Information Systems Security Officer

Company: The National Renewable Energy Laboratory (NREL)
Location: Golden
Posted on: August 7, 2022

Job Description:

Posting TitleInformation Systems Security OfficerLocationCO - GoldenPosition TypeRegularHours Per Week40Mandatory COVID-19 Vaccination ProtocolsEmployment at NREL is contingent upon your compliance with all NREL and U.S. Department of Energy (DOE) safety protocols and mitigation efforts directed at the COVID-19 pandemic. At present, NREL requires all employees to be immunized against COVID-19. However, employees may seek an exemption from this requirement as an accommodation for religious or medical reasons. Upon hire, new employees must submit a request for accommodation or be prepared to provide proof of vaccination on your first day of employment. Those without proof of vaccination may be required to participate in weekly testing for access to an NREL site.Working at NRELThe National Renewable Energy Laboratory (NREL), located at the foothills of the Rocky Mountains in Golden, Colorado is the nation's primary laboratory for research and development of renewable energy and energy efficiency technologies.From day one at NREL, you'll connect with coworkers driven by the same mission to save the planet. By joining an organization that values a supportive, inclusive, and flexible work environment, you'll have the opportunity to engage through our eight employee resource groups, numerous employee-driven clubs, and learning and professional development classes.NREL supports inclusive, diverse, and unbiased hiring practices that promote creativity and innovation. By collaborating with organizations that focus on diverse talent pools, reaching out to underrepresented demographics, and providing an inclusive application and interview process, our Talent Acquisition team aims to hear all voices equally. We strive to attract a highly diverse workforce and create a culture where every employee feels welcomed and respected and they can be their authentic selves.Our planet needs us! Learn about NREL's critical objectives, and see how NREL is focused on saving the planet.Note: Research suggests that potential job seekers may self-select out of opportunities if they don't meet 100% of the job requirements. We encourage anyone who is interested in this opportunity to apply. We seek dedicated people who believe they have the skills and ambition to succeed at NREL to apply for this role.Job DescriptionNREL's Cybersecurity Operations team defends the laboratory from cyber threats by partnering with the NREL community to design innovative, trustworthy solutions that enable transformative energy research. We support the mission of the laboratory by ensuring the foundational information systems supporting critical research and operations are designed, implemented, and maintained in a manner that protects NREL systems, workers, and information from harm while meeting Department of Energy security and privacy requirements.The Cyber Security - Information Systems Security Officer will excel at assessing the risk of a program area based on likelihood of threat and impact of a security breach to ensure that applications and infrastructure are designed and implemented to the highest security standards. The Information Systems Security Officer must be able to analyze, design, and recommend plans to test the effectiveness of a security implementation and be able to evaluate NREL's security posture. The Information Systems Security Officer must possess strong leadership and project management skills. Strong communication skills are a must. This position is located on NREL's Golden, CO campus.Job DutiesProvides high-level support policy and program assistance to the Information Systems Security Manager for security policy, compliance efforts, and strategic initiatives.Work with customers to implement system security measures, develops and documents information system security plans for NREL's infrastructure and cloud environments and provides technical guidance and trainingProvides risk-based reviews of system baseline exceptions and network access requests.Monitors and performs regular audits on internal systems to ensure that appropriate access levels are maintained and manages the review of security audits, vulnerability testing and security reviewsMentors team members and peers in the areas of information security and privacy and serves as an investigator during applicable forensic investigationsAssists in coordinating security responses, processes, and procedures by working with cross-functional teams and working with both technical and non-technical audiences on guidance and feedback in addressing issues pertaining to data protection and security policy.Aids in the design of NREL's Risk Management Framework including Continuous Monitoring, Contractor Assurance System, and ATO recertification.Champions security standards, procedures and working guidelinesDesired requirements and qualificationsApplicable security certifications (CISSP, CISA, etc)Strong technical background in multiple disciplines, including experience in/with:Security assessment methodologyWeb servers and system administrationSecurity monitoringNetwork architecture and troubleshootingDemonstrated skills in critical thinking and problem solvingStrong QA/testing (scripting/execution/documentation) skillsExcellent communication skills, including listening; being able to provide both oral and written presentations on changes as well as appropriate documentationAbility to form effective teams with internal and external collaborators.Proven problem-solving and negotiation skills.Demonstrated skill in dealing with legal and ethical issues and practices.Ability to collaborate with individuals at all levels of the organization.Strong technical background and experience in a high-pressure, fast-paced environment.Applies extensive IS expertise in specific field and has full knowledge of related disciplines. Evaluates new hardware, software, systems tools and applications and makes procurement recommendations. Excellent leadership and project management skills. Skilled in analytical techniques, practices and problem solving. Extensive programming and architecture abilities with various computer software programs and information systems.Must have or be able to obtain a "Q" Security Clearance.Basic QualificationsBachelor's degree with three years of experience in cyber security, security programs or compliance assurance OR Five years of experience in cyber security, security programs or compliance assurance in lieu of a degreeAdditional Required QualificationsMust have or be able to obtain a "Q" Security Clearance.Preferred QualificationsExperience should include 3 or more years in an Information Technology role working in security testing. Previous experience in a DOE or National Laboratory environment, including the understanding and implementation of NIST, FIPS, and DOE security controls, guidelines, and standards. Knowledge of network related protocols and security event log management and reporting tools. Incident response, forensics and malware analysis experience is a plus.Annual Salary Range (based on full-time 40 hours per week)Job Profile: IT Professional III / Annual Salary Range: $75,500 - $135,900NREL takes into consideration a candidate's education, training, and experience, as well as the position's work location, expected quality and quantity of work, required travel (if any), external market and internal value, including seniority and merit systems, and internal pay alignment when determining the salary level for potential new employees. In compliance with the Colorado Equal Pay for Equal Work Act, a potential new employee's salary history will not be used in compensation decisions.Benefits SummaryBenefits include medical, dental, and vision insurance; short*- and long-term disability insurance; pension benefits*; 403(b) Employee Savings Plan with employer match*; life and accidental death and dismemberment (AD) insurance; personal time off (PTO) and sick leave; paid holidays; and tuition reimbursement*. NREL employees may be eligible for, but are not guaranteed, performance-, merit-, and achievement- based awards that include a monetary component. Some positions may be eligible for relocation expense reimbursement. Limited-term positions are not eligible for long-term disability or tuition reimbursement.* Based on eligibility rulesSubmission GuidelinesPlease note that in order to be considered an applicant for any position at NREL you must submit an application form for each position for which you believe you are qualified. Applications are not kept on file for future positions. Please include a cover letter and resume with each position application.EEO PolicyNREL is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard basis of age (40 and over), color, disability, gender identity, genetic information, marital status, military or veteran status, national origin/ancestry, race, religion, creed, sex (including pregnancy, childbirth, breastfeeding), sexual orientation, and any other applicable status protected by federal, state, or local laws.EEO is the Law - Pay Transparency Nondiscrimination - Reasonable Accommodations E-Verify www.dhs.gov/E-Verify-For information about right to work, click here for English or here for Spanish.E-Verify is a registered trademark of the U.S. Department of Homeland Security. This business uses E-Verify in its hiring practices to achieve a lawful workforce.

Keywords: The National Renewable Energy Laboratory (NREL), Denver , Information Systems Security Officer, IT / Software / Systems , Golden, Colorado