Information Systems Security Officer (ISSO)

COMPANY OVERVIEW

XCEL Engineering Inc. is an awardwinning small business that provides trusted information technology engineering consulting and project management solutions and services to federal agencies and organizations. Originally founded in 1971 by professional engineers at the University of Tennessee XCEL was acquired in 2003 by U.S. Army and Navy veterans and in 2023 became a MartinFed company.

XCEL Engineering is a part of IT Lab Partners (ITLP) which was created to support a leading research facility in the East Tennessee region in recruiting the best and the brightest technical talent. Considering joining our impressive team today!

JOB OVERVIEW

Xcel Engineering is currently seeking qualified applicants to serve as Information Systems Security Officer (ISSO). The ISSO is a primary stakeholder and facilitator of the continuous monitoring efforts that promote RMF compliance throughout the organization. The ISSO provides direction to IT and infrastructure support personnel on the application of security patches and secure configurations. Routine collaboration and consultation with the ISSM regarding the design development integration and analysis of unclassified information systems. Under general supervision the candidate is responsible for performing a full range of Information Assurance functions in support of the security needs of the ISSM.

This is a fulltime position that will work onsite in Oak Ridge TN.

ESSENTIAL FUNCTIONS

• Provide assistance to the ISSM and CISO in the certification and accreditation (C&A) of systems/networks and implementation of cybersecurity requirements and procedures across the client site.
• Ensure systems are operated maintained and disposed of in accordance with security policies and procedures and as outlined in applicable System Security Plans (SSPs).
• Perform documented procedures for authorizing users to access information systems.
• Develop and maintain SSPs for system C&A.
• Manage Plans of Action and Milestones to closure for information systems under accreditation.
• Provide guidance on policies and controls to support appropriate levels of risk facilitate risk tolerance discussions and decisions and recommend controls based on industry standards and practices. Escalate questions/concerns/issues to more seniorlevel staff as required.
• Participate in internal/external compliance audits reviews selfassessments assessments and data calls.
• Identify promote and make recommendations for process improvements.
• Assist with annual selfinspections system certification testing periodic security testing and functional testing on systems/networks.
• Ensure compliance of all network equipment with applicable DOE and ORNL requirements
• Other duties as assigned for support within the program.

BASIC QUALIFICATIONS

• Bachelors degree with 57 years of relevant experience (ex. cybersecurity assessments risk management cybersecurity policy and compliance etc.). An equivalent combination of education and experience may be considered.
• Ability to obtain and maintain a DOE Q security clearance or equivalent is required.
• Strong analytical and organizational skills as well as problem solving capabilities to understand Cybersecurity risk and exposure (legal regulatory violations etc.) to ORNL.
• Demonstrated experience implementing compliance frameworks (NIST etc)
• Excellent interpersonal verbal written and presentation communication skills.
• Thorough understanding of industry standards and regulations including NIST 80053 NIST Risk Management Framework and NIST Cybersecurity Framework (CSF).
• Working knowledge of privacy regulations and impacts.
• Ability to work independently meet deadlines and uphold high ethical standards.

PREFERRED QUALIFICATIONS:

• Active DOE Q or TS security clearance or equivalent.
• Masters degree in information assurance or related field with 46 years of relevant experience working in an information security information technology or information risk management related field.
• Cybersecurity certifications (CISSP CISA CISM CRISC CCSP SSCP) and Incident Response Certification
• Privacy management cybersecurity evaluating security controls identifying control gaps and mitigating measures along with a strong understanding of business practices and technology concepts.
• Highly motivated individual with an enthusiasm for governance risk and compliance who can communicate benefits and drive success.
• Demonstrated background in governance risk and compliance.
• Experience in obtaining Authority to Operate (ATO) for DOE government systems.

PHYSICAL REQUIREMENTS & ENVIRONMENTAL CONDITIONS

• Inside office environment.
• Working on a computer for long periods of time.
• May involve long period of sitting at a desk.

OTHER DUTIES

This job description is not designed to cover or contain a comprehensive listing of activities duties or responsibilities that are required of the employee for this job. Duties responsibilities and activities may change at any time with or without notice.

Xcel Engineering is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regards to race color religion religious creed gender sexual orientation gender identity gender expression transgender pregnancy marital status national origin ancestry citizenship status age disability protected Veteran Status genetics or any other characteristics protected by applicable federal state or local law.

If you are a qualified individual with a disability or disabled veteran you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access Xcel Engineerings current openings as a result of your disability. You can request reasonable accommodations by calling 855.212.1810. Thank you for your interest in Xcel Engineering.

All positions at Xcel Engineering Inc. are contingent upon passing both a background check and drug screening prior to a start date and are subject to random drug screenings during the employment period. In addition Xcel Engineering is an EVerify employer.

Required Experience:

Unclear Seniority