Minimum Qualification Requirements You may meet the minimum qualifications for the GS-14, if you possess the specialized experience. Specialized Experience for the GS-14 One year of experience in either federal or non-federal service that is equivalent to at least a GS-13 performing two (2) out of three (3) of the following duties or work assignments: 1. Experience managing cybersecurity compliance programs (e.g., NIST SP 800 171, Gramm‐Leach‐Bliley Act (GLBA), Federal Tax Information (FTI)) in complex enterprise or higher education environments; coordinating controls, assessments, and audit readiness. 2. Experience leading federal or private cybersecurity audits, producing corrective action plans (CAPs), interpreting findings, and coordinating remediation across multiple stakeholders. 3. Experience developing and executing enterprise cybersecurity training, governance artifacts (risk registers, dashboards), and documentation in support of Enterprise Risk Management (ERM) and committee reporting. Basic Experience Requirements You must possess IT related experience (paid or unpaid experience and/or completion of specific, intensive training (e.g., IT certification), as appropriate) demonstrating each of the nine competencies listed below. 1. Attention to Detail - Is thorough when performing work and conscientious about attending to detail. 2. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. 3. Decision Making - Makes sound, well-informed, and objective decisions; perceives the impact and implications of decisions; commits to action, even in uncertain situations, to accomplish organizational goals; causes change. 4. Information Management - Identifies a need for and knows where or how to gather information; organizes and maintains information or information management systems. 5. Interpersonal Skills - Shows understanding, friendliness, courtesy, tact, empathy, concern, and politeness to others; develops and maintains effective relationships with others; may include effectively dealing with individuals who are difficult, hostile, or distressed; relates well to people from varied backgrounds and different situations 6. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. 7. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. 8. Teamwork - Encourages and facilitates cooperation, pride, trust, and group identity; fosters commitment and team spirit; works with others to achieve goals. 9. Technical Competence – Uses knowledge that is acquired through formal training or on-the-job experience to perform one's job; works with, understands, and evaluates technical information related to the job; advises others on technical issues. Knowledge, Skills, and Abilities (KSAs) The quality of your experience will be measured by the extent to which you possess the following knowledge, skills and abilities (KSAs). You do not need to provide separate narrative responses to these KSAs, as they will be measured by your responses to the occupational questionnaire (you may preview the occupational questionnaire by clicking the link at the end of the Evaluations section of this vacancy announcement). 1. Knowledge of enterprise security programs, risk mitigation, vulnerability management, penetration testing coordination, and executive communication. 2. Ability to interpret federal cybersecurity regulations; experience implementing controls and audit readiness for Federal Tax Information (FTI)/Controlled Unclassified Information (CUI) environments. 3. Skill in Risk Management Framework (RMF) / Authority to Operate (ATO), continuous monitoring, and enterprise risk analysis and communication 4. Skill in Incident handling, regulatory reporting, stakeholder coordination, escalation leadership. 5. Knowledge of ERM frameworks, governance, training development, tooling administration.