Logo
ITR

Cybersecurity Analyst Job at ITR in Oak Ridge

ITR, Oak Ridge, TN, US,


Job Description

Job Description
Overview:
Cybersecurity Analyst
Candidates must be able to obtain a federal security clearance so US citizenship is required. Candidates will also be expected to work onsite.

East Tennessee company is currently seeking qualified applicants to serve as a Cybersecurity Analyst to support the Cybersecurity Division’s Governance team for unclassified operations. The successful candidate should have a basic understanding of all aspects of cybersecurity. The candidate will collaborate with other teams across the lab, to include Information Technology, Physical Security, Classification Office, Cybersecurity, Lab Enterprise Risk, Lab Internal Audit, and others as appropriate.
Purpose:
Assist the Information Systems Security Manager (ISSM) and the Chief Information Security Officer (CISO) in the implementation of cyber security requirements and procedures across the clients IT network. This role aligns with the Cybersecurity Division's mission to safeguard critical infrastructure, protect sensitive information, and drive research and innovation. By promoting collaboration, leveraging technology, and adhering to best practices, we ensure the resilience and integrity of our digital landscape while empowering stakeholders with secure solutions.
Duties and Responsibilities:
A Cybersecurity Analyst in the Cybersecurity Division’s Governance Group is responsible for assisting in the development, review, and updating of cybersecurity policies and procedures, ensuring compliance with industry standards and regulations. They conduct regular audits, risk assessments, and participate in incident response activities, documenting findings and recommending corrective actions. They support the delivery of cybersecurity training and awareness programs, maintain accurate records of cybersecurity activities, and help prepare reports for senior management. Additionally, they help conduct security assessments and ensure data protection measures are effective. They participate in Governance group meetings, stay updated on relevant laws and standards, and contribute to continuous improvement initiatives to enhance ORNL’s cybersecurity posture.
Primary Responsibilities:
  • Identify, review, and provide analysis of applicable laws, regulations, orders, and contracts in order to develop policies, procedures, and control structures that meet requirements and alignment with business objectives.
  • Ensure systems are documented in accordance with DOE and ORNL security policies and procedures as outlined in applicable System Security Plans (SSPs).
  • Ensure compliance with industry standards, regulations, and internal security policies.
  • Develop and maintain security documentation, including policies, procedures, and guidelines.
  • Provide guidance on policies and controls to support appropriate levels of risk, facilitate risk tolerance discussions and decisions, and recommend controls based on industry standards and practices.
  • Participate in internal/external compliance audits, reviews, self-assessments, assessments, and data calls.
  • Evaluate and recommend new security solutions to enhance the organization's security posture.
  • Other duties as assigned for support within the program.
Basic Qualifications:
  • Bachelor’s degree with 2-4 years of relevant experience (ex. cybersecurity assessments, risk management, cybersecurity policy, and compliance, etc.). An equivalent combination of education and experience may be considered.
  • Ability to obtain and maintain a DOE Q security clearance or equivalent is required.
  • Strong analytical and organizational skills as well as problem solving capabilities to understand Cybersecurity risk and exposure (legal, regulatory violations, etc.) to ORNL.
  • Demonstrated experience implementing compliance frameworks (NIST, etc)
  • Excellent interpersonal, verbal, written, and presentation communication skills.
  • Thorough understanding of industry standards and regulations including NIST 800-53, NIST Risk Management Framework, and NIST Cybersecurity Framework (CSF).
  • Working knowledge of privacy regulations and impacts.
  • Ability to work independently, meet deadlines, and uphold high ethical standards.
Preferred Qualifications:
  • Active DOE Q or TS security clearance or equivalent.
  • Master’s degree in information assurance or related field with 1-3years of relevant experience working in an information security, information technology or information risk management related field.
  • Cybersecurity certifications (CISSP, CISA, CISM, CRISC, CCSP, SSCP) and Incident Response Certification
  • Privacy management, cybersecurity, evaluating security controls, identifying control gaps, and mitigating measures along with a strong understanding of business practices and technology concepts.
  • Highly motivated individual with an enthusiasm for governance, risk and compliance who can communicate benefits and drive success.
  • Demonstrated background in governance, risk, and compliance.
  • Experience in obtaining Authority to Operate (ATO) for DOE government systems.
Special Requirement:
This position requires the ability to obtain and maintain a clearance from the Department of Energy and is subject to Workplace Substance Abuse (WSAP) testing designated position requirements. WSAP positions require passing a pre-placement drug test and participation in an ongoing random drug testing program.