IT Specialist (Infosec)

IT Specialist (Infosec)

Department: Department of Veterans Affairs

Location(s): Washington, District of Columbia, Hines, Illinois, Eatontown, New Jersey, Albany, New York, Philadelphia County, Pennsylvania, Austin, Texas, Salt Lake City, Utah, Shepherdstown, West Virginia

Salary Range: $106437 - $138370 Per Year

Job Summary: The purpose of the position is to develop and or analyze procedures and systems for identifying, assessing, and reporting the effectiveness of cybersecurity risk management within VA's information technology (IT) enterprise. Cybersecurity risk management compliance is evaluated as it relates to both IT and traditional programs through the identification, assessment, and reporting process. This is accomplished through intense control reviews and analysis.

Major Duties:

• OIT Mission: The mission of the Office of Information and Technology (OIT) is to collaborate with our business partners to create the best experience for all Veterans. OIT Vision: To become a world-class organization that provides a seamless, unified Veteran experience through the delivery of state-of-the-art technology. Major Duties: Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization's mission and goals Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs) Evaluate agency-wide compliance programs against short- and long-range objectives Analyzes and evaluates, on a quantitative or qualitative basis, the effectiveness of cybersecurity risk management compliance and inspection programs and/or operations Develop detailed plans, goals, and objectives for the long-range implementation of administration programs, and develops criteria for evaluating the effectiveness of the compliance and inspection programs Plan and recommend modifications or adjustments based on exercise results or system environment Participate in the development, planning and organization of education programs on topics applicable to risk management functions Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc. Provide expert analysis and advice on complex risk management compliance and/or programs issues Responsible for the independent review and analysis of cybersecurity risk management date from multiple data sources to identify risks and systemic problems, and to determine the quality and appropriateness of cybersecurity risk management Monitor, assess, and communicate effectiveness of cybersecurity risk management processes to include preparation and dissemination of reports to internal and outside agencies Work Schedule: Shifts possible: Monday-Friday, 8am - 4:30 pm Compressed/Flexible: Not Authorized Telework: Adhoc telework may be authorized at management's discretion. Position Description/PD#: IT Specialist (Infosec)/PD17079A Relocation/Recruitment Incentives: Not Authorized Permanent Change of Station (PCS): Not Authorized PCS Appraised Value Offer (AVO): Not Authorized Physical Demands: The work is sedentary. Some work may require walking and standing in conjunction with travel and attendance at meetings and conferences away from the work site and carrying light items such as papers or books. Working Conditions: The work area is adequately lighted, heated, and ventilated. The work environment involves everyday risks or discomforts that require normal safety precautions. This position requires minimal travel. The incumbent may be required to use both air and ground transportation. Designated Drug Testing Position: Not applicable. This is a non-bargaining unit eligible position.

Qualifications: To qualify for this position, applicants must meet all requirements by the closing date of this announcement, 05/08/2026.You may qualify based on your experience as described below: Basic Requirements: Experience must be IT related; the experience may be demonstrated by paid or unpaid experience and/or completion of specific, intensive training (for example, IT certification), as appropriate. For all positions individuals must have IT-related experience demonstrating each of the five competencies listed below. The employing agency is responsible for identifying the specific level of proficiency required for each competency at each grade level based on the requirements of the position being filled. Information Assurance - Knowledge of methods and procedures to protect information systems and data by ensuring their availability, authentication, confidentiality, and integrity. Information Systems/Network Security - Knowledge of methods, tools, and procedures, including development of information security plans, to prevent information systems vulnerabilities, and provide or restore security of information systems and network services. Planning and Evaluating - Organizes work, sets priorities, and determines resource requirements; determines short- or long-term goals and strategies to achieve them; coordinates with other organizations or parts of the organization to accomplish goals; monitors progress and evaluates outcomes. Risk Management - Knowledge of the principles, methods, and tools used for risk assessment and mitigation, including assessment of failures and their consequences. Compliance - Knowledge of procedures for assessing, evaluating, and monitoring programs or projects for compliance with Federal laws, regulations, and OMB circulars. AND Specialized Experience: You must have one year of specialized experience equivalent to at least the next lower grade GS-12 in the normal line of progression for the occupation in the organization. Specialized experience is defined as: experience that includes being responsible for the independent review and analysis of cybersecurity risk management data from multiple data sources to identify risks and systemic problems, and to determining the quality and appropriateness of cybersecurity risk management; conducting independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls (as defined in NIST SP 800-37); and performing cybersecurity risk management activities which are designed to improve the processes and procedures and overall cybersecurity of the enterprise. Applicant must also possess specialized experience supporting Risk Management Framework (RMF) compliance functions to include Governance, Risk and Compliance (GRC) capabilities and OIG Federal Information Security Management Act (FISMA) and Federal Information System Controls Audit (FISCAM) Audits.

