Summary The United States Capitol Police (USCP) safeguards the Congress, Members of Congress, employees, visitors, and Congressional buildings and grounds from crime, disruption, and terrorism. We protect and secure Congress so it can fulfill its constitutional and legislative responsibilities in a safe, secure and open environment. Responsibilities This position is located in the Information Security Division (ISD), Office of Information Systems (OIS), Office of the Chief Administrative Officer (OCAO), United States Capitol Police (USCP). This position directly supports the OIS mission and serves as the USCP Chief Information Security Officer (CISO) for the Department. This position is responsible for supervising work that involves ensuring the confidentiality, integrity, and availability of systems, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, procedures, and tools. The nature of the work of the position requires the incumbent to have and maintain a Top Secret SCI eligible security clearance. The Supervisory IT Cybersecurity Specialist: Leads and advises senior ΙΤ experts throughout the agency and its components on a variety of cybersecurity issues that involve applying or adapting new theories, concepts, or industry standards. Participates in network, application, cloud service, and system design to ensure implementation of appropriate systems security policies. Directs the delivery, implementation and integration of government-wide cybersecurity defense strategies. Implements higher-level security requirements such as those resulting from laws, regulations, or congressional directives related to cybersecurity. As a senior expert in the field of cybersecurity, assists the Chief Information Officer (CIO) in the planning, implementation, and integration of key cybersecurity initiatives. Develops and coordinates cybersecurity programs and defense strategies. Provides authoritative advice to the CΙΟ on the integration of cybersecurity initiatives in alignment with key mission-critical programs. Leads, plans, develops, and coordinates agency-wide information security programs, processes, procedures, and strategies such as agency workforce security training programs. Formulates agency-wide ΙΤ initiatives in response to critical-mission cybersecurity issues. Initiates, directs, and participates in security audits, security reviews, risk assessments and develops contingency plans for realized risks. Develops, implements, oversees, and monitors the assessment and authorization (Α&Α) of organization systems and infrastructure; ΙΤ security strategy, ΙΤ security plans; ΙΤ security policies; standards and practices; and security management programs. Applies expert knowledge of industry best practices and techniques to perform risks analysis of components and systems for incorporation into the existing accreditation boundaries to quantify potential impacts to the security posture. Collaborates with senior information security leads to develop plans for ΙΤ security systems that anticipate, identify, evaluate, mitigate, and minimize risks associated with ΙΤ systems vulnerabilities. Identifies security safeguards against risks such as loss, unauthorized access, use, destruction, modification or unintended or inappropriate disclosure of Law Enforcement Sensitive (LES) information or Personally Identifiable Information (ΡΙΙ). Ensures compliancy of Federal laws, USCP Directives and Departmental policy governing security operations and Privacy protection of technologies, information and programs. Reviews and evaluates information security incident response (IR) practices, processes, and procedures. Manages the USCP IR Directives, reviews and investigates security incident alerts, evaluates results, and provides an in-depth written report of findings. Directs the testing and implementation of improvements, measurements, and/or new policies to ensure awareness and compliance to the IR Directives and all processes and procedures. Identifies changes needed based on new security technologies, methodologies, vulnerabilities, and threats. Manages the assessment of new systems, appliances and software designed to minimize potential security risks. Identifies actual and potential information security problems, trends, and weaknesses and recommends modification and solutions for reducing ΙΤ security risks to the CIO and other senior information security leads. Supervises a team of ΙΤ Cybersecurity Specialists by providing leadership, guidance and direction to ensure work is accomplished in accordance with OIS goals and objectives. Collaborates with other supervisors and managers to coordinate work related priorities and assignments. Reviews and approves work to be accomplished by subordinates; prioritizes and creates schedules for completion of work; establishes objectives, and monitors performance. Interviews and recommends candidates for hire, and recommends other personnel actions such as promotions, awards, or reassignments. Establishes performance standards and evaluates employee performance. Requirements Conditions of Employment You must be a U.S. Citizen. Successful completion of a Background Investigation is required. Must complete a one year probationary period. Must be able to obtain and maintain a TOP Secret/SCI security clearance. Qualifications In order to qualify, you must meet the education and/or experience requirements described below. For the CP-13/GS-15 you must have one year of specialized experience equivalent to the next lower grade CP-12/GS-14. Specialized experience for this position is defined as the following: Presenting data to an audit team, performing spot audits, defending compliance positions or creating plans and procedures designed to meet industry, company, or governmental policies or regulatory requirements; Developing and recommending new and/or revised inspection, evaluation, and penetration testing methodologies for cyber security appraisals; Leading the development of long-range plans for IT security systems that anticipate, identify, evaluate, mitigate, and minimize risks associated with IT systems vulnerabilities. Expertise and previous use of the National Institute of Standards and Technology (NIST) Risk Management Framework and Federal Information Security Management Act (FISMA). Developing and communicating new and/or revised cyber security guidance, policies and processes for an organization. Managing the cyber security portfolio, leading the development of long-range plans for IT security systems that anticipate, identify, evaluate, mitigate, and minimize risks associated with IT systems vulnerabilities. Applicants applying for positions in the 2210 series must have IT-related experience demonstrating each of the four competencies listed below. Attention to Detail - Is thorough when performing work and conscientious about attending to detail. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. All eligibility requirements must be met by the closing date of the vacancy announcement. (Information on Qualification & Education are located at the following link: https://www.opm.gov/policy-data-oversight/classification-qualifications/general-schedule-qualification-standards/) Education There is no education substitution for experience in this series and/or grade. Additional Information Additional Conditions of Employment with USCP: Note: As per the Congressional Accountability Act (CAA) and the Fair Chance to Compete for Jobs Act of 2019, criminal history information will only be collected following a qualifications review and after a tentative offer of employment has been made. A criminal history does not automatically exclude an applicant from employment with the USCP. Criminal History Check -- Must successfully pass a comprehensive criminal history check of the past 10 years if offered employment. A criminal history check will be performed on applicants who accept an offer of employment. Credit Check -- Must successfully pass a credit check. Applicants must not be in default or delinquent on any Federal guaranteed student loans. Applicants must demonstrate a competent financial history. Financial delinquency including collection accounts, liens, repossessions, or garnishments may be a basis for disqualification. Selective Service Registration -- Male applicants must provide verification of registration with the Selective Service System or must verify exemption from the Selective Service System registration because of age or military status. Female applicants are exempt from Selective Service System registration. https://www.sss.gov/Registration/check-a-Registration/Verification-Form Fingerprint Check -- Applicants' fingerprints will be submitted to the Federal Bureau of Investigation (FBI) for a check of the criminal history record. Background Investigation -- Must successfully complete all components of the USCP full field background investigation. There are few automatic grounds for rejection in the USCP background investigation process. Issues of misconduct, such as illegal drug use, arrests, or convictions may not be automatically disqualifying. However, deliberate misstatements, omissions, or intentionally withholding required information at any phase of the hiring process will result in a candidate's disqualification regardless of the nature or reason for the misstatement or omission. The primary reason candidates fail a background investigation is due to deliberately withholding or omitting material facts. Providing false and/or misleading information may be grounds for removal from the application and selection process.