Posted June 11, 2026
IT Specialist - Governance, Risk, and Compliance (GRC) Lead
Office of Information Technology
Washington, D.C.
Full Time
Reference: OfficeofInformationTechnology872531300
The Office of Information Technology (OIT) is seeking an Information Technology Specialist (INFOSEC) (IT Specialist - Governance, Risk, and Compliance (GRC) Lead). As a GRC Lead, you will report to the Branch Chief of Cyber Risk and Governance, leading the implementation of automated governance, risk, and compliance toolsets. The role also requires participation in cybersecurity risk analysis, Federal compliance initiatives, and audit management. In this role as a IT Specialist - Governance, Risk, and Compliance (GRC) Lead, you will be responsible for:
Applicants are responsible for confirming all required materials are submitted by the closing date of the announcement. Please check the How You Will Be Evaluated and Required Documents sections carefully, as missing documents will render the application incomplete and ineligible for review.
Qualifying experience may be obtained in the private or public sector. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community, student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience. All qualification requirements must be met by the closing date of this announcement.
BASIC REQUIREMENT: For all positions individuals must have IT-related experience demonstrating each of the four competencies listed below:
MINIMUM QUALIFICATION REQUIREMENT: In addition to meeting the basic requirement, applicants must also meet the minimum qualification requirement below.
SK-14: Applicant must have at least one year of specialized experience equivalent to the GS/SK-13 level:
ACCOMPLISHMENT RECORD COMPETENCIES: Your Accomplishment Record narratives should address the following competencies. See the How You Will Be Evaluated section below for more information:
- Developing, implementing, maintaining cybersecurity governance, risk, and compliance toolsets;
- Proposing innovative approaches to optimize technology usage for the cybersecurity GRC program;
- Transforming existing manual processes into streamlined and efficient digitally-supported workflows;
- Leading initiatives that support compliance with existing and new Federal cybersecurity requirements;
- Authoring enterprise information security policies, procedures and templates; and
- Leading audit management activities including audit response.
Applicants are responsible for confirming all required materials are submitted by the closing date of the announcement. Please check the How You Will Be Evaluated and Required Documents sections carefully, as missing documents will render the application incomplete and ineligible for review.
Qualifying experience may be obtained in the private or public sector. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community, student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience. All qualification requirements must be met by the closing date of this announcement.
BASIC REQUIREMENT: For all positions individuals must have IT-related experience demonstrating each of the four competencies listed below:
- Attention to Detail - Is thorough when performing work and conscientious about attending to detail.
- Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.
- Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.
- Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.
MINIMUM QUALIFICATION REQUIREMENT: In addition to meeting the basic requirement, applicants must also meet the minimum qualification requirement below.
SK-14: Applicant must have at least one year of specialized experience equivalent to the GS/SK-13 level:
- Implementing process improvements for cybersecurity governance, risk, and compliance activities;
- Designing workflows for governance, risk, and compliance toolsets;
- Performing cybersecurity risk analysis; and
- Coordinating audit testing and response activities.
ACCOMPLISHMENT RECORD COMPETENCIES: Your Accomplishment Record narratives should address the following competencies. See the How You Will Be Evaluated section below for more information:
- Technology Expertise: Knowledge of the principles and methods of specialized technologies, tools, and delivery systems, including security, risk management, governance, functionality, and user interface in area of expertise (e.g., programming languages, server, web, applications, network)
- Business Process Improvement: Uses business process reengineering methods, metrics, tools, and techniques to improve quality, speed, and service.
- Problem Solving and Decision Making: Ability to identify and solve important problems relevant to program areas through sound and timely decision making, even in less than ideal situations, with little or no guidance.
- Risk Management and Disaster Recovery: Uses methods and tools for risk assessment and mitigation of risk, including the identification, assessment, and prioritization of risks to minimize, monitor, and control the probability and/or impact of events.
