Senior Cyber Security Analyst - (ISSM)

Description

DNI is on the lookout for a Senior Cyber Security Analyst - Information Systems Security Manager (ISSM) to deliver expert guidance in Information Systems Security and cybersecurity support for the Enterprise Information Services at the Department of Energy (DOE) Savannah River Operations Office (DOE-SR), located at the Savannah River Site (SRS) in Aiken, SC.

Requirements

• Reports to the Chief Information Security Officer (CISO) and Program Manager.
• Oversee the Authority to Operate (ATO) lifecycle, manage risk assessments, develop and monitor Plan of Action and Milestones (POAMs), ensuring compliance with security standards and timely mitigation of organizational boundary security risks.
• Actively participate in the bi-weekly accreditation boundary meetings and keep the AODR informed of any changes/updates to eRAMS/POA&Ms/STAR items or any new VPM and CM issues that may arise.
• Provide technical and procedural cyber security advice to DOE, associate contractor partners, and Industrial Control Systems (ICS) teams as necessary.
• Oversee operational information systems security implementation programs.
• Coordinate with Information System Security Officer (ISSO) or PSO on approval of External Information Systems (e.g. guest systems, interconnected system with another organization).
• Oversee ISSOs to ensure they follow established policies and procedures and timelines.
• Ensure CM policies and procedures for authorizing the use of hardware/software on an IT system are followed. Any additions, changes or modifications to hardware, software, or firmware must be coordinated with the AODR prior to the addition, change or modification. ISSM shall have authority to veto any proposed change they feel is detrimental to security in boundaries under their purview. Appeals on an ISSM/ISSO veto may be taken to the AODR.
• Ensure approved procedures are used for sanitizing and releasing system components and media as necessary.
• Ensure proper measures are taken when cyber security incident or vulnerability is discovered.
• Maintain a working knowledge of system functions, security policies, technical security safeguards, and operational security measures.
• Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance.
• Manage, maintain, and execute the information security continuous monitoring plan.
• Ensure a record is maintained of all security-related vulnerabilities and ensure serious or unresolved violations are reported to the AODR; and assess changes to the system, its environment, and operational needs that could affect the security authorization.

Other related tasks as assigned.

• Support information technology (IT) security goals and objectives and reduce overall organizational risk; Advise senior management (e.g., Chief Information Security Officer [CISO] and Chief Information Officer [CIO] on risk levels and security posture.); Advise appropriate senior leadership of changes affecting the organization's cybersecurity posture; Communicate the value of information technology (IT) security.

Knowledge, Skills, and Abilities:

• Highly organized individual with exceptional communication skills, ensuring all stakeholders are consistently informed and updated as required.
• Excellent written and oral communication skills (writing samples may be requested).
• Attention-to-detail is critical, proven ability to look closely at your work to identify and correct errors, spot and improve weaknesses and produce a near-perfect end-result.
• Ability to identify problems, brainstorm and analyze answers, and implement the best solutions.
• Ability to develop and review security related procedures or processes and reports.
• Demonstrated ability to provide clear, precise, and factual information to senior leaders, team members, and external stakeholders.
• Capable of attending all customer-required meetings and promptly providing responses as requested.
• Familiarity with applicable regulations affecting Cyber Security NIST 800 Series Standards.

Clearance:

• Must possess (or be able to obtain) a "Q" level security clearance.

Education:

• A bachelor's degree in information technology systems, computer science, or related field and experience in information technology systems or related area. Relevant experience may be substituted for education on a year-for-year basis.

Experience:

• 7+ years in IT security or related field.
• Authority to Operate Life Cycle (ATO), Risk Management, POAMS & Milestones

Certification:

• Highly desired certifications:
• Certified Information System Security Professional (CISSP)
• Certified Information Security Manager (CISM)

Benefits

• Covers 100% of employee benefit premiums, including Medical (PPO or HDHP Option), Vision, Dental

• Matching 401K
• Short- and Long-Term Disability
• Pet Insurance
• Professional Development/Education Reimbursement
• Parking and Transit Benefits for NY, NJ, ATL, and DC Metro areas

Other Duties:

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.