cybersecurity authorization manager

Location: Oak Ridge, TN

Job Title: Cybersecurity Authorization Manager

Career Level From: Supervisor

Career Level To: Senior Manager

Organization: Chief Information Security Off (50003144)

Job Specialty: Cyber Security

What You'll Do

The Cybersecurity Authorizations Manager is responsible for the Cybersecurity Authorization’s team. This team is responsible for information system and software continuous authorization to operate, certification and technical testing. Also, development of the required documentation for new and existing information systems. This role is expected to manage the team that plans and executes security controls to secure information systems, networks, and data. Also, this work role collaborates with the security operations team focused on cyber risks and threats to information security systems. The Authorizations Manager will report to the Chief Information Security Officer (CISO), and will work with the Cyber Operations Manager, the Network Operations Center, Enterprise Risk manager and other business functional managers. This position is expected to have an expert understanding implementing the NIST Risk Management Framework (RMF). This manager shall lead a team at the Y-12 National Security Center, in Oak Ridge, Tennessee.

Specific Job Responsibilities

•Designs, tests, and implements state-of-the-art secure operating systems, networks, and database products.

•Conducts risk assessment and provides recommendations for application design. Involved in a wide range of security areas, including architectures, firewalls, electronic data traffic, and network access.

•Uses encryption technology, penetration, vulnerability analysis of various security technologies, and information technology security research.

•Assemble security reports to regulatory agencies

•Will serve as an Alternate Information System Security Manager (A-ISSM), assisting the primary ISSM in delegated duties.

•This position is expected to have advanced experience implementing the NIST Risk Management Framework (RMF) and the various supporting elements.

•This role shall stay up to date on the latest risks and threats to information security systems, as well as working with the technology subject matter expert to develop risk assessments and the proper mitigations.

•Maintain timely and effective communication with stakeholders to resolve Cybersecurity issues (to include development and maintenance of employee Cybersecurity training)

•Plan, prioritize, and coordinate cyber staff priorities of work

•Ensure risk-balanced security measures are integrated into IT projects and activities

•Manage compliance activities to support the contractor assurance program (i.e., patching and mitigation actions to resolve vulnerability scans)

•Establish policies and procedures to ensure appropriate cyber controls and monitoring are in place to ensure the confidentiality, integrity, and availability of business and NNSA information

•Support the CISO and other Cybersecurity personnel to ensure implementation of the Cybersecurity program remains in compliance with DOE/NNSA and NIST requirements

•Standardize, document, maintain, and automate where possible cyber processes for monitoring, analysis, and response to cyber incidents

•Plan, prepare, and devise work plans that ensure cyber efforts are conducted within approved budget and schedule parameters

•Work with CISO to establish cyber metrics to gauge program effectiveness and perform internal audits and assessments

•Responsible for hiring and developing cybersecurity subject matter experts and retaining critical cybersecurity skills within the workforce

•Ability to work autonomously, strong decision making, effective time management, and first-class customer service skills

•On call support in the event of an operational or cybersecurity incident

•Ability to travel, ~10% per fiscal year, supporting mission requirements

Specific Job Knowledge & Training Required:

•Knowledge of Federal Cybersecurity protection standards and baselines (e.g., NIST Cybersecurity Framework, NIST SP 800-53, DoD STIGs, CNSSI 1253)

•Ability to identify cyber risks and appropriate mitigations

•Ability to create required documentation and to leverage automated tools such as electronic Governance, Risk, and Compliance (eGRC) systems

•Ability to train and mentor others to research and document security best practices for particular devices, applications, and emerging technologies

•Ability to present administrative, technical, and operational information clearly and effectively through the oral and written word as well as diagrams and charts

•Experience leading self-assessments and supporting external audit activities

•CISSP, CEH, GSIP, or CISM certifications

•Familiarity with automated compliance scanning tools

•Knowledge of the ITIL framework

•Experience in project management

•Familiarity with DOE Cybersecurity program and requirements

•Familiarity with supporting and enabling the DOE/NNSA mission

•Familiarity with implementing

What You Can Expect

• Meaningful work and unique opportunities to support missions vital to national and global security
• Top-notch, dedicated colleagues
• Generous pay and benefits with a stable organization
• Career advancement and professional development programs
• Work-life balance fostered through flexible work options and wellness initiatives

Minimum Job Requirements

• Bachelor's degree: Minimum 5 years of relevant experience.

Why Y-12?

You get #morethanajob. We encourage employees to achieve a healthy personal balance among home, work and the community. One of the ways we embrace work-life balance is by offering flexible work arrangements that provide alternatives to the traditional workweek, while still meeting business needs. Top talent and personal commitment mean more to our success than any other factors, so we reward our people with the kinds of benefits that make a positive difference in the quality of their lives. Benefits such as: medical plan, prescription drug plan, vision plan, dental plan, employer matched 401(k) savings plan, disability coverage, education reimbursement and many more. Want to stay healthy and fit but hate the cost of a gym membership? Take advantage of one of our onsite workout facilities and eat healthy in our onsite cafeterias. Much more than a workplace, at Y-12, you can build a career that lasts a lifetime.