Information Systems Security Officer (ISSO)

Why Cadre5?

• Working with highly talented team members
• Paid over-time
• 3 weeks’ vacation
• Excellent medical insurance, up to 100% paid by employer and contributions to HSA Plans

Job Responsibilities:

• Aid the Information Systems Security Manager (ISSM) and Chief Information Security Officer (CISO) in the certification and accreditation (C&A) of systems/networks and implementation of cybersecurity requirements and procedures across the Oak Ridge National Laboratory (ORNL)
• Ensure systems are operated, maintained, and disposed of in accordance with DOE security policies and procedures and as outlined in applicable System Security Plans (SSPs).
• Establish and perform documented procedures for authorizing users to information systems.
• Develop and maintain SSPs for system C&A.
• Identify, review, and provide analysis and recommendations to meet requirements of applicable laws, regulations, orders, and the contract, translate into policies, procedures, suggested control structures, analysis/white papers, aligning with business objectives.
• Provide guidance on policies and controls to support appropriate levels of risk, facilitate risk tolerance discussions and decisions, and recommend controls based on industry standards and practices.
• Participate in internal/external compliance audits, reviews, self-assessments, assessments, and data calls.
• Identify, promote, and implement process improvements.

Basic Qualifications:

• Minimum two years’ experience working in an information security, information technology or information risk management related field.
• Experience in security control assessments, Master Plans, and Cybersecurity program plans
• Strong analytical and organizational skills as well as problem solving capabilities to understand Cybersecurity risk and exposure (legal, regulatory violations, etc.) to ORNL.
• Demonstrated experience implementing compliance frameworks (NIST, etc.)
• Facilitation and project management knowledge, skills, and abilities; lead program implementations.
• Demonstrated excellent interpersonal, verbal, written and presentation communication skills and demonstrated ability to interact with all levels of internal and external stakeholders.
• Strong customer service, networking, and teamwork skills with all levels of internal and external personnel, demonstrated ability to work with all levels of an organization.
• Ability to work independently and meet deadlines.
• High ethical standards and operates with integrity and professionalism.
• The ability to obtain and maintain a Department of Energy "Q" clearance is required. This requires US Citizenship.

Preferred Qualifications:

• Bachelor’s degree in IT, Cybersecurity, Information Assurance, or related field and at least 2 years of experience in cybersecurity policy, risk management, governance, and compliance through a combination of education and experience may be considered for exceptional candidates.
• Cybersecurity certifications (CISA, CISM, CRISC, CISSP, CCSP, SSCP)
• Incident Response Certification
• Privacy management, cybersecurity, evaluating security controls, identifying control gaps, and mitigating measures along with a strong understanding of business practices and technology concepts.
• Thorough understanding of industry standards and regulations including PCI, HIPAA, Privacy Act, NIST 800-53, NIST Risk Management Framework, FAIR
• Working knowledge of privacy regulations and impacts
• Highly motivated individual with an enthusiasm for governance, risk and compliance who can communicate benefits and drive success.
• Experience gaining an Authority to Operate (ATO) for a government system.
• Proven track record of prioritizing tasking and meeting established deadlines.
• Active DOE Q or TS clearance