Duties
This is an open continuous announcement to fill current and future vacancies, until 07/30/2026. This is an open continuous announcement with cutoff dates. Applications will be referred based on receipt of application and established cutoff dates as follows:
1st cutoff date: 07/10/2026
2nd cutoff date: 07/20/2026
Last cutoff date: 07/30/2026
We encourage you to read this entire vacancy announcement prior to submitting your application.
As a IT Spec (INFOSEC), GS-2210-14, you will be responsible for:
• Leading enterprise cybersecurity program oversight across the Federal Student Aid (FSA) environment with in-depth knowledge of the Federal Information Security Modernization Act (FISMA), Federal Risk and Authorization Management Program (FedRAMP), Department of Homeland Security Binding Operational Directives (DHS BODs), and related federal directives; ensure stakeholder security requirements are implemented across Zero Trust, segmented, and cloud architectures; and advise senior leadership on emerging threats and overall enterprise security posture.
• Managing enterprise safeguards and compliance programs with expert knowledge of Internal Revenue Service (IRS) Publication 1075, Gramm Leach Bliley Act (GLBA) Safeguards Rule, NIST Special Publication (SP) 800 53, and NIST SP 800 171; oversee implementation and continuous monitoring of required controls across systems processing Federal Tax Information (FTI) and Controlled Unclassified information (CUI); and lead the full NIST SP 800 171 compliance lifecycle for Institutions of Higher Education (IHE).
• Directing and leading Authority to Operate (ATO) and Operational Security Assessment (OSA) processes; perform Risk Management Framework (RMF)-aligned risk assessments, impact analyses, control evaluations, and continuous monitoring; serve as the technical authority for enterprise risk posture with strong skill in ATO, Enterprise Risk Management (ERM), continuous monitoring, and enterprise risk analysis; and provide authoritative recommendations supported by strong written and oral communication and leadership.
• Overseeing incident response & compliance case management: triage, investigation, documentation, corrective action tracking, and regulatory reporting; provide senior advisory support during high risk events affecting significant data/systems.
• Driving enterprise risk management artifacts (risk register, dashboards), committee support (Enterprise Cyber Risk Committee (ECRC), Chief Technology Officer (CTO) Risk Committee), training, and cybersecurity communications; manage Enterprise Risk Management (ERM) tool and user support.
Requirements
Conditions of employment
- Relocation will not be paid.
- You may be subject to serve a one-year probationary period.
- Males 18 and over must be registered with the Selective Service.
- Must be a US Citizen
- Must complete a background investigation and fingerprint check.
- This is a drug testing position.
Condition of Employment:
As a condition of employment for accepting this position, you may be required to serve a probationary period or trial period during which we will evaluate your fitness and whether your continued employment advances the public interest. In determining if your employment advances the public interest, we may consider: • your performance and conduct; • the needs and interests of the agency; • whether your continued employment would advance organizational goals of the agency or the Government; and • whether your continued employment would advance the efficiency of the Federal service. Upon completion of your probationary period OR trial period your employment will be terminated unless you receive certification, in writing, that your continued employment advances the public interest.
You must meet all qualification requirements within 30 days of the closing date of this vacancy announcement.
Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community, student, social). Volunteer work helps build critical competencies, knowledge, and skills, and can provide valuable training and experience that translates directly to paid employment. We will consider all qualifying experience, including any volunteer experience.
Qualifications
Minimum Qualification Requirements
You may meet the minimum qualifications for the GS-14, if you possess the specialized experience.
Specialized Experience for the GS-14
One year of experience in either federal or non-federal service that is equivalent to at least a GS-13 performing two (2) out of three (3) of the following duties or work assignments:
1. Experience managing cybersecurity compliance programs (e.g., NIST SP 800 171, Gramm-Leach-Bliley Act (GLBA), Federal Tax Information (FTI)) in complex enterprise or higher education environments; coordinating controls, assessments, and audit readiness.
2. Experience leading federal or private cybersecurity audits, producing corrective action plans (CAPs), interpreting findings, and coordinating remediation across multiple stakeholders.
3. Experience developing and executing enterprise cybersecurity training, governance artifacts (risk registers, dashboards), and documentation in support of Enterprise Risk Management (ERM) and committee reporting.
Basic Experience Requirements
You must possess IT related experience (paid or unpaid experience and/or completion of specific, intensive training (e.g., IT certification), as appropriate) demonstrating each of the nine competencies listed below.
1. Attention to Detail - Is thorough when performing work and conscientious about attending to detail.
2. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.
3. Decision Making - Makes sound, well-informed, and objective decisions; perceives the impact and implications of decisions; commits to action, even in uncertain situations, to accomplish organizational goals; causes change.
4. Information Management - Identifies a need for and knows where or how to gather information; organizes and maintains information or information management systems.
5. Interpersonal Skills - Shows understanding, friendliness, courtesy, tact, empathy, concern, and politeness to others; develops and maintains effective relationships with others; may include effectively dealing with individuals who are difficult, hostile, or distressed; relates well to people from varied backgrounds and different situations
6. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.
7. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.
8. Teamwork - Encourages and facilitates cooperation, pride, trust, and group identity; fosters commitment and team spirit; works with others to achieve goals.
9. Technical Competence – Uses knowledge that is acquired through formal training or on-the-job experience to perform one's job; works with, understands, and evaluates technical information related to the job; advises others on technical issues.