How to Apply: Please read the entire announcement and all the instructions before you begin an application. To apply for this position, you must complete the initial online application, to include the initial online questionnaire and submission of the required documentation specified in the How to Apply and Required Documents section. The complete application package must be submitted by 11:59 PM (ET) on the closing date of the announcement to receive consideration. To preview the application questionnaire, click https://apply.usastaffing.gov/ViewQuestionnaire/12948809. The application process is as follows: To begin, click Apply Online to create a USA JOBS account or log in to your existing account. Follow the prompts to select your USA JOBS resume and/or other supporting documents. Answer the questions presented in the application and attach all necessary supporting documentation. Click the Submit Application button prior to 11:59 PM (ET) on the announcement closing date, 05/08/2026. NOTE: It is your responsibility to ensure your responses and appropriate documentation is submitted prior to the closing date. If you are required to complete any USA Hire Assessments, you will be notified after submitting your application. The notification will be provided in your application submission screen and via email. The notification will include your unique assessment access link to the USA Hire system and the completion deadline. Additionally, in USAJOBS you can click "Track this application" to return to your assessment completion notice. Access USA Hire using your unique assessment link. Access is granted through your USAJOBS login credentials. Review all instructions prior to beginning your assessments. You will have the opportunity to request a testing accommodation before beginning the assessments should you have a disability covered under the Rehabilitation Act of 1973 as amended. For more general information, system requirements, reasonable accommodation information, and to request assistance regarding the USA Hire Assessments, review the following resources:https://help.usastaffing.gov/Apply/index.php?title=USA_Hire_Assessments To update your application, including supporting documentation: During the announcement open period, return to your USAJOBS account, find your application record, and click Edit my application. This option will no longer be available once the announcement has closed. To view the announcement status or your application status: https://www.usajobs.gov/Help/howto/application/status/.Your application status page is where you can view your application status, USA Hire assessment completion status, and review your notifications sent by the hiring agency regarding your application. Reasonable Accommodation (RA) Requests: If you believe you have a disability (i.e., physical or mental), covered by the Rehabilitation Act of 1973 as amended that would interfere with completing the USA Hire Competency Based Assessments, you will be granted the opportunity to request a RA in your online application. Requests for RA for the USA Hire Competency Based Assessments and appropriate supporting documentation for RA must be received prior to starting the USA Hire Competency Based Assessments. Decisions on requests for RA are made on a case-by-case basis. If you meet the minimum qualifications of the position, after notification of the adjudication of your request, you will receive an email invitation to complete the USA Hire Competency Based Assessments, based on your adjudication decision. You must complete all assessments within 48 hours of receiving the URL to access the USA Hire Competency Based Assessments if you received the link after the close of the announcement. To determine if you need a RA, please review the Procedures for Requesting a Reasonable Accommodation for Online Assessments here: https://help.usastaffing.gov/Apply/index.php?title=Reasonable_Accommodations_for_USA_Hire Placement Policy: The posting of this announcement does not obligate management to fill a vacancy or vacancies by promotion. The position may be filled by reassignment, change to lower grade, transfer, appointment, or reinstatement. Management may use any one or any combination of these methods to fill the position. It is the policy of the VA to not deny employment to those that have faced financial hardships or periods of unemployment.

Application Deadline: 2026-05-08