What are the responsibilities and job description for the Cyber Security Information System Security Manager position at Y12?
Location: Oak Ridge, TN
Job Title: Cyber Security Information System Security Manager
Career Level From: Specialist
Career Level To: Senior Specialist
Job Specialty: Cyber Security
Job Title: Cyber Security Information System Security Manager
Career Level From: Specialist
Career Level To: Senior Specialist
Job Specialty: Cyber Security
What You'll Do
The Information System Security Manager (ISSM) is responsible for executing CNS’s risk management program and Cybersecurity Program Plan within classified and unclassified computing environments. The ISSM is an expert in information systems’ assessment and authorization based on the National Institutes of Standards and Technology (NIST) Cybersecurity Framework; and has broad knowledge in Information Technology (IT), Operation Technology (OT), Industrial Control Systems (ICS), and Federal requirements. The ISSM works closely with the Cybersecurity Policy Advisor to ensure effective implementation of cybersecurity policy across the CNS enterprise, and is responsible for providing technical leadership to the Information System Security Officers (ISSOs) and Security Control Assessors (SCAs). Successful candidates for this role will be expected to stay up to date on the latest cybersecurity threats and vulnerabilities, and provide subject matter expertise within the CNS organization integrated with defensive cyber operations.
- Advise senior management on risk levels and information system security posture
- Advise senior management on cost/benefit analysis of information security programs, policies, processes, systems, and elements
- Advise appropriate senior leadership and Authorizing Official of changes
- Collect and maintain data required for cybersecurity reporting
- Communicate the value of information technology security throughout all levels of the organization stakeholders
- Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy enabling mission assurance
- Ensure that security improvement actions are evaluated, validated, and implemented as required
- Ensure that cybersecurity inspections, tests, and reviews are completed
- Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies
- Participate in cybersecurity program and Y-12 site level risk governance process
- Participate in the acquisition process ensuring compliance with supply chain risk management practices
- Define and/or implement policies and procedures to ensure protection of critical infrastructure as appropriate
What You Can Expect
- Meaningful work and unique opportunities to support missions vital to national and global security
- Top-notch, dedicated colleagues
- Generous pay and benefits with a stable organization
- Career advancement and professional development programs
- Work-life balance fostered through flexible work options and wellness initiatives
Minimum Job Requirements
- Bachelor's degree in engineering/computer science/mathematics/information technology discipline with a minimum of 4 years of relevant experience OR a Master's degree in engineering/science/information technology discipline with a minimum of 2 years of relevant experience.
- Twelve or more years of relevant education, training, and/or progressive experience may be considered to satisfy educational and years-of-experience requirements for this posting.
Preferred Job Requirements
- Knowledge of Risk Management Framework requirements and process
- Ability to work with CISO to establish cyber metrics supporting internal audits and assessments
- Ability to manage compliance activities to support the contractor assurance program
- Ability to support the CISO and other cyber security personnel to ensure implementation of the cyber security program remains in compliance with DOE/NNSA and NIST requirements
- Ability to evaluate and approve development efforts to ensure that baseline security safeguards are appropriately installed
- Hold at least one of the following certifications: Certified Information Systems Security Professional (CISSP), Global Information Security Professional (GISP), or the CompTIA Advanced Security Practitioner (CASP) or other certifications exemplifying skill sets such as those described in DOD Instruction 8570.1 Information Assurance Management (IAM) Level III proficiency
- Knowledge of the DOE/NNSA cyber work environments, exposure to levels of leadership, customer, NNSA sites
- Knowledge of current and emerging threats/threat vectors
- Knowledge of business continuity and disaster recovery continuity of operations plans
- Knowledge of system life cycle management principles, including software security and usability
- Knowledge of DOE/NNSA mission and DOE cyber security program requirements
- Knowledge of ITIL framework
- Knowledge of and ability to adhere to Federal and industry-standard software quality assurance practices
- Ability to train and mentor others to develop and update system baselines and threat models for deployment and risk acceptance decisions
- Ability to identify critical infrastructure systems with information communication technology that were designed without system security considerations
- Ability to work semi-autonomously, strong decision making, time management, and customer service skills
- Knowledge of laws, policies, procedures, or governance relevant to cybersecurity for critical infrastructures
Why Y-12?
You get #morethanajob. We encourage employees to achieve a healthy personal balance among home, work and the community. One of the ways we embrace work-life balance is by offering flexible work arrangements that provide alternatives to the traditional workweek, while still meeting business needs. Top talent and personal commitment mean more to our success than any other factors, so we reward our people with the kinds of benefits that make a positive difference in the quality of their lives. Benefits such as: medical plan, prescription drug plan, vision plan, dental plan, employer matched 401(k) savings plan, disability coverage, education reimbursement and many more. Want to stay healthy and fit but hate the cost of a gym membership? Take advantage of one of our onsite workout facilities and eat healthy in our onsite cafeterias. Much more than a workplace, at Y-12, you can build a career that lasts a lifetime.
Notes
The minimum education and experience for the lowest career level in the job posting range are listed under Minimum Job Requirements. Successful candidates hired into a higher career level than the minimum in the range must meet the requirements listed in the job leveling charts for the career level into which they are being hired.
If a range of Career Levels is posted, i.e., Senior Associate to Senior Specialist, internal applicants already in one of the Career Levels would come across at their current Career Level. Internal applicants currently in a lower level Career Level would move to the lowest posted Career Level.
Requires a Q clearance; however all qualified candidates will be considered regardless of their current clearance status. The ability to obtain and maintain a Department of Energy Q clearance is required.
This position may require entry into the Material Access Areas (MAA) and participation in the Human Reliability Program (10 C.F.R. Part 712), which requires successful competition of a DOE counterintelligence evaluation and may include a counterintelligence-scope polygraph examination.
This position may be categorized as a “designated position” identified by 10 C.F.R. Part 709, requiring successful completion of a DOE counterintelligence evaluation that may include a counterintelligence-scope polygraph examination.
CNS is a drug-free workplace. Candidates accepting a job offer will be required to pass a pre-placement physical, drug screening and background investigation. As an employee, you may be required to receive and maintain a security clearance from the United States Department of Energy in order to meet eligibility requirements for access to sensitive information or matter. U.S. citizenship is a requirement for security clearance applicants. All employees are subject to being randomly selected for drug testing without advance notification.
CNS is an equal opportunity employer. All qualified applicants will receive consideration for employment based on merit and without regard to race, color, religion, sex, sexual orientation, national origin, protected veteran status or disability.
