Chief Information Security Officer

  • Centers for Disease Control and Prevention
  • Atlanta, Georgia, USA
  • Dec 02, 2021
Full-time Cybersecurity Data Security Information Security Information Technology (IT) Risk Analysis

Job Description

The Department of Health and Human Services (HHS) is looking for dynamic and energetic leaders to join the Senior Executive Service (SES) - a talented team of men and women charged with leading the continuing transformation of our government.

This position is SES, an elite group of senior government leaders who possess a diverse portfolio of experience and expertise required to lead across organizations. This cadre of dedicated executives is charged with providing strategic leadership and upholding a commitment to public service that transcends loyalty to a specific agency mission or individual profession.

As an SES member, you will influence the direction of innovation and transformation of the federal government and lead the next generation of public servants. As part of the SES at HHS, you will be among a group of highly skilled executives, contributing to one of the most important missions in the federal government. So, don't just make a career move...make a difference! The Department of Health and Human Services Senior Executive Service - Leaders who touch lives.

This position is located in Department of Health and Human Services (DHHS), Centers for Disease Control and Prevention (CDC), Office of the Director, Office of the Chief Operating Officer (OCOO), Office of the Chief Information Officer (OCIO), Atlanta, Georgia. CDC is an Equal Opportunity Employer.


CDC is the nation's health protection agency, working to keep America healthy, safe, and secure. As a global leader in public health, CDC works to respond, contain, and eliminate disease. Whether we are protecting the American people from health threats, investigating emerging diseases, or mobilizing public health programs with our domestic and international partners, we rely on our employees to make a real difference in protecting the health and safety of people here and around the world.


As Chief Information Security Officer, you will: Serve as a senior advisor and program administrator to the CDC Chief Information Officer; Develop, implement, and monitor a strategic, comprehensive cybersecurity program with organizational units; Implement and maintain CDC's cybersecurity program to ensure that information assets and associated technology, applications, systems, infrastructure, and processes are adequately protected in the digital ecosystem; Lead the development, planning, and coordination of the information security and privacy operations related to cybersecurity and privacy programs; Facilitate information security risk assessment and risk management processes with organizational units; Identify and evaluate the legal and regulatory requirements for information technology and cybersecurity risk to information assets while supporting and advancing the mission and business objectives; Implement practices that meet policies and standards for information security and privacy with business units and partners; Facilitate an information security governance structure through the implementation and oversight of an appropriate governance program; Develop and enhance an up-to-date information security management framework using standards and policies; Manage and contain information security incidents and events to protect corporate information technology (IT) assets, intellectual property, and regulated data; Represent and serve as spokesperson for the Chief Information Officer in establishing and maintaining relationships and partnerships with constituents including DHHS, congressional officials, other federal agencies, and representatives of business and industry. Provide supervision and direction to employees and staff.


Basic Qualifications Requirements

All competitive candidates for SES positions with the federal government must demonstrate leadership experience indicative of senior executive level management capability. This executive experience includes serving in a managerial capacity to a large and diverse organization with responsibility for promoting economy, efficiency, and effectiveness in the administration of programs and operations.

To meet the qualification requirements for this position, you must show in your resume that you possess the six Fundamental Competencies, the five Executive Core Qualifications (ECQs), and the Professional/Technical Qualifications (PTQs) listed below. Your resume should emphasize levels of responsibility, scope, and complexity of programs managed, program accomplishments, and results.


You must have one year of specialized experience directly related to the position that has equipped you with the particular knowledge, skills, and abilities to successfully perform the duties of the position to include senior-level managerial and leadership experience in coordinating the functions of subordinate managers and specialized staff with implementing and maintaining a cybersecurity program to ensure information and systems are protected in the digital environment.


Interpersonal Skills, Oral Communication, Integrity/Honesty, Written Communication, Continual Learning, and Public Service Motivation.


1. Leading Change: The ability to bring about strategic change, both within and outside the organization, to meet organizational goals. Inherent to this ECQ is the ability to establish an organizational vision and to implement it in a continuously changing environment.

2. Leading People: The ability to lead people toward meeting the organization's vision, mission, and goals. Inherent to this ECQ is the ability to provide an inclusive workplace that fosters the development of others, facilitates cooperation and teamwork, and supports constructive resolution of conflicts.

3. Results Driven: The ability to meet organizational goals and customer expectations. Inherent to this ECQ is the ability to make decisions that produce high-quality results by applying technical knowledge, analyzing problems, and calculating risks.

4. Business Acumen: The ability to manage human, financial, and information resources strategically.

5. Building Coalitions: The ability to build coalitions internally and with other federal agencies, state and local governments, nonprofit and private sector organizations, foreign governments, or international organizations to achieve common goals.


This position also requires that you have PTQs that represent knowledge, skills, and abilities essential for success in this role. The following PTQs must be evident in your resume.

1. Senior-level leadership and management experience with leading a comprehensive cybersecurity program and risk management activities.

2. Knowledge of legal and regulatory authorities associated with the oversight and management for information technology (IT) and cybersecurity risk.

3. Senior-level experience facilitating a cybersecurity governance structure through the implementation and oversight of an appropriate governance program.

