Information Systems Security Officer ISSO

Information Systems Security Officer (ISSO)

Founded in 1999 in the beautiful Smoky Mountains of East Tennessee, Cadre5 provides innovative technical solutions to our customers locally and nationally. Our Cadre5 Lab Partners division has partnered with the Information Technology Services Directorate (ITSD) at Oak Ridge National Laboratory (ORNL) to recruit a Information System Security Officer. The successful candidate should have a basic understanding of all aspects of cybersecurity. The candidate will collaborate with other teams across the lab, to include Information Technology, Physical Security, Classification Office, Cybersecurity, Lab Enterprise Risk, Lab Internal Audit, and others as appropriate.

ORNL delivers scientific discoveries and technical breakthroughs needed to realize solutions in energy and national security and provides economic benefit to the nation. This premier research institution located near Knoxville in Oak Ridge, TN, addresses national needs through impactful research and world-leading research centers.

#CJ

A Q clearance is required; however, an active DOD Top Secret that can become a Q through reciprocity is acceptable. Therefore, a Secret or L, will not work. US citizenship is required. This will be onsite in Oak Ridge Tennessee.
Why Cadre5?

• Working with highly talented team members
• Paid over-time
• 3 weeks' vacation
• Excellent medical insurance, up to 100% paid by employer

Duties and Responsibilities:

The ISSO is a primary stakeholder and facilitator of the continuous monitoring efforts that promote RMF compliance throughout the organization. The ISSO provides direction to IT and infrastructure support personnel on the application of security patches and secure configurations. Routine collaboration and consultation with the ISSM regarding the design, development, integration, and analysis of unclassified information systems. Under general supervision, the candidate is responsible for performing a full range of Information Assurance functions in support of the security needs of the ISSM.

Primary Responsibilities:

• Provide assistance to the ISSM and CISO in the certification and accreditation (C&A) of systems/networks and implementation of cybersecurity requirements and procedures across the client site.
• Ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures and as outlined in applicable System Security Plans (SSPs).
• Perform documented procedures for authorizing users to access information systems.
• Develop and maintain SSPs for system C&A.
• Manage Plans of Action and Milestones to closure for information systems under accreditation.
• Provide guidance on policies and controls to support appropriate levels of risk, facilitate risk tolerance discussions and decisions, and recommend controls based on industry standards and practices. Escalate questions/concerns/issues to more senior-level staff as required.
• Participate in internal/external compliance audits, reviews, self-assessments, assessments, and data calls.
• Identify, promote, and make recommendations for process improvements.
• Assist with annual self-inspections, system certification testing, periodic security testing, and functional testing on systems/networks.
• Ensure compliance of all network equipment with applicable DOE and ORNL requirements
• Other duties as assigned for support within the program.

Basic Qualifications:

• Bachelor's degree with 1-3 years of relevant experience (ex. cybersecurity assessments, risk management, cybersecurity policy, and compliance, etc.). An equivalent combination of education and experience may be considered.
• Strong analytical and organizational skills as well as problem solving capabilities to understand Cybersecurity risk and exposure (legal, regulatory violations, etc.) to ORNL.
• Demonstrated experience implementing compliance frameworks (NIST, etc)
• Excellent interpersonal, verbal, written, and presentation communication skills.
• Thorough understanding of industry standards and regulations including NIST 800-53, NIST Risk Management Framework, and NIST Cybersecurity Framework (CSF).
• Working knowledge of privacy regulations and impacts.
• Ability to work independently, meet deadlines, and uphold high ethical standards.
• This position requires and an active Department of Energy "Q" or "L" clearance. A "Top Secret (TS)" or "Secret" Department of Defense clearance will also suffice. This requires US Citizenship.

Preferred Qualifications:

• Active DOE Q or TS security clearance or equivalent.
• Master's degree in information assurance or related field with 4-6 years of relevant experience working in an information security, information technology or information risk management related field.
• Cybersecurity certifications (CISSP, CISA, CISM, CRISC, CCSP, SSCP) and Incident Response Certification
• Privacy management, cybersecurity, evaluating security controls, identifying control gaps, and mitigating measures along with a strong understanding of business practices and technology concepts.
• Highly motivated individual with an enthusiasm for governance, risk and compliance who can communicate benefits and drive success.
• Demonstrated background in governance, risk, and compliance.
• Experience in obtaining Authority to Operate (ATO) for DOE government systems.

Benefits

Cadre5 offers excellent pay and benefits, to include full medical, dental, and vision coverage coupled with 401K match, 15 days PTO, and 10 holidays.

Cadre5 is an equal opportunity employer. All qualified applicants, including individuals with disabilities and protected veterans, are encouraged to apply. Cadre5 is an E-Verify Employer.