Information System Security Officer, Field Intelligence Element (FIE) (16767)

What Youll Do

We are seeking an Information Systems Security Officer (ISSO) to join our team. The successful candidate will have a background in cybersecurity policy implementation Department of Energy (DOE) cybersecurity requirements security planning and general computer system functions. The ISSO will collaborate with other teams across the Field Intelligence Element and the National Labs within the DOE Intelligence and Counterintelligence complex. This position will work with the FIE Information System Security Manager (ISSM) FIE Information Technology (IT) Manager and others as appropriate.

The selected Information System Security Officer is responsible for:

• Provide assistance to the ISSM in the certification and accreditation (C&A) of systems/networks
• Provide assistance to the ISSM for the implementation of cybersecurity requirements and procedures across the Y12 FIE
• Ensure systems are operated maintained and disposed of in accordance with DOE DOEIN and Y12 security policies and procedures and as outlined in applicable System Security Plans (SSPs).
• Perform documented procedures for authorizing users to access information systems.
• Train users per DOEIN guidance and IC policies for accessing and maintaining accounts
• Manage Plans of Action and Milestones to closure for information systems under accreditation.
• Develop and maintain SSPs for system C&A.
• Provide recommendations on policies and controls to support appropriate levels of risk
• Participate in cyber risk tolerance discussions and decisions
• Provide guidance through remediation as well as develop corrective action plans for each POA&Ms.
• Provide continuous monitoring and eventdriven monitoring management services to include
• Running ad hoc or on demand scanning of project teams environment.
• Identify assets and associated vulnerabilities and provide recommendations for remediation.
• Ensure audit records and event logs are collected reviewed and documented (to include any anomalies).
• Document security and incident activities.
• Provide configuration management (CM) oversight for information system security software hardware and firmware; manage changes to system and assess the security impact of those changes.

What You Can Expect

Minimum Job Requirements

Preferred Job Requirements

• Strong analytical and organizational skills as well as problem solving capabilities to understand Cybersecurity risk and exposure (legal regulatory violations etc.) to DOEIN
• Demonstrated experience implementing compliance frameworks (NIST etc.)
• Excellent interpersonal verbal written and presentation communication skills
• Thorough understanding of industry standards and regulations pertaining to NIST 80053 NIST Risk Management Framework and NIST Cybersecurity Framework (CSF)
• Working knowledge of privacy regulations and impacts.
• Experience with control systems and security requirements.
• An understanding of Risk Management Framework
• An understanding of Committee on National Security Systems (CNSS) Instructions as relevant to NIST
• An understanding of Intelligence Community Standards and general ODNI policies and guidance
• An understanding of information system cyber security standards as related to IC standards and regulations

Why Y12

Notes