Cyber CISO, Consolidated Nuclear Security

Leidos is seeking a Cyber Chief Information Security Officer (CISO) in Oak Ridge TN to support a Leidos joint venture Consolidated Nuclear Security LLC (CNS). Remote work options are not available.

About CNS:Leidos is a member company of the joint venture Consolidated Nuclear Security LLC (CNS). CNS manages and operates the Y-12 National Security Complex in Tennessee under a single contract from the U.S. Department of Energy/NNSA. Y-12 helps ensure a safe and effective U.S. nuclear weapons deterrent by retrieving and storing nuclear materials fueling the nations naval reactors and performing complementary work for other government and private-sector entities. Y-12 is our nations Uranium Center of Excellence.

Must currently possess or be able to obtain/maintain a DOE Q clearance.

The Information Solutions and Services (IS&S) organization is dedicated to providing information services and technology that enable staff to be productively engaged in the NNSA nuclear security mission. The Chief Information Security Officer (CISO) will report to the Chief Information Officer (CIO) and is responsible for managing a broad range of complex cyber operations risk management and digital transformation enablement activities. This leadership role requires deep and current practical experience in cybersecurity and risk management. The CISO will implement the vision and strategic direction set by the Consolidated Nuclear Security (CNS) LLC Executive Leadership Team (ELT) and provide a full inventory of all authorization boundaries risk identification and mitigation strategies to the CIO and Authorizing Official. This position encompasses responsibility for Information Technology (IT) Operational Technologies (OT) Digital Transformation (DT) and Cybersecurity at the Y-12 National Security Complex (NSC) Site in Oak Ridge TN.

Primary Duties and Responsibilities:

• Serve as the primary cybersecurity lead for CNS.
• Mature the NIST-based Risk Management Framework (RMF) action plan and integrate it into all information system authorization boundaries and Authorization to Operate (ATO) packages.
• Maintain a full inventory of all information system authorization boundaries and ATO packages with a proactive schedule to ensure all systems remain authorized and operational.
• Maintain liaison with other CISOs in the NNSA Nuclear Security Enterprise (NSE) and attend all virtual and physical meetings to ensure effective collaboration.
• Ensure the Deputy CISO Authorization Manager ISSOs and ISSM positions are filled and maintain liaison and collaboration with the contractor Authorization Official Designated Representative (AODR) and AO.
• Ensure risk-balanced security measures are integrated into all site nuclear security systems facilities infrastructures IT projects OT projects and activities.
• Maintain an understanding of current and emerging cyber threats and make recommendations for mitigation to the CIO and Authorizing Official.
• Lead the development ongoing improvement and maintenance of the Y-12 cybersecurity architecture.
• Collaborate with IS&S DT&M operations and engineering managers to develop implement and operate an integrated Network Operations Center/Security Operations Center (NOC/SOC).
• Perform outreach to internal mission business and engineering leaders to facilitate innovative solutions including support for digital engineering digital transformation and artificial intelligence that balance cybersecurity risk and mission enablement.
• Maintain timely and effective communication with stakeholders to resolve cybersecurity issues including the development and maintenance of employee cybersecurity training.
• Plan prioritize and coordinate assignments of cybersecurity staff to projects.
• Propose and provide input into IS&S architecture efforts to enhance detection analysis containment and response.
• Manage compliance activities to support the contractor assurance program (e.g. patching and mitigation actions to resolve vulnerability scans).
• Establish cyber metrics to gauge program effectiveness and perform internal audits and assessments.
• Develop policies and procedures to ensure appropriate cyber controls and monitoring are in place to ensure the confidentiality integrity and availability of CNS and NNSA information.
• Maintain security log infrastructure to monitor analyze and respond to log anomalies. Conduct packet capture analysis and ensure the logging infrastructure is monitored for risks to CNS and NNSA information.
• Manage intrusion detection/prevention systems maintain continuous monitoring systems and provide timely network traffic analysis.
• Support the CIO and other cybersecurity personnel to ensure implementation of the cybersecurity program remains in compliance with DOE/NNSA and NIST requirements.
• Establish and maintain a strong external network of cyber contacts to ensure threat information and best practices are incorporated into the CNS cybersecurity program.
• Collaborate with external parties such as NNSA-IARC DOE-CIRC JC3 DHS SS&ES CI intelligence organizations and others to improve the CNS cyber program and security capabilities.
• Standardize document maintain and automate cybersecurity processes for monitoring analysis and response to cyber incidents.
• Plan prepare and devise work plans to ensure cyber efforts are conducted within approved budget and schedule parameters while implementing IS&S project management processes.
• Monitor performance ensure performance standards remain high and document that risk management goals are accomplished.
• Maintain a strong understanding of mission needs and use cases to ensure risk management and cyber operations activities effectively support the CNS mission and program direction while managing risk in a balanced manner.
• Lead communications efforts with the Y-12 Field Office (YFO) federal customer on matters pertaining to cybersecurity and incident response.
• Hire and develop competent cybersecurity subject matter experts and retain critical cybersecurity skills on staff.
• Lead CNS responsibility for coordination of external cybersecurity audits and assessments.
• Ensure all CNS systems have an approved Authority to Operate (ATO) from the Y-12 AO.

Required Education & Experience:

• Bachelors degree in Computer Science Computer Engineering or related discipline and at least 15 years of relevant technical experience and at least 5 years of supervisory experience.
• Specific experience in cyber operations and risk management including:
  • Extensive experience with intrusion detection/prevention log management and analysis event monitoring and incident response.
  • Extensive experience with network security.
  • Extensive experience with vulnerability scanning and mitigation.
  • Experience with establishing and maturing enterprise risk management frameworks.
  • Experience leading self-assessments and supporting external audit activities.
  • Ability to work semi-autonomously with strong decision-making time management and customer service skills.
  • Familiarity with current application models data analytics cloud services and mobility.
  • Familiarity with SIEM tools next-generation firewalls and behavioral analytics.
  • Strong written and oral communication skills.
  • Specific knowledge of federal cybersecurity and risk management requirements with an emphasis on NIST Special
  • Be on-site at Y-12 Monday-Friday during core business hours to support operational and management activities for cybersecurity.
  • Provide on-call support in the event of an operational or cybersecurity incident.
  • Travel (expected to be no more than 10 weeks per year) to off-site locations to support DOE/NNSA mission requirements.

Anticipated Pay Range: $239541 - $374283

At Leidos we dont want someone who fits the moldwe want someone who melts it down and builds something better. This is a role for the restless the over-caffeinated the ones who ask whats next before the dust settles on whats now.

If youre already scheming step 20 while everyone else is still debating step 2 good. Youll fit right in.

Original Posting:

Pay Range:

The Leidos pay range for this job level is a general guideline onlyand not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job education experience knowledge skills and abilities as well as internal equity alignment with market data applicable bargaining agreement (if any) or other law.