4. Senior-level experience implementing and monitoring cybersecurity management frameworks and privacy program for an organizational network.

5. Ability to build and maintain effective working relationships and partnerships with individuals and organizations to convey information to support and defend the organization's cybersecurity program to senior-level officials, Congress, federal, state, and non-federal agencies.

It is strongly recommended that you visit the Office of Personnel Management (OPM) webpage for more information regarding the Fundamental Competencies and ECQs. You can find additional information on the proper preparation of ECQs on OPM's website. You are encouraged to follow the Challenge, Context, Action, and Result model outlined in the guide.

If selected, you will be required to complete an ECQ package by drafting narratives for each of the ECQs to be certified by an OPM Qualifications Review Board (QRB) prior to being appointed to the position.

If you are currently serving in a career SES appointment, eligible for reinstatement into the SES, or successfully completed an SES Candidate Development Program approved by the Office of Personnel Management (OPM), you will not need to draft ECQs. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community, student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience.


Your resume with no more than five (5) numbered pages is recommended. A multi-step process is used to evaluate and refer applicants:

1. Minimum requirements: Your application must show that you meet all requirements including the education and/or experience required for this position. You may be rated "not qualified" if you do not possess the qualification requirements for the position. If your application is incomplete, you may be found "ineligible".

2. Rating: A panel of subject matter experts will review your application and evaluate your qualifications for this position based on the information in your application. Your application will be rated, based on the extent and quality of your experience, education, and training relevant to the duties of this position. Interviews will be at the discretion of the panel and/or selecting official.

3. Referral: If you are among the top qualified candidates, your application will be referred to a selecting official for consideration and possible interview. Your supporting documents are an integral part of the process for determining your qualifications for the position. If your responses are not supported by your resume, you will be eliminated from consideration.

After reviewing your resume and supporting documentation, if a determination is made that you have inflated your qualifications or experience, you may lose consideration for this position. Incomplete or late applications will not receive further consideration.

The application process to recruit for this position is the RESUME BASED method. Separate written narratives addressing the ECQs and PTQs will not be considered at this time. Evidence of your qualifications for the ECQs and PTQs must be clearly demonstrated in your resume, no more than five (5) pages are recommended.


Salary for SES positions varies depending on qualifications. The annual salary range is at the top of this announcement. This position might be eligible for performance bonuses and performance-based pay adjustments.


You are required to submit the following documents to be considered for the position:

1. Resume with numbered pages that contains your full name, address, and phone number, no more than five (5) numbered pages are recommended; Education (College/University name, address, major of study, type and year of degree); Work Experience (Job title, employer's name and address, month and dates of employment, hours per week, salary, supervisor's name and phone number); Evidence of experience which addresses the ECQs and PTQs; Other qualifications (job-related training courses, skills, certifications and licenses, honors, awards, and special accomplishments);

Note: The upload process for the USAJOBS resume template or Word document might cause your resume to be longer than five (5) numbered pages. Your resume should be submitted with numbered pages. Please verify the number of pages before you submit your application. Your resume with no more than five numbered (5) pages is recommended.

2. Cover letter (optional);

3. Online Assessment Questionnaire. ~ Other supporting documents:

4. Proof of OPM SES Qualifications Review Board certification (including OPM-approved SES Candidate Development Program graduates), if applicable.

5. An SF-50 showing your current or former civil service status, if applicable.

Failure to submit any of the above mentioned required documents may result in loss of consideration due to an incomplete application package. It is your responsibility to ensure all required documents have been submitted. 

Note: Documents submitted that are not listed in the Required Documents section of this announcement will not be considered or forwarded to the rating panel or selecting official. Failure to submit any of the above mentioned required documents may result in loss of consideration due to an incomplete application package. It is your responsibility to ensure all required documents have been submitted.


You must submit the complete online application and documentation specified in the Required Documents by 11:59 PM (EST) on 11/25/2021 of this announcement to receive consideration. To begin, click Apply to access the online application. You will need to be logged into your USAJOBS account to apply. If you do not have a USAJOBS account, you will need to create one before beginning the application. Follow the prompts to select your résumé and/or other supporting documents to be included with your application package. If applicable, you will have the opportunity to upload additional documents to include in your application before it is submitted. Your uploaded documents may take several hours to clear the virus scan process. After acknowledging you have reviewed your application package, complete the Include Personal Information section as you deem appropriate and click to continue with the application process. You will be taken to the online application which you must complete in order to apply for the position. Complete the online application, verify the required documentation is included with your application package, and submit the application.To verify the status of your application, log into your USAJOBS account, all of your applications will appear on the Welcome screen. The Application Status will appear along with the date your application was last updated.


You will receive an email informing you of the receipt of your application. Best qualified candidates may be referred for an interview and may be required to undergo a reference check. You will be notified of the outcome by email using the email address on file in the Application Manager system, or by postal mail if no email address was provided by you during the application process. OPM may review qualifications and make recommendations on final selections to the approving authority. We expect to make a selection within 90 days of the closing date of this announcement.

Job ID



$132,552.00 to $199,300.00/Per Year