SummaryThis position is located in the Cybersecurity Group within the Office of the Chief Information Officer (OCIO), Office of the Managing Director(OMD), Federal Communications Commission (FCC), located in Washington, DC. RELOCATION EXPENSES WILL NOT BE PAID. THIS VACANCY ANNOUNCEMENT MAY BE USED TO FILL ADDITIONAL POSITIONS WITHIN 90 DAYS.DutiesHelp
The incumbent serves as the Chief Information Security Officer (CISO), reporting directly to the Chief Information Officer (CIO) in the OCIO organization. As the CISO and Group Lead for Cybersecurity and Information Assurance, the incumbent provides executive leadership, strategy, technical direction, and authority for all information security functions across all 19 FCC bureaus and offices to include:
- Provides direct oversight, technical leadership, and administrative management of four critical sub-unit leads: the Lead Security Operations Manager, the Lead for Governance, Risk, and Compliance (GRC), the Lead Security Engineer, and the Lead for Incident Response.
- Establishes, maintains, and enforces the FCC's Enterprise Information Security Strategy, including the integration of emerging technology risk domains such as artificial intelligence (AI) and machine learning (ML) systems into the agency's overall security posture.
- Serves as the principal, authoritative advisor to the CIO, Managing Director, and Chairman on all matters concerning cybersecurity risk, systemic vulnerabilities, threat landscapes, AI-related security risks, and regulatory security compliance.
- Represents the FCC on interagency cybersecurity councils, including OMB, CISA, and White House cyber roundtables, contributing subject-matter expertise on AI governance, Zero Trust implementation, and vulnerability management best practices.
- Synthesizes complex, technical risk data, including vulnerability scan results, threat intelligence, and identity/access risk indicators, into executive-level decision memos and risk-acceptance briefs for agency leadership.
- Provides ultimate oversight for the FCC's 24/7/365 Security Operations Center (SOC), including oversight of SIEM platforms (e.g., Splunk) for continuous monitoring, log correlation, and threat detection across enterprise systems.
- Directs the agency's enterprise vulnerability management program, ensuring timely identification, prioritization, and remediation of vulnerabilities to continuously reduce the agency's attack surface.
- Oversees enterprise identity and access management (IAM) programs, including administration and governance of platforms such as Okta, to ensure secure authentication, privileged access controls, and alignment with ICAM and Zero Trust Architecture principles.
- Establishes and enforces AI security governance protocols, including risk assessments for AI/ML system deployments, safeguards against adversarial machine learning and data poisoning, and oversight of third-party AI tool usage in alignment with NIST AI RMF and applicable OMB guidance.
- Formulates and issues agency-wide Information Security Policies, Handbooks, and Rules of Behavior in strict alignment with FISMA, NIST guidelines (including NIST SP 800-53 and the NIST AI Risk Management Framework), and applicable Executive Orders.
- Leads the development and execution of the cybersecurity group's annual operating budget, prioritizing investments - including tooling for vulnerability management, SIEM, IAM, and AI security, using Capital Planning and Investment Control (CPIC) protocols to balance defense expenditures against mission requirements.
RequirementsHelp
Conditions of employment- US Citizenship.
- Suitable for employment as determined by a background investigation.
- Serve a probationary period of one year, if applicable.
- Males born after 12/31/59 must be registered with Selective Service.
- Financial disclosure statement may be required upon assuming the position.
- Resume must not exceed two pages and must meet resume format criteria.
- Drug Testing Required.
- Suitable for employment as determined by a background investigation.
- Security Clearance Required
Please note your resume must thoroughly support your responses to the vacancy questions. Your resume is an integral part of the process for determining if you meet the basic qualifications of the position and determining if you are to be among the best qualified.
QualificationsInterested candidates should be passionate about the ideals of our American republic, committed to upholding the rule of law and the U.S. Constitution, and committed to improving the efficiency of the Federal government. Hiring decisions will not be based on race, sex, color, religion, or national origin.
Applicants must meet eligibility and qualification requirements by the closing date of this announcement.
Time in grade restrictions do not apply to Direct Hire procedures.SME REVIEWIndividuals must have IT-related experience demonstrating each of the competencies listed below. SME's will be conducting a scored structured resume review to determine if candidate's resumes demonstrate all required competencies as outlined below. To be eligible for referral to the selecting official, candidates must receive a score of at least 75.56.- Attention to Detail - Is thorough when performing work and conscientious about attending to detail.
- Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.
- Decision Making - Makes sound, well-informed, and objective decisions; perceives the impact and implications of decisions; commits to action, even in uncertain situations, to accomplish organizational goals; causes change.
- Information Management - Identifies a need for and knows where or how to gather information; organizes and maintains information or information management systems.
- Interpersonal Skills - Shows understanding, friendliness, courtesy, tact, empathy, concern, and politeness to others; develops and maintains effective relationships with others; may include effectively dealing with individuals who are difficult, hostile, or distressed; relates well to people from varied backgrounds and different situations
- Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.
- Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations
- Teamwork - Encourages and facilitates cooperation, pride, trust, and group identity; fosters commitment and team spirit; works with others to achieve goals.
- Technical Competence - Uses knowledge that is acquired through formal training or on-the-job experience to perform one's job; works with, understands, and evaluates technical information related to the job; advises others on technical issues.
- Cyber-Expert knowledge of Federal cyber and cybersecurity policy, procedures, and guidelines, cyber and cybersecurity concepts, terms, and technical aspects.
- Advice-Expert ability to provide advice, guidance, and recommendations to senior management on critical policy issues; make decisions or recommendations that significantly influence important Commission IT and Cybersecurity policies or programs.
- IT Principles-Skill in applying advanced IT principles, concepts, methods, standards, and practices sufficient to accomplish assignments such as develop and interpret policies, procedures, and strategies governing the planning and delivery of IT services throughout the agency.
ANDGS-15In order to be deemed as qualified, candidates must have one year of specialized experience which is equivalent to the GS-14 level in the Federal service. Specialized experience is defined as follows:
• Demonstrated experience implementing and maintaining compliance with FISMA, FedRAMP, and NIST Risk Management Framework (RMF), including NIST SP 800-37, 800-53, and 800-171
• Experience managing Authorization to Operate (ATO) processes, including Security Assessment and Authorization (SA&A) packages.
• Experience with CMMC (Cybersecurity Maturity Model Certification) requirements, if applicable to the agency.
• Experience managing Plans of Action and Milestones (POA&Ms) and reporting to CISA/OMB.
• Experience working with Continuous Diagnostics and Mitigation (CDM) program requirements.
• Experience developing or implementing AI governance frameworks aligned with NIST AI Risk Management Framework (AI RMF) and OMB M-24-10.
• Experience overseeing Security Operations Center (SOC) functions, including detection engineering and incident triage.
• Experience leading enterprise vulnerability management programs, including use of tools such as Tenable.
• Experience reducing organizational attack surface through patch management, configuration hardening, and risk-based prioritization.
• Experience implementing Zero Trust Architecture (ZTA) principles across network, identity, and data layers.
• Experience securing FedRAMP-authorized cloud environments (AWS GovCloud, Azure Government, or similar).
• Experience with cloud security posture management (CSPM) and container/Kubernetes security.
• Experience coordinating with CISA, US-CERT, and other federal partners on incident reporting and response.
• Experience developing and testing incident response plans, tabletop exercises, and continuity of operations (COOP) planning.
• Experience leading cross-functional security teams and managing federal IT security budgets.
• Experience developing agency/company-wide cybersecurity strategy, policy, and workforce training programs.
• Experience presenting risk posture and compliance status to agency leadership, Inspectors General, or GAO auditors or similar.
PART-TIME OR UNPAID EXPERIENCE: Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community, student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience.
EducationAny/all educational requirements (if applicable) are listed and outlined within the "Qualifications" section.
BenefitsHelp
A career with the U.S. government provides employees with a comprehensive benefits package. As a federal employee, you and your family will have access to a range of benefits that are designed to make your federal career very rewarding. Opens in a new windowLearn more about federal benefits.
The FCC offers a wide range of employee benefits, including:
Health Insurance
Life Insurance
Dental & Vision Insurance
Flexible Spending Accounts
Long-Term Care Insurance
Holidays and Leave
Retirement
Thrift Savings Plan
Transit Benefit
Alternative Work Schedule
Telecommuting
Eligibility for benefits depends on the type of position you hold and whether your position is full-time, part-time or intermittent. Contact the hiring agency for more information on the specific benefits offered.