Cyber Governance Analyst
Description:
Job Description
East Tennessee company seeks to hire a Cyber Governance Analyst to ensure compliance with cyber security policy and help manage governance and risk, while enabling mission / business objectives and compliance program initiatives. The successful candidate should have a basic understanding of all aspects of cybersecurity. The candidate will collaborate with other teams across the lab, to include Information Technology, Physical Security, Classification Office, Cybersecurity, Lab Enterprise Risk, Lab Internal Audit, and others as appropriate. The Cyber Governance Analyst develops policy documents, security control strategies, and risk mitigation strategies to ensure compliance with requirements. Can be remote.
Primary Responsibilities:
Identify, review, and provide analysis and recommendations to meet requirements of applicable laws, regulations, orders, and the contract, translate into policies, procedures, suggested control structures, analysis/white papers, aligning with business objectives
Provide guidance on policies and controls to support appropriate levels of risk, facilitate risk tolerance discussions and decisions, and recommend controls based on industry standards and practices
Assist risk management efforts including risk assessment process, identification of risk mitigation strategies, standardized assessment processes, and risk management training
Participate in internal/external compliance audits, reviews, self-assessments, assessments, and data calls
Identify, promote, and implement process improvements
Perform Security Control assessments per NIST SP 80053A Rev.5 guidance
Qualifications Required:
Bachelor’s degree in IT, Cyber, or related field and at least 5 years of experience in cyber policy, risk management, governance and compliance, though a combination of education and experience may be considered for exceptional candidates
Experience in security control assessments, Master Plans, and Cybersecurity program plans
Strong analytical and organizational skills as well as problem solving capabilities to understand Cyber risk and exposure (legal, regulatory violations, etc.)
Demonstrated experience implementing compliance frameworks (NIST, A123, Privacy)
Facilitation and project management knowledge, skills, and abilities; lead program implementations
Demonstrated excellent interpersonal, verbal, written and presentation communication skills and demonstrated ability to interact with all levels of internal and external stakeholders
Strong customer service, networking, and teamwork skills with all levels of internal and external personnel, demonstrated ability to work with all levels of an organization
Thorough understanding of industry standards and regulations including PCI, HIPAA, Privacy Act, NIST 800-53, NIST Risk Management Framework, FAIR
Working knowledge of privacy regulations and impacts
Experience integrating risk, compliance, and governance groups within an organization; support competing priorities, and provide guidance on how to meet requirements
Ability to work independently and meet deadlines
Exceptional communication, problem-solving and negotiation skills
High ethical standards and operates with integrity and professionalism
Must be able to obtain and maintain a DOE Q security clearance
Preferred Qualifications:
Master’s Degree in Information Assurance or related field
Minimum seven years’ experience working in an information security, information technology or information risk management related field
Cyber Security certifications (CISA, CISM, CRISC, CISSP)
Project Management certification (PgMP, PMP, PMI-ACP)
Privacy management, cyber security, evaluating security controls, identifying control gaps, and mitigating measures along with a strong understanding of business practices and technology concepts
Highly motivated individual with an enthusiasm for governance, risk and compliance who can communicate benefits and drive success
Experience gaining an Authority to Operate (ATO) for a government system
Proven track record of prioritizing tasking and meeting established deadlines
Active DOE Q or TS clearance
Full-time
Hybrid remote