Head of Cybersecurity (CISO)

Head of Cybersecurity (CISO)

Department: Other Agencies and Independent Organizations

Location(s): Woodlawn, Maryland

Salary Range: $151661 - $228000 Per Year

Job Summary: The Head of Cybersecurity serves as the Chief Information Security Officer (CISO) for the Social Security Administration (SSA). The incumbent leads the agency's comprehensive cybersecurity security program, providing strategic direction for the development and implementation of IT security policies, procedures, and operations to protect SSA's information systems and sensitive personal information for millions of Americans.

Major Duties:

• In addition to advising senior leadership on security matters, ensuring compliance with federal regulations, and collaborating with stakeholders to manage risks and support SSA's technology and business needs, the Head of Cybersecurity/CISO: Oversees the development and implementation of national cybersecurity policies and controls to safeguard sensitive personal information from unauthorized access, breaches, and cyber threats. They ensure cybersecurity strategy, policies, and standards comply with the Federal Information Systems Management Act, the Privacy Act, guidance from the National Institute of Standards and Technology (NIST) and Office of Management and Budget, other federal requirements (e.g., FedRAMP), and industry best practices. Provides strategic direction for comprehensive, national cybersecurity operations, including network security, endpoint protection, identity and access management, incident detection and response, and disaster recovery planning. They provide guidance, direction, and advice on the Continuity of Operations Plan (COOP), incident response, containment, and recovery efforts to minimize potential damage and ensure timely communication with stakeholders. Directs the design, development, and maintenance of SSA's information security compliance program. This encompasses the design, development, and maintenance of the information security compliance policy and reviews for data exchange partners, including developing and implementing compliance and monitoring reviews (protocols and oversight), as well as, training and coordination with the data exchange network. They oversees the Critical Infrastructure Protection Program and ensures secure data exchange with partners through robust compliance and monitoring protocols. Designs, develops, and maintains SSA's overall information security policy. This encompasses the design, development, and implementation of information security training for SSA. They develop and implements ongoing cybersecurity training, awareness, and phishing simulation programs for all personnel and contractors.

Qualifications: Candidates should be committed to improving the efficiency of the Federal government, passionate about the ideals of our American republic, and committed to upholding the rule of law and the United States Constitution. Candidates will not be hired based on their race, sex, color, religion, or national origin. The application process used to recruit for this position is RESUME BASED. It is important that your resume be complete and thorough, following the requirements outlined below. As a basic requirement, to meet the minimum qualification requirements for this position, applicants MUST demonstrate progressively responsible leadership experience that is indicative of senior executive level managerial capability and directly related to the skills and abilities outlined under Executive Core Qualifications and Mandatory Professional/Technical Qualifications within their resume - NOT TO EXCEED 2 PAGES. Resumes over the 2-page limit, will not be reviewed beyond page 2, or may be disqualified. Your resume should include examples of experience, education, and accomplishments applicable to the qualification(s). If your resume does not reflect demonstrated evidence of these qualifications, you may not receive consideration for the position. There is NO requirement to prepare a narrative statement specifically addressing the Executive Core Qualifications (ECQs) or the Technical Qualifications (TQs). To be considered minimally qualified for this position, candidates must have had responsible professional experience at a senior level (equivalent to the GS-15 in either the General Schedule (GS) or a comparable pay plan). Typically, experience of this nature will have been gained at or above the GS-15 grade level in the Federal service or its equivalent with state or local government, the private sector, or non-governmental organizations. Failure to meet this basic qualification requirement and all executive and technical qualification factors automatically disqualifies an applicant. NOTE: If you are (1) a member of the SES, (2) have been certified through successful participation in an OPM approved SES Candidate Development Program (SESCDP), or (3) have SES reinstatement eligibility, you do not need to respond to the ECQs. Instead, you should attach proof (e.g., SF-50, Certification by OPM's SES Qualifications Review Board (QRB)) of your eligibility for noncompetitive appointment to the SES. TECHNICAL QUALIFICATIONS (TQs): Your resume should demonstrate accomplishments that would satisfy the technical qualifications. 1. Senior level experience leading the development, implementation, and administration of cybersecurity policies and procedures at the enterprise level. 2. Senior level experience directing cybersecurity controls, risk management processes, and disaster recovery planning for an organization. DESIRABLE QUALIFICATION (DQ): 1. Senior level experience leading the development and implementation of organization-wide cybersecurity awareness and training programs. EXECUTIVE CORE QUALIFICATIONS (ECQs): In addition to the Technical Qualification requirements listed above, all new entrants into the Senior Executive Service (SES) under a career appointment will be assessed for executive competency against the following five mandatory ECQs. If your 2-page resume does not reflect demonstrated evidence of the ECQs, TQs, and DQ, you may not receive further consideration for the position. There are five ECQs: ECQ 1: Commitment to the Rule of Law and the Principles of the American Founding - Demonstrated knowledge of the American system of government, commitment to uphold the Constitution and the rule of law, and commitment to serve the American people; ECQ 2: Driving Efficiency - Demonstrated ability to strategically and efficiently manage resources, budget effectively, cut wasteful spending, and pursue efficiency through process and technological upgrades; ECQ 3: Merit and Competence - Demonstrated knowledge, ability, and technical competence to effectively and reliably produce work that is of exceptional quality; ECQ 4: Leading People - Demonstrated ability to lead and inspire a group toward meeting the organization's vision, mission, and goals, and to drive a high-performance, high-accountability culture. This includes, when necessary, the ability to lead people through change and to hold individuals accountable; and ECQ 5: Achieving Results - Demonstrated ability to achieve both individual and organizational results, and to align results to stated goals from superiors. **Note for Current and/or Former Political Appointees: OPM must authorize any employment offers we make to current or former (within the last 5 years) political Schedule A, Schedule C, or Non-Career SES employees in the executive branch. If you are currently, or have been within the last 5 years, a political Schedule A, Schedule C or Non-Career SES employee in the Executive Branch, you must disclose that to the Human Resources Office within your application package.

How to Apply: To be considered for this position, you must submit a complete application no later than 11:59 PM (Eastern Time) on the closing date of the announcement - 02/09/2026. If you fail to submit a complete application prior to the closing time, the application system will not allow you to finish. Requests for extensions will not be granted, so please begin the application process with enough time to finish before the deadline. To apply for this position, you must complete this application and submit any required documents specified in the Required Documents section and submit by 11:59 PM (EST) on the closing date of the announcement to receive consideration. To begin, click Apply to access the online application. You will need to be logged into your USAJOBS account to apply. If you do not have a USAJOBS account, you will need to create one before beginning the application. Follow the prompts to select and upload your résumé and/or other required documents to be included with your application package. You will have the opportunity to upload additional documents to include in your application before it is submitted. Your uploaded documents may take several hours to clear the virus scan process. After acknowledging you have reviewed your application package, complete the "Include Personal Information" section as you deem appropriate and click to continue with the application process. You will be taken to the online application which you must complete in order to apply for the position. Complete the online application, verify the required documentation is included with your application package, and submit the application. It is applicant's responsibility to verify that information entered and uploaded, (i.e., resume and other required documents) is complete, accurate, and submitted by the closing date. Human Resources will not modify or change any part of your application. Application packages will NOT be accepted via mail. Due to security processes, mail delivery takes approximately 2-3 weeks to process at which time the vacancy announcement will be closed, and no further consideration will be given to additional application packages.

Application Deadline: 2026-02-09