Cyber Governance Analyst

Job Description

Job Description

East Tennessee company seeks to hire a Cyber Governance Analyst to ensure compliance with cyber security policy and help manage governance and risk, while enabling mission / business objectives and compliance program initiatives.

The successful candidate should have a basic understanding of all aspects of cybersecurity. The candidate will collaborate with other teams across the lab, to include Information Technology, Physical Security, Classification Office, Cybersecurity, Lab Enterprise Risk, Lab Internal Audit, and others as appropriate.

The Cyber Governance Analyst develops policy documents, security control strategies, and risk mitigation strategies to ensure compliance with requirements. Can be remote.

Primary Responsibilities :

• Identify, review, and provide analysis and recommendations to meet requirements of applicable laws, regulations, orders, and the contract, translate into policies, procedures, suggested control structures, analysis / white papers, aligning with business objectives
• Provide guidance on policies and controls to support appropriate levels of risk, facilitate risk tolerance discussions and decisions, and recommend controls based on industry standards and practices
• Assist risk management efforts including risk assessment process, identification of risk mitigation strategies, standardized assessment processes, and risk management training
• Participate in internal / external compliance audits, reviews, self-assessments, assessments, and data calls
• Identify, promote, and implement process improvements
• Perform Security Control assessments per NIST SP 80053A Rev.5 guidance

Qualifications Required :

• Bachelor’s degree in IT, Cyber, or related field and at least 5 years of experience in cyber policy, risk management, governance and compliance, though a combination of education and experience may be considered for exceptional candidates
• Experience in security control assessments, Master Plans, and Cybersecurity program plans
• Strong analytical and organizational skills as well as problem solving capabilities to understand Cyber risk and exposure (legal, regulatory violations, etc.)
• Demonstrated experience implementing compliance frameworks (NIST, A123, Privacy)
• Facilitation and project management knowledge, skills, and abilities; lead program implementations
• Demonstrated excellent interpersonal, verbal, written and presentation communication skills and demonstrated ability to interact with all levels of internal and external stakeholders
• Strong customer service, networking, and teamwork skills with all levels of internal and external personnel, demonstrated ability to work with all levels of an organization
• Thorough understanding of industry standards and regulations including PCI, HIPAA, Privacy Act, NIST 800-53, NIST Risk Management Framework, FAIR
• Working knowledge of privacy regulations and impacts
• Experience integrating risk, compliance, and governance groups within an organization; support competing priorities, and provide guidance on how to meet requirements
• Ability to work independently and meet deadlines
• Exceptional communication, problem-solving and negotiation skills
• High ethical standards and operates with integrity and professionalism
• Must be able to obtain and maintain a DOE Q security clearance

Preferred Qualifications :

• Master’s Degree in Information Assurance or related field
• Minimum seven years’ experience working in an information security, information technology or information risk management related field
• Cyber Security certifications (CISA, CISM, CRISC, CISSP)
• Project Management certification (PgMP, PMP, PMI-ACP)
• Privacy management, cyber security, evaluating security controls, identifying control gaps, and mitigating measures along with a strong understanding of business practices and technology concepts
• Highly motivated individual with an enthusiasm for governance, risk and compliance who can communicate benefits and drive success
• Experience gaining an Authority to Operate (ATO) for a government system
• Proven track record of prioritizing tasking and meeting established deadlines
• Active DOE Q or TS clearance
30+ days ago