What are the responsibilities and job description for the Supervisory IT Specialist (INFOSEC) position at DAS for Information Technology - 103?
The Director provides oversight for all of the risk management realm of Information Assurance, Office of Information Security (OIS), within the Office of Information and Technology, Department of Veterans Affairs (VA). The primary role is to develop and/or analyze procedures and systems for identifying, assessing/validating, and reporting on the effectiveness of major cybersecurity risk management programs that is evaluated as it relates to both IT and traditional programs.
You may qualify based on your experience and/or education as described below:
Selective Placement Factor: In addition to the minimum qualifications described above, you must meet the following requirements to be considered for the position: Must have experience leading enterprise cybersecurity risk management programs in accordance with the NIST Risk Management Framework, including evaluating and validating security controls, preparing or approving authorization documentation, and making authorization impact recommendations for enterprise level IT systems.
Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religions; spiritual; community; student; social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience.
Note: A full year of work is considered to be 35-40 hours of work per week. Part-time experience will be credited on the basis of time actually spent in appropriate activities. Applicants wishing to receive credit for such experience must indicate clearly the nature of their duties and responsibilities in each position and the number of hours a week spent in such employment.
Veterans and Transitioning Service Members: Please visit the VA for Vets site for career-search tools for Veterans seeking employment at VA, career development services for our existing Veterans, and coaching and reintegration support for military service members.
For more information on these qualification standards, please visit the United States Office of Personnel Management's website at https://www.opm.gov/policy-data-oversight/classification-qualifications/general-schedule-qualification-standards/.
OIT Vision: To become a world-class organization that provides a seamless, unified Veteran experience through the delivery of state-of-the-art technology.
Major Duties:
Work Schedule: Monday-Friday, 8am-430pm
Compressed/Flexible: Available at the manager's discrection
Telework: Adhoc telework may be authorized at the management's discrection.
Virtual: This is not a virtual position.
Position Description/PD#: Supervisory IT Specialist (INFOSEC)/PD178520
Relocation/Recruitment Incentives: Not Authorized
Permanent Change of Station (PCS): Not Authorized
PCS Appraised Value Offer (AVO): Not Authorized
Physical Demands: The work is sedentary. Some work may require walking and standing in conjunction with travel and attendance at meetings and conferences away from the work site and carrying light items such as papers or books.
Working Conditions: The work area is adequately lighted, heated, and ventilated. The work environment involves everyday risks or discomforts that require normal safety precautions. This position requires minimal travel. The incumbent may be required to use both air and ground transportation.
Designated Drug Testing Position: Not applicable. This is a non-bargaining unit eligible position.
Qualifications:
To qualify for this position, applicants must meet all requirements by the closing date of this announcement, 06/03/2026.You may qualify based on your experience and/or education as described below:
- Basic Requirements: Experience must be IT related; the experience may be demonstrated by paid or unpaid experience and/or completion of specific, intensive training (for example, IT certification), as appropriate. For all positions individuals must have IT-related experience demonstrating each of the five competencies listed below. The employing agency is responsible for identifying the specific level of proficiency required for each competency at each grade level based on the requirements of the position being filled.
- Attention to Detail - Is thorough when performing work and conscientious about attending to detail.
- Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.
- Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.
- Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.
- Specialized Experience: You must have one year of specialized experience equivalent to at least the next lower grade GS-15 in the normal line of progression for the occupation in the organization. Examples of specialized experience would typically include, but are not limited to:
- Skills in leading Cybersecurity Risk Management by directing and overseeing enterprise risk activities; designing evaluation/reporting methods; defining program metrics. -
- Skills in applying Enterprise Risk Management & Security Architecture by applying information systems security principles and concepts, risk management processes, and cybersecurity and privacy principles to guide architecture decisions and risk acceptance/mitigation across a large portfolio.
- Skills in leading end- to-end Security Assessment & Authorization (A&A) activities (categorization, selection, implementation, assessment, authorization, and monitoring) for complex or high- value VA systems, resulting in timely Authorizations to Operate (ATO) and measurable POA&M reduction.
- Skills in applying Program/Process Management & Quality by using current industry methods to evaluate, implement, and disseminate security assessment, monitoring, detection, and remediation capabilities (e.g., vulnerability management, configuration compliance, logging/analytics), and validating outcomes through metrics.
Selective Placement Factor: In addition to the minimum qualifications described above, you must meet the following requirements to be considered for the position: Must have experience leading enterprise cybersecurity risk management programs in accordance with the NIST Risk Management Framework, including evaluating and validating security controls, preparing or approving authorization documentation, and making authorization impact recommendations for enterprise level IT systems.
Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religions; spiritual; community; student; social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience.
Note: A full year of work is considered to be 35-40 hours of work per week. Part-time experience will be credited on the basis of time actually spent in appropriate activities. Applicants wishing to receive credit for such experience must indicate clearly the nature of their duties and responsibilities in each position and the number of hours a week spent in such employment.
Veterans and Transitioning Service Members: Please visit the VA for Vets site for career-search tools for Veterans seeking employment at VA, career development services for our existing Veterans, and coaching and reintegration support for military service members.
For more information on these qualification standards, please visit the United States Office of Personnel Management's website at https://www.opm.gov/policy-data-oversight/classification-qualifications/general-schedule-qualification-standards/.
Responsibilities:
OIT Mission: The mission of the Office of Information and Technology (OIT) is to collaborate with our business partners to create the best experience for all Veterans.OIT Vision: To become a world-class organization that provides a seamless, unified Veteran experience through the delivery of state-of-the-art technology.
Major Duties:
- Identifies and address cyber workforce planning and management issues.
- Performs security reviews, identifies gaps in security architecture, and develops a security risk management plan.
- Ensures that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
- Approves short-term, long-term, and multiyear assessment plans and assessment schedules.
- Responsible for providing expert advice and developing strategic compliance plans, policies, and guidance for a designated team.
- Performs need analysis to determine opportunities for new and improved business process solutions.
- Oversees the monitoring of compliance with federal, state, and local laws, and regulations at designated VA or contractor managed facilities and VA-wide programs.
- Provide enterprise cybersecurity and supply chain risk management guidance for development of the Continuity of Operations Plans
- Conducts independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an Information Technology (IT) system to determine the overall effectiveness of the controls.
- Leads, coordinates, communicates, integrates, and is accountable for the overall success of the program, ensuring alignment with agency or enterprise priorities.
- Oversees teams through one or more levels of supervision in performing work related to
developing and monitoring compliance programs, plans, procedures, and methodologies and/
or analyzing quality initiatives and processes. - Manages a comprehensive program of assessments designed to measure how well VA
information systems comply with legislative and federal government oversight as well as VA
policies, procedures, and practices.
Work Schedule: Monday-Friday, 8am-430pm
Compressed/Flexible: Available at the manager's discrection
Telework: Adhoc telework may be authorized at the management's discrection.
Virtual: This is not a virtual position.
Position Description/PD#: Supervisory IT Specialist (INFOSEC)/PD178520
Relocation/Recruitment Incentives: Not Authorized
Permanent Change of Station (PCS): Not Authorized
PCS Appraised Value Offer (AVO): Not Authorized
Physical Demands: The work is sedentary. Some work may require walking and standing in conjunction with travel and attendance at meetings and conferences away from the work site and carrying light items such as papers or books.
Working Conditions: The work area is adequately lighted, heated, and ventilated. The work environment involves everyday risks or discomforts that require normal safety precautions. This position requires minimal travel. The incumbent may be required to use both air and ground transportation.
Designated Drug Testing Position: Not applicable. This is a non-bargaining unit eligible position.
Salary : $147,945