Summary This position is located in the Office of Information and Technology (OIT), Office of Information Security (OIS)/Information Security Risk Management Office. The primary purpose of the position is to collect, analyze, report, and provide support for information security compliance and oversight activities. These activities include information that overviews VA's information security posture to various oversight agencies throughout Federal government. Responsibilities OIT Mission and Vision statements OIT Mission: The mission of the Office of Information and Technology (OIT) is to collaborate with our business partners to create the best experience for all Veterans. OIT Vision: To become a world-class organization that provides a seamless, unified Veteran experience through the delivery of state-of-the-art technology. Major Duties: Author policy and procedural guidance for InfoSec operational staff; coordinate policy lifecycle. Align internal procedures with federal and department security requirements; ensure ongoing compliance. Publish and maintain InfoSec policy; advise/report to leadership; recommend corrective actions and closure. Participate as SME in security requirements identification/analysis; stay current with industry/government activities. Lead security compliance engagement with technical and non-technical communities. Develop, review, and update information security policy supporting automated data collection and reporting. Serve as technical security authority for security-related design; advise system owners in planning. Ensure compliance with VA secure configuration guides and applicable Federal security policies across systems enterprise-wide. Work Schedule: Monday-Friday, 8am-4:30pm Travel Required: Up to 25% travel may be required, as needed, for this position. Compressed/Flexible: As determined by the Agency Policy Telework: VA supports the use of telework as a way to help attract and retain talented individuals in public service, increase worker productivity, and better prepare the agency to operate during emergencies. Adhoc telework may be authorized at management discretion. Virtual: This is not a virtual position. Position Description/PD#: IT Specialist (INFOSEC)/PD17362A Relocation/Recruitment Incentives: Not Authorized Permanent Change of Station (PCS): Not Authorized Financial Disclosure Report: Not applicable Physical Demands: The work is sedentary. Some work may require walking and standing in conjunction with travel and to attendance at meetings and conferences away from the work site. Some employees may carry light items such as papers, book, or small parts. The work does not require any special physical effort. Working Conditions: The work environment involves everyday risks or discomfort that requires normal safety precautions. Designated Drug Testing Position: Not applicable This is a non-bargaining unit eligible position. Requirements Conditions of Employment You must be a U.S. Citizen to apply for this job To be considered for this position, you must complete all required steps in the process. In addition to the application and questionnaire, this position requires an online assessment. The online assessment measures critical general competencies required to perform the job. You may be required to serve a probationary period Subject to background/security investigation Selected applicants will be required to complete an online onboarding process. Acceptable form(s) of identification will be required to complete pre-employment requirements (https://www.uscis.gov/i-9-central/form-i-9-acceptable-documents). Effective May 7, 2025, driver's licenses or state-issued dentification cards that are not REAL ID compliant cannot be utilized as an acceptable form of identification for employment. As a condition of employment for accepting this position, you will be required to serve a 1-year probationary period during which we will evaluate your fitness and whether your continued employment advances the public interest. In determining if your employment advances the public interest, we may consider: your performance and conduct; the needs and interests of the agency; whether your continued employment would advance organizational goals of the agency or the Government; and whether your continued employment would advance the efficiency of the Federal service. Upon completion of your probationary period, your employment will be terminated unless you receive certification, in writing, that your continued employment advances the public interest. Additional Requirements: This is not a remote position. OI&T has multiple worksites at various duty locations, and the individual(s) selected may be assigned to any federal government work site. This announcement will NOT be used for changing duty locations. If selected, and you are a current VA employee, and not on an approved exemption, you will continue to report to your current duty location. Qualifications To qualify for this position, applicants must meet all requirements by the closing date of this announcement, 05/13/2026. You may qualify based on your experience as described below: Basic Requirements Experience: Experience must be IT related; the experience may be demonstrated by paid or unpaid experience and/or completion of specific, intensive training (for example, IT certification), as appropriate. For all positions individuals must have IT-related experience demonstrating each of the five competencies listed below. The employing agency is responsible for identifying the specific level of proficiency required for each competency at each grade level based on the requirements of the position being filled. Attention to Detail - Is thorough when performing work and conscientious about attending to detail. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. AND Selective Placement Factor: In addition to the minimum qualifications described above, you must meet the following requirement(s) to be considered qualified for the position: Documented hands-on experience applying the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) to federal information systems, including performing or supporting security authorization activities such as security control selection, assessment, and/or continuous monitoring in a federal government environment (Federal contractor experience applying NIST RMF to federal systems included). AND Specialized Experience: You must possess a minimum of one (1) year of experience equivalent to at least the GS-12 level. Specialized experience for this position is defined as: Information Security Compliance and Oversight Experience collecting, analyzing, and reporting on information security compliance data to support oversight activities; maintaining records of security requirements from sources including existing policy, guidelines, standards, legislation, and other external mandates; and identifying and documenting system deficiencies using Governance, Risk, and Compliance (GRC) tools or equivalent systems. Security Assessment and Authorization Experience conducting or directly supporting Assessment and Authorization (A&A) activities, including one or more of the following: developing or reviewing System Security Plans (SSPs); performing or supporting security control assessments; documenting Plan of Action and Milestones (POA&Ms); and/or supporting continuous monitoring programs for information systems. Information Security Policy and Strategy Development Experience developing, interpreting, or implementing information security policies, procedures, or strategies in compliance with federal laws and regulations, including the Federal Information Security Modernization Act (FISMA); and providing security guidance or recommendations to technical and non-technical stakeholders such as system owners, program managers, or Information System Security Officers (ISSOs). Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religions; spiritual; community; student; social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience. Note: A full year of work is considered to be 35-40 hours of work per week. Part-time experience will be credited on the basis of time actually spent in appropriate activities. Applicants wishing to receive credit for such experience must indicate clearly the nature of their duties and responsibilities in each position and the number of hours a week spent in such employment. Veterans and Transitioning Service Members: Please visit the VA for Vets site for career-search tools for Veterans seeking employment at VA, career development services for our existing Veterans, and coaching and reintegration support for military service members. Education There is no educational substitution at this grade level. Additional Information Under the Fair Chance to Compete Act, the Department of Veterans Affairs prohibits requesting an applicant's criminal history prior to accepting a tentative job offer. For more information about the Act and the complaint process, visit Human Resources and Administration/Operations, Security, and Preparedness (HRA/OSP) at The Fair Chance Act. This job opportunity announcement may be used to fill additional vacancies. If selected you will be required to report to one of the following locations: Albany, NY Austin, TX Eatontown, NJ Hines, IL Philadelphia, PA Salt Lake City, UT Shepherdstown, WV Washington, DC If space is not immediately available a temporary exception to telework may be granted. If/when workspace is identified, the employee is expected to report to their assigned duty location. If you are unable to apply online or need an alternate method to submit documents, please reach out to the Agency Contact listed in this Job Opportunity Announcement. The Interagency Career Transition Assistance Plan (ICTAP) and Career Transition Assistance Plan (CTAP) provide eligible displaced VA competitive service employees with selection priority over other candidates for competitive service vacancies. To be qualified you must submit appropriate documentation (a copy of the agency notice, your most recent performance rating, and your most recent SF-50 noting current position, grade level, and duty location) and be found well-qualified for this vacancy. To be well-qualified: applicants must possess experience that exceeds the minimum qualifications of the position including all selective factors, and who are proficient in most of the required competencies of the job. Information about ICTAP and CTAP eligibility is on OPM's Career Transition Resources website at http://www.opm.gov/policy-data-oversight/workforce-restructuring/employee-guide-to-career-transition/.
