Director, Information Security and Privacy Group/Chief Information Security Officer

Summary This position is located in the Office of Information Technology (OIT), Centers for Medicare and Medicaid Services (CMS). As the Director, Information Security and Privacy Group/Chief Information Security Officer, you will direct CMS' Information Security and Privacy Programs, which fulfill CMS' responsibility to maintain and improve the security of its information and information systems. Learn more about this agency Duties Plan, coordinate, and control information system security and privacy CMS-wide, including security and privacy measures across the full technology stack. Direct and mature a CMS-wide cybersecurity and privacy program ensuring risk-based protection commensurate with the magnitude of harm to beneficiaries, providers, and federal programs. Direct and enforce enterprise-wide compliance with federal cybersecurity and privacy statutes, regulations, and policies. Oversee Security Operations Center (SOC) operations, threat intelligence, detection, and response capabilities. Establish enterprise risk metrics and performance indicators tied to mission impact, operational resilience, and budget decisions. Represents CMS in engagements with HHS, OMB, interagency partners, and Congressional stakeholders. Requirements Conditions of employment Must be a U.S. Citizen or National. Subject to a 1-year supervisory probationary period (unless already completed). Complete a Declaration for Federal Employment to determine your suitability for Federal employment, at the time requested by the agency. If you are a male applicant born after December 31, 1959, certify that you have registered with the Selective Service System or are exempt from having to do so. May be subject to pre-employment and random drug tests. You may be required to obtain and maintain an interim and/or final security clearance prior to entrance on duty. Failure to obtain and maintain the required level of clearance may result in the withdrawal of a job offer or removal. The Ethics in Government Act, PL 95-521 requires the applicant selected for this position to submit a financial disclosure statement, OGE-278e, prior to assuming the SES position, annually, and upon termination of employment. Status applicants must submit a copy of their most recent SF-50, Notification of Personnel Action, which verifies status. All initial appointments to an SES position are contingent on approval from OPM's Qualifications Review Board unless the selectee has successfully participated in an OPM approved SES Candidate Development Program. Only experience obtained by the closing date of this announcement will be considered. Qualifications Candidates should be committed to improving the efficiency of the Federal government, passionate about the ideals of our American republic, and committed to upholding the rule of law and the United States Constitution. Candidates will not be hired based on their race, sex, color, religion, or national origin. To meet the minimum qualification requirements for this position, you must show that you possess the Executive Core Qualifications (ECQ) and Technical Qualifications (TQ) related to this position within your resume - NOT TO EXCEED 2 PAGES. Resumes over the 2-page limit, will not be reviewed beyond page 2 or may be disqualified. Your resume should include examples of experience, education, and accomplishments applicable to the qualification(s). If your resume does not reflect demonstrated evidence of these qualifications, you may not receive consideration for the position. There is NO requirement to prepare a narrative statement specifically addressing the Executive Core Qualifications (ECQs) or the Technical Qualifications (TQs). TECHNICAL QUALIFICATIONS (TQs): Your resume should demonstrate accomplishments that would satisfy the technical qualifications. TQ 1: Demonstrated executive-level experience leading an enterprise cybersecurity and risk management program in a large, complex, and highly regulated organization. Experience must include implementing and overseeing compliance with federal cybersecurity and privacy requirements, including the Federal Information Security Modernization Act (FISMA), Office of Management and Budget (OMB) policies, and National Institute of Standards and Technology (NIST) frameworks, to safeguard mission-critical systems. Demonstrated experience directing risk management, system authorization, continuous monitoring, and external oversight activities, and providing strategic advice to senior leaders on cybersecurity risk and compliance decisions. TQ 2: Demonstrated executive-level experience designing, implementing, and governing enterprise security and privacy controls for high-impact systems in a large, complex organization. Experience must include leading zero trust and identity-centered security initiatives; integrating security and privacy requirements into system development lifecycles and cloud