Cyber Governance Analyst - Oak Ridge, United States - ITR

    ITR
    ITR Oak Ridge, United States

    1 month ago

    Default job background
    Description
    Job Description

    Job Description


    East Tennessee company seeks to hire a Cyber Governance Analyst to ensure compliance with cyber security policy and help manage governance and risk, while enabling mission / business objectives and compliance program initiatives.

    The successful candidate should have a basic understanding of all aspects of cybersecurity.

    The candidate will collaborate with other teams across the lab, to include Information Technology, Physical Security, Classification Office, Cybersecurity, Lab Enterprise Risk, Lab Internal Audit, and others as appropriate.

    The Cyber Governance Analyst develops policy documents, security control strategies, and risk mitigation strategies to ensure compliance with requirements.

    Can be remote.


    Primary Responsibilities:
    Identify, review, and provide analysis and recommendations to meet requirements of applicable laws, regulations, orders, and the contract, translate into policies, procedures, suggested control structures, analysis/white papers, aligning with business objectives
    Provide guidance on policies and controls to support appropriate levels of risk, facilitate risk tolerance discussions and decisions, and recommend controls based on industry standards and practices
    Assist risk management efforts including risk assessment process, identification of risk mitigation strategies, standardized assessment processes, and risk management training
    Participate in internal/external compliance audits, reviews, self-assessments, assessments, and data calls
    Identify, promote, and implement process improvements
    Perform Security Control assessments per NIST SP 80053A Rev.5 guidance


    Qualifications Required:
    Bachelor's degree in IT, Cyber, or related field and at least 5 years of experience in cyber policy, risk management, governance and compliance, though a combination of education and experience may be considered for exceptional candidates
    Experience in security control assessments, Master Plans, and Cybersecurity program plans
    Strong analytical and organizational skills as well as problem solving capabilities to understand Cyber risk and exposure (legal, regulatory violations, etc.)
    Demonstrated experience implementing compliance frameworks (NIST, A123, Privacy)
    Facilitation and project management knowledge, skills, and abilities; lead program implementations
    Demonstrated excellent interpersonal, verbal, written and presentation communication skills and demonstrated ability to interact with all levels of internal and external stakeholders
    Strong customer service, networking, and teamwork skills with all levels of internal and external personnel, demonstrated ability to work with all levels of an organization
    Thorough understanding of industry standards and regulations including PCI, HIPAA, Privacy Act, NIST 800-53, NIST Risk Management Framework, FAIR
    Working knowledge of privacy regulations and impacts
    Experience integrating risk, compliance, and governance groups within an organization; support competing priorities, and provide guidance on how to meet requirements
    Ability to work independently and meet deadlines
    Exceptional communication, problem-solving and negotiation skills
    High ethical standards and operates with integrity and professionalism
    Must be able to obtain and maintain a DOE Q security clearance


    Preferred Qualifications:
    Master's Degree in Information Assurance or related field
    Minimum seven years' experience working in an information security, information technology or information risk management related field
    Cyber Security certifications (CISA, CISM, CRISC, CISSP)
    Project Management certification (PgMP, PMP, PMI-ACP)
    Privacy management, cyber security, evaluating security controls, identifying control gaps, and mitigating measures along with a strong understanding of business practices and technology concepts
    Highly motivated individual with an enthusiasm for governance, risk and compliance who can communicate benefits and drive success
    Experience gaining an Authority to Operate (ATO) for a government system
    Proven track record of prioritizing tasking and meeting established deadlines
    Active DOE Q or TS clearance

    #J-18808-Ljbffr