Risk and Privacy Compliance Manager

Location: Oak Ridge, TN

Job Title: Risk and Privacy Compliance Manager

Career Level From: Specialist

Career Level To: Advisor

Organization: IT Business Operations (51355096)

Job Specialty: Service Transition

What You'll Do

The Information Solutions and Services (IS&S) organization at Consolidated Nuclear Security (CNS) is dedicated to providing information services and technology that enable staff to be productively engaged in the NNSA nuclear security mission. This position supports the Director of Business Operations with the responsibility for coordinating IS&S Risk and Privacy programs at the Y-12 Security Complex in Oak Ridge, TN. This position will be responsible for integrating effective risk management across the IS&S and cybersecurity programs. The position is also responsible for ensuring that the company is in compliance with all applicable privacy policies and procedures.

Major responsibilities include:

Risk Officer

Act as the primary interface with the CNS Enterprise Risk Management Program (ERM)

Work with IS&S leadership to identify, define and record risks in the IS&S risk register

Manage the definition of risk impact scores and mitigation plans to continually reduce risk

Work with ERM to identify risks and opportunities on other organizations' risk registers that contain an IT or Cyber component

Identify and analyze risks across all IT projects and initiatives

Track all risk mitigation activities in accordance with IS&S demand management and project management processes

Privacy Officer

Develop and manage the overall company privacy program to ensure compliance with Federal requirements

Act as Site Privacy Representative (PR) in accordance with NNSA SD 206.1A

Ensure privacy impact assessments (PIAs) are complete for federal information systems that process, contain, or store federal information under company management

Establish policies, procedures and monitoring to confirm Personally Identifiable Information (PII), in any format, is protected, secured, and disposed of when no longer required.

Develop and implement a comprehensive training program for all employees regarding privacy and protection of PII.

Ensure all internal and external data exchanges adhere to the company's policies and procedures.

Report all privacy breaches within required time limits and manage the investigation and response activities.

What You Can Expect

Meaningful work and unique opportunities to support missions vital to national and global security

Top-notch, dedicated colleagues

Generous pay and benefits with a stable organization

Career advancement and professional development programs

Work-life balance fostered through flexible work options and wellness initiatives Minimum Job Requirements

Bachelor's Degree in engineering/science discipline: Minimum 4 years of relevant experience.

Master's Degree: Minimum 2 years relevant experience.

Job may require on call support in the event of an operational or cyber security incident.

Ability to travel (<6 weeks per year) to off-site locations to support DOE/NNSA mission requirements.

Preferred Job Requirements

Bachelor's Degree coupled with a minimum of 15 years of relevant experience and progressive management responsibilities.

5+ years managing cross-functional, complex teams, delivering major IT projects and supporting a large customer base

5+ years' experience managing risk and/or privacy compliance programs

Ability to work autonomously, strong decision making, time management, communication, and customer service skills

Strong operational background with demonstrated ability to support mission critical operations, improve system availability, and manage within a highly regulated compliance environment

Strong written and oral communication skills

Certified Information Privacy Professional (CIPP/US) accreditation

Advanced Degree in information technology, engineering, or related field

CISSP, ITIL, and/or PMP certifications desired but not required

Familiarity with DOE/NNSA Cyber Security program and requirements

Past management experience within DOE/NNSA or other national security federal programs such as DoD or the Intelligence community

Familiarity with business process re-engineering to include Six Sigma and/or Lean techniques

Specific knowledge of Federal cyber security and risk management requirements with an emphasis on NIST Special Publications (i.e., 800-53)

Why Y-12?

You get #morethanajob. We encourage employees to achieve a healthy personal balance among home, work and the community. One of the ways we embrace work-life balance is by offering flexible work arrangements that provide alternatives to the traditional workweek, while still meeting business needs. Top talent and personal commitment mean more to our success than any other factors, so we reward our people with the kinds of benefits that make a positive difference in the quality of their lives. Benefits such as: medical plan, prescription drug plan, vision plan, dental plan, employer matched 401(k) savings plan, disability coverage, education reimbursement and many more. Want to stay healthy and fit but hate the cost of a gym membership? Take advantage of one of our onsite workout facilities and eat healthy in our onsite cafeterias. Much more than a workplace, at Y-12, you can build a career that lasts a lifetime. Notes

The minimum education and experience for the lowest career level in the job posting range are listed under Minimum Job Requirements. Successful candidates hired into a higher career level than the minimum in the range must meet the requirements listed in the job leveling charts for the career level into which they are being hired.

If a range of Career Levels is posted, i.e., Senior Associate to Senior Specialist, internal applicants already in one of the Career Levels would come across at their current Career Level. Internal applicants currently in a lower level Career Level would move to the lowest posted Career Level.

Requires a Q clearance; however all qualified candidates will be considered regardless of their current clearance status. The ability to obtain and maintain a Department of Energy Q clearance is required.

This position may require entry into the Material Access Areas (MAA) and participation in the Human Reliability Program (10 C.F.R. Part 712), which requires successful competition of a DOE counterintelligence evaluation and may include a counterintelligence-scope polygraph examination.

This position may be categorized as a "designated position" identified by 10 C.F.R. Part 709, requiring successful completion of a DOE counterintelligence evaluation that may include a counterintelligence-scope polygraph examination.

CNS is a drug-free workplace. Candidates accepting a job offer will be required to pass a pre-placement physical, drug screening and background investigation. As an employee, you may be required to receive and maintain a security clearance from the United States Department of Energy in order to meet eligibility requirements for access to sensitive information or matter. U.S. citizenship is a requirement for security clearance applicants. All employees are subject to being randomly selected for drug testing without advance notification.

CNS is an equal opportunity employer. All qualified applicants will receive consideration for employment based on merit and without regard to race, color, religion, sex, sexual orientation, national origin, protected veteran status or disability.