environments; and safeguarding sensitive data within a Health Insurance Portability and Accountability Act (HIPAA)-covered entity. Demonstrated experience enforcing federal privacy and data protection laws and policies, including the Privacy Act, E-Government Act, and HIPAA; directing security operations and incident response programs; and ensuring the availability, integrity, confidentiality, and resilience of mission-critical systems and services. EXECUTIVE CORE QUALIFICATIONS (ECQs): In addition to the Technical Qualification Requirements listed above, all new entrants into the Senior Executive Service (SES) under a career appointment will be assessed for executive competency against the following five mandatory ECQs. If your 2-page resume does not reflect demonstrated evidence of the ECQs and TQs, you may not receive further consideration for the position. There are five ECQs: ECQ 1: Commitment to the Rule of Law and the Principles of the American Founding - This core qualification requires a demonstrated knowledge of the American system of government, commitment to uphold the Constitution and the rule of law, and commitment to serve the American people. ECQ 2: Driving Efficiency - This core qualification involves the demonstrated ability to strategically and efficiently manage resources, budget effectively, cut wasteful spending, and pursue efficiency through process and technological upgrades. ECQ 3: Merit and Competence - This core qualification involves the demonstrated knowledge, ability and technical competence to effectively and reliably produce work that is of exceptional quality. ECQ 4: Leading People - This core qualification involves the demonstrated ability to lead and inspire a group toward meeting the organization's vision, mission, and goals, and to drive a high-performance, high-accountability culture. This includes, when necessary, the ability to lead people through change and to hold individuals accountable. ECQ 5: Achieving Results - This core qualification involves the demonstrated ability to achieve both individual and organizational results, and to align results to stated goals from superiors. Note: If you are a member of the SES or have been certified through successful participation in an OPM approved SES Candidate Development Program (SESCDP), or have SES reinstatement eligibility, you do not need to respond to the ECQs. Instead, you should attach proof (e.g., SF-50, Certification by OPM's SES Qualifications Review Board (QRB)) of your eligibility for noncompetitive appointment to the SES. Education This job does not have an education qualification requirement. Additional information Veterans Preference: Veterans' preference is not applicable to the SES. Mobility:Organizational and geographical mobility is essential in developing and managing SES leaders. Individuals selected for SES positions members may be subject to reassignment across geographical, organizational, and functional lines, and may be required to sign a Reassignment Rights and Obligation Agreement. Equal Employment Opportunity (EEO) Policy Statement: http://www.eeoc.gov/federal/index.cfm Employment Information Resources - Resource Center: https://help.usajobs.gov/how-to Males born after 12-31-1959 must be registered or exempt from Selective Service (see https://www.sss.gov/RegVer/wfRegistration.aspx) OPM must authorize any employment offers made to current or former (within the last 5 years) political Schedule A, Schedule C, or Non-career SES employees in the executive branch. If you are currently, or have been within the last 5 years, a political Schedule A, Schedule C, or Noncareer SES employee in the executive branch, you must disclose that to the Human Resources Office. Salary for SES positions varies depending on qualifications. The annual salary range is found at the top of this announcement. The selectee for this position may be eligible for annual performance bonuses and performance-based pay adjustments. This position is designated as a Testing Designated Position (TDP). You must successfully complete a pre-employment urinalysis drug screening. You will be subject to unannounced random drug testing for the duration of service in this position. Expand Hide  additional information Candidates should be committed to improving the efficiency of the Federal government, passionate about the ideals of our American republic, and committed to upholding the rule of law and the United States Constitution. Benefits A career with the U.S. government provides employees with a comprehensive benefits package. As a federal employee, you and your family will have access to a range of benefits that are designed to make your federal career very rewarding. Opens in a new windowLearn more about federal benefits. Review our benefits Eligibility for benefits depends on the type of position you hold and whether your position is full-time, part-time or intermittent. Contact the hiring agency for more information on the specific benefits offered.