Knowledge, Skills, and Abilities (KSAs)
The quality of your experience will be measured by the extent to which you possess the following knowledge, skills and abilities (KSAs). You do not need to provide separate narrative responses to these KSAs, as they will be measured by your responses to the occupational questionnaire (you may preview the occupational questionnaire by clicking the link at the end of the Evaluations section of this vacancy announcement).
1. Knowledge of enterprise security programs, risk mitigation, vulnerability management, penetration testing coordination, and executive communication.
2. Ability to interpret federal cybersecurity regulations; experience implementing controls and audit readiness for Federal Tax Information (FTI)/Controlled Unclassified Information (CUI) environments.
3. Skill in Risk Management Framework (RMF) / Authority to Operate (ATO), continuous monitoring, and enterprise risk analysis and communication
4. Skill in Incident handling, regulatory reporting, stakeholder coordination, escalation leadership.
5. Knowledge of ERM frameworks, governance, training development, tooling administration.
Education
Education cannot be substituted for experience for this position and grade level.
Additional information
Veterans’ Career Counseling: If you are a veteran interested in receiving tips on preparing a Federal resume and/or how to prepare for an interview, you may email careers@ed.gov to schedule a session with a career counselor (“Veterans Counseling Session” should be placed in the subject line of the email).
Student Loan Default: If selected for this position, we will verify that you have not defaulted on any loan funded or guaranteed by the U.S. Department of Education. If you are found to be in default, we will contact you to make arrangements for repayment prior to making an official offer of employment.
Suitability and Investigation: If selected for this position, you will be required to complete the Declaration for Federal Employment (OF-306) to determine your suitability for federal employment and successfully complete a pre-appointment investigation/background check.
Essential/Non-Essential: This position is considered essential for purposes of reporting to work during federal government closures.
Financial Disclosure: This position does not require financial disclosure.
Bargaining Unit: This position is not included in the bargaining unit.
Selections: Agencies have broad authority under law to hire from any appropriate source of eligibles and may fill a vacancy in the competitive service by any method authorized. We may make additional selections from this vacancy announcement within 90 days from the date the selection certificates are issued, should vacancies occur. We may also share selection certificates amongst program offices across the agency.
Preferred certifications: Certified Information Systems Security Professional (CISSP) or Certified Information Systems Auditor (CISA) professional certification in IT Security or IT Risk from a recognized, credentialed, professional association.
Candidates should be committed to improving the efficiency of the Federal government, passionate about the ideals of our American republic, and committed to upholding the rule of law and the United States Constitution.
A career with the U.S. government provides employees with a comprehensive benefits package. As a federal employee, you and your family will have access to a range of benefits that are designed to make your federal career very rewarding. Opens in a new windowLearn more about federal benefits.
As an ED employee, you will also benefit from our family-friendly work environment. As part of our commitment to maintain a work life balance, we offer excused leave for Parent/Teacher Conferences (3 hours); excused leave for annual health screenings (4 hours); and matching leave for community volunteer service. Other flexibilities that may be available to you include alternative work schedules. You may be eligible to receive a recruitment incentive for this position. To receive this incentive payment, you will be required to sign a service agreement obligating you to remain with the U.S. Department of Education for a specified period as agreed upon. You may be eligible to receive a relocation incentive for this position. To receive this incentive payment, you will be required to sign a service agreement obligating you to remain with the U.S. Department of Education for a specified period as agreed upon. You may be eligible to participate in the Student Loan Repayment Program as a recruitment incentive for this position. To receive student loan repayments, you will be required to sign a service agreement obligating you to remain with the U.S. Department of Education for a specified period as agreed upon.
Review our benefits
Eligibility for benefits depends on the type of position you hold and whether your position is full-time, part-time or intermittent. Contact the hiring agency for more information on the specific benefits offered.
How you will be evaluated
You will be evaluated for this job based on how well you meet the qualifications above.
We will review your application and documentation submitted to ensure you meet the basic qualification requirements. You will be evaluated based on how well you meet the qualifications and competencies listed in this vacancy announcement. Your qualifications will be evaluated based on your application materials (e.g., resume, supporting documents), and the result of the Monster Competency Based Assessment(s) required for this position. You will be assessed on the following competencies (knowledge, skills, abilities, and other characteristics):
Non-Supervisory: Oral Communications, Writing, Interpersonal Skills, Problem Solving, Teamwork, Technology Orientation, Customer Service, Attention to Detail and Self-Management
You will be evaluated to determine if you meet qualifications required, and on the extent to which your application shows that you possess the knowledge, skills and abilities associated with this position as defined in the Qualifications section. Please be sure to give examples in your resume and explain how often you used these skills, the complexity of the knowledge you possessed, the level of people you interacted with, and the complexity and sensitivity of the issues you handled.
Based on the outcome of this evaluation, your application data may be further assessed by a Subject Matter Expert (SME) panel. If your qualifications are not substantiated by your submitted resume, you may be eliminated from receiving further consideration.
If you are found to be amongst the most highly qualified applicants, you will be referred to the selecting official. As part of the assessment and selection process, the selecting official may invite you to participate in a structured interview, check your references, and/or request that you submit a writing sample or complete a written assessment or exercise to further evaluate your qualifications for this position.
You may preview questions for this vacancy.