IT Cybersecurity Specialist

To qualify for this position, your resume must state sufficient experience and/or education, to perform the duties of the specific position for which you are applying. At the GS-13 level Qualified candidates must possess: 1 year of specialized experience equivalent to at least the GS-12 level or equivalent experience. Specialized experience is experience which is directly related to the line of work of the position to be filled and which has equipped the applicant with the knowledge, skills, and abilities to successfully perform the duties of the position, for example: Specialized experience includes: (1) coordination, implementation, and enforcement of cybersecurity policies; (2) continuously monitors, periodically reviews, manages, and reports on IT systems, related tasks, processes, policies, and procedures; (3) develops policies, guidelines, training material, documentation, and technical drawings related to cybersecurity; (4) stays informed on government-wide laws, regulations, and guidelines related to cybersecurity including FISMA, NIST's Risk Management Framework, Special Publications SP-800-53, and CISA's Strategies, Models, and Pillars for Zero Trust; (5) provides cybersecurity coaching, advice, and instruction to organization staff. As part of the online application process you will need to respond to a series of questions designed to assess your possession of the following knowledge, skills, abilities, and/or competencies: Customer Service Cybersecurity Project Management Technical Competence Written Communication Major Duties: - Coordinate and enforce cybersecurity policies for on-premise, hybrid, mobile, and cloud systems, working closely with the Chief Information Security Officer and OIT leadership. Ensure confidentiality, integrity, and availability of NEH systems by implementing and maintaining security programs and tools across all platforms including continuous monitoring solutions. Assist with cybersecurity reviews and risk assessments for NEH systems and manage reporting and remediation for FISMA and related audits. Maintain and update security documentation and governance artifacts, including NIST SP 800-53 controls, system security plans, and IT security policies. Implement and evaluate security programs to minimize vulnerabilities, enforce backup procedures, and ensure compliance with legal and regulatory requirements. Advise staff on security issues and deliver IT security awareness training, while liaising with internal and external groups on audits and compliance matters. Promote best practices and emerging technologies in cybersecurity, develop metrics and dashboards, and recommend resources to strengthen NEH's security posture.