Pacific Northwest National Laboratory Information Assurance Analyst in RICHLAND, Washington
Directorate: National Security
Group: Security Operations Office
Do you have a passion for helping companies identify and manage cyber security risk? Do you enjoy leading information security assessments or penetration testing to help organizations prioritize improvements in their cyber defenses? What about developing and delivering innovative and engaging training to enhance staff awareness of cyber threats? If so, then you are the kind of candidate the Pacific Northwest National Laboratory (PNNL) is looking for. Come join the Secure Facility Operations National Security Directorate Security Operations Office team at PNNL and be part of implementing cutting-edge, risk-driven approaches to protecting IT resources while supporting scientific discoveries and technological innovations that are transforming our world.
- Serve as the Information Systems Security Manager (ISSM) for PNNL FIE classified network systems and individual workstations. Primarily, the positon addresses the roles, responsibilities, authorities and accountabilities (R2A2s) of an ISSM addressing the oversight of the applicable Information Systems Security Officers (ISSOs) and system functions of multiple networks, multiple individual workstations for protection of those systems.
- The position requires work with a high degree of independence in executing responsibilities for secure and efficient operations, pertinent (ICD’s, DOE, and PNNL) procedures, requirements and policies.
- The position provides security consultation with the Special Security Officers (SSO’s), FIE IT Manager and DOE IN counter-parts to assist in assuring compliance with all applicable Executive Orders, Director of National Intelligence Community Directives and DOE procedures.
The following are some key functions of the role:
- Author policies and procedures which ensure adequate information security controls are in place to protect organizational resources
- Plan, coordinate and/or lead information security audits, assessments, and penetration testing of IT resources
- Prepare and present risk analysis, assessment reports, training material, and other briefings to diverse audiences
- Develop and deliver tailored and timely information security training and awareness content
- Provide subject matter expertise on enterprise cyber security risks and emerging threats
- Partner with cyber security analysts, researchers, and other Lab/DOE-IN staff to develop solutions which adequately protect resources while still enabling business success
Occasional duties outside the established work day may be required to support ad hoc cyber security incident response efforts.
Bachelor of Science degree with 2-3 years of experience; or MS degree with 0-2 years of experience.
-A Bachelor’s degree in Computer Science, Management Information Systems, Information Technology, or a related field with 4+ years of progressively responsible experience or an advanced degree with 2+ years of related experience.
In addition to the above, preferred candidates will have active security clearance and hands-on experience in large, multi-platform, networked environments conducting information security assessments, developing cyber risk intelligence, and/or creating and delivering associated training and awareness content. The candidate should be able to demonstrate experience in some of the following:
- Translating NIST or other information security guidance, standards, and best practices into actionable policies
- Applying the Committee on National Security Systems (CNSS) instructions
- Establishing and maturing information security risk management frameworks and Governance, Risk, and Compliance (GRC) systems
- Experience with Telos Xacta IA Manager
- Effectively participating in diverse, multi-disciplinary, project and operational teams
- Clearly communicating (written & verbal) technical information security and/or IT business-related information to senior management, peers, and customers
Certification in one or more of the following is recommended:
- ISC2 Certified Information Systems Security Professional (CISSP)
- ISACA Certified Information Security Manager (CISM)
- ISACA Certified in Risk and Information System Control (CRISC)
- ISC2 Certified Cloud Security Professional (CCSP)
- Any SANS Global Incident Analysis Center (GIAC) certifications
Equal Employment Opportunity
PNNL is an Equal Opportunity/Affirmative Action Employer that is committed to hiring a diverse, talented workforce. EOE Disability/Vet/M/F/Sexual Orientation/Gender Identity. Staff at PNNL must be able to demonstrate the legal right to work in the United States.
This position requires the ability to obtain a federal security clearance in a timely manner. Which requires:
* U.S. Citizenship
* Background Investigation: Applicants selected will be subject to a Federal background investigation and must meet eligibility requirements for access to classified matter in accordance 10 CFR 710, Appendix B.
* Drug Testing: All Security Clearance (L or Q) positions will be considered by the Department of Energy to be Testing Designated Positions which means that they are subject to applicant, random, and for cause drug testing. In addition, applicants must be able to demonstrate non-use of illegal drugs, including marijuana, for the 12 consecutive months preceding completion of the requisite Questionnaire for National Security Positions (QNSP).
Note: Applicants will be considered ineligible for security clearance processing by the U.S. Department of Energy until non-use of illegal drugs, including marijuana, for 12 consecutive months can be demonstrated.
Directorate: National Security Dir
Job Category: Computation and Information Sciences
Group: NSD Security Operations Office
Opening Date: 2016-11-10
Closing Date: 2016-12-10