Veteran’s Preference to preference eligible candidates as defined by section 2108 of Title 5 USC, in accordance with the procedures provided in DoD Instruction 1400.

25, Volume 2005, DCIPS Employment and Placement.

FOREIGN AREA TOURS OF DUTY ELIGIBILITY

DIA employees applying for a position in a foreign area must be eligible for assignment to or within the foreign area as noted in DIAI 1404.

008, Foreign Area Tours of Duty. Employees currently assigned to a foreign area are ineligible for consideration if selection will cause them to exceed the time limitation for foreign area service or, conversely, the employee will not satisfactorily complete their period of obligated service within 6 months of the closing date of this announcement.

More than one permanent change of station move within a 12-month period is not considered to be in the interest of the government for the purposes of relocation at Government expense.

DUTY AT OTHER LOCATIONS

May be required to perform duty at other operating locations.

DEPLOYMENT / MOBILITY STATEMENT

All DIA employees are subject to world-wide deployment to crisis situations and are subject to geographic relocation in accordance with agency guidelines.

SHIFT WORK

Availability for shift work, extended hours, and travel may be required for this position.

RELOCATION COSTS

Relocation expenses in connection with a permanent change of station may be authorized in accordance with the Joint Travel Regulations and at agency discretion.