Summary The Information Systems Security Manager serves as a technical and policy expert in cybersecurity, providing strategic leadership and direction to support the analytic and business missions of the Center. This role is responsible for ensuring the security and integrity of JWAC systems and software, and for overseeing all efforts to gain and maintain Authority to Operate. Responsibilities Lead development, maintenance, and coordinate enforcement of a formal Information Security program and related policies for the assigned area of responsibility. Ensures security of JWAC authorized systems by executing Continuous Monitoring activities as defined in JWAC ConMon Plan. Security advisor to technical teams, stakeholders, and senior leadership on IT security matters including gaining and maintaining Authority to Operate for JWAC systems and software in a multi-level security domain. Serve as point of contact for information system security-related matters including assessing risks and providing recommendations and findings to senior leadership and stakeholders. Collaborate with other information security professionals to ensure the effective implementation of security controls. Prepare and maintain IT security-related documents, including reports, briefs, trainings and SOPs. The ISSM shall assume Information System Security Officer (ISSO) responsibilities in the absence of the ISSO. Stay abreast of emerging threats, vulnerabilities, and technologies related to information system security. Apply expert knowledge of modern information technology and cybersecurity concepts, as well as DoD IT policy and procedures, to achieve secure, effective solution design and implementation. Requires strong technical expertise, excellent communication and collaboration skills, and the ability to advise and influence senior leadership on IT security matters. Key advisor to technical teams, stakeholders, and senior leadership, providing guidance related to IT security best practices, risk management, and compliance. Requirements Conditions of Employment Qualifications Only applicants who meet the area of consideration are eligible to apply for this job. In order to qualify for this position, you must meet the basic education and/or specialized experience requirements. For DR-III: Your resume must demonstrate at least one year of specialized experience at or equivalent to the DR-II/GS-13 grade level. Specialized Experience is defined as work in the private or public sector performing duties in or related to the work of the position being filled. Examples of specialized experience include: Authorizing IT systems under the Risk Management Framework (RMF) and applying National Institute of Standards and Technology (NIST) guidelines, AND Providing technical guidance and oversight to IT security teams, AND Developing and implementing cybersecurity policies, procedures, and standards to protect sensitive information and systems Knowledge, Skills, and Abilities: Knowledge of cybersecurity principles, risk management, and NIST guidelines, with a focus on authorizing IT systems under the Risk Management Framework (RMF) and ensuring compliance with relevant laws and regulations, including FISMA and FedRAMP. Knowledge of cybersecurity technologies, including cloud computing, cybersecurity, and data analytics, with the ability to analyze complex cybersecurity problems, assess cybersecurity risks, and recommend mitigation strategies. Ability to collaborate effectively with other organizations to establish strategic partnerships that promote positive relationships with external assessors and stakeholders. Skills in project management, with the ability to plan projects to meet cybersecurity objectives and priorities, plan for resourcing, and manage multiple tasks and deadlines in a fast-paced environment. Ability to lead and manage a team of cybersecurity professionals, with strong leadership, analytical, problem-solving, and decision-making skills. Ability to apply industry best practices and emerging trends in cybersecurity, as well as familiarity with agile methodologies. Ability to conduct security assessments and authorizations of IT systems using the RMF or other risk management frameworks, with a focus on threat intelligence, incident response, continuous monitoring, and automated security tools. Additional qualification information can be found from the following Office of Personnel Management web site: https://www.opm.gov/policy-data-oversight/classification-qualifications/general-schedule-qualification-standards/#url=List-by-Occupational-Series Computer Science, 1550: https://www.opm.gov/policy-data-oversight/classification-qualifications/general-schedule-qualification-standards/1500/computer-science-series-1550/ Information Technology Specialist, 2210: https://www.opm.gov/policy-data-oversight/classification-qualifications/general-schedule-qualification-standards/0300/gs-2210-information-technology-management-series/ Education ARE YOU USING YOUR EDUCATION TO QUALIFY? You MUST provide transcripts to support your educational claims. Education must be accredited by an accrediting institution recognized by the U.S. Department of Education. FOREIGN EDUCATION: Education completed in foreign colleges or universities may be used to meet the requirements. You must show proof the education credentials have been deemed to be at least equivalent to that gained in conventional U.S. education program. It is your responsibility to provide such evidence when applying. Additional Information