Supervisory IT Specialist (INFOSEC)

To qualify for this position, applicants must meet all requirements by the closing date of this announcement, 06/03/2026. You may qualify based on your experience and/or education as described below: Basic Requirements: Experience must be IT related; the experience may be demonstrated by paid or unpaid experience and/or completion of specific, intensive training (for example, IT certification), as appropriate. For all positions individuals must have IT-related experience demonstrating each of the five competencies listed below. The employing agency is responsible for identifying the specific level of proficiency required for each competency at each grade level based on the requirements of the position being filled. Attention to Detail - Is thorough when performing work and conscientious about attending to detail. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. AND Specialized Experience: You must have one year of specialized experience equivalent to at least the next lower grade GS-15 in the normal line of progression for the occupation in the organization. Examples of specialized experience would typically include, but are not limited to: Skills in leading Cybersecurity Risk Management by directing and overseeing enterprise risk activities; designing evaluation/reporting methods; defining program metrics. - Skills in applying Enterprise Risk Management & Security Architecture by applying information systems security principles and concepts, risk management processes, and cybersecurity and privacy principles to guide architecture decisions and risk acceptance/mitigation across a large portfolio. Skills in leading end- to-end Security Assessment & Authorization (A&A) activities (categorization, selection, implementation, assessment, authorization, and monitoring) for complex or high- value VA systems, resulting in timely Authorizations to Operate (ATO) and measurable POA&M reduction. Skills in applying Program/Process Management & Quality by using current industry methods to evaluate, implement, and disseminate security assessment, monitoring, detection, and remediation capabilities (e.g., vulnerability management, configuration compliance, logging/analytics), and validating outcomes through metrics. AND Selective Placement Factor: In addition to the minimum qualifications described above, you must meet the following requirements to be considered for the position: Must have experience leading enterprise cybersecurity risk management programs in accordance with the NIST Risk Management Framework, including evaluating and validating security controls, preparing or approving authorization documentation, and making authorization impact recommendations for enterprise level IT systems. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religions; spiritual; community; student; social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience. Note: A full year of work is considered to be 35-40 hours of work per week. Part-time experience will be credited on the basis of time actually spent in appropriate activities. Applicants wishing to receive credit for such experience must indicate clearly the nature of their duties and responsibilities in each position and the number of hours a week spent in such employment. Veterans and Transitioning Service Members: Please visit the VA for Vets site for career-search tools for Veterans seeking employment at VA, career development services for our existing Veterans, and coaching and reintegration support for military service members. For more information on these qualification standards, please visit the United States Office of Personnel Management's website at https://www.opm.gov/policy-data-oversight/classification-qualifications/general-schedule-qualification-standards/. The Director provides oversight for all of the risk management realm of Information Assurance, Office of Information Security (OIS), within the Office of Information and Technology, Department of Veterans Affairs (VA). The primary role is to develop and/or analyze procedures and systems for identifying, assessing/validating, and reporting on the effectiveness of major cybersecurity risk management programs that is evaluated as it relates to both IT and traditional programs.