Cyber Security Program Analyst

About The Position

Requirements

• A keen eye for detail with a track record of spotting and rectifying errors.
• Exceptional problem-solving skills coupled with the ability to effectively implement solutions.
• Thrive in collaborative environments, harnessing both internal and external expertise.
• Capable of driving a process-oriented mindset.
• Fast learner with the ability to absorb technical and process knowledge across various security domains.
• A strategic thinker who balances tactical execution with long-term planning.
• Skilled in conducting independent research and implementing automated solutions for DOE requests.
• Familiar with business intelligence and reporting tools like Tableau and Excel.
• Ability to convey technical challenges clearly to senior management.
• Effective at presenting information to showcase strategic portfolio landscapes.
• Proficient in handling large datasets and performing analytics.
• Advanced user of Excel, PowerPoint, Visio, and other Office applications.
• Adept at streamlining and distilling information within expansive organizations.
• Strong interpersonal skills are a must.
• Knowledgeable in governance frameworks such as COBIT, ITIL, NIST, and relevant cyber technologies.
• Understanding of cyber operations and their broader strategic implications.
• Skilled in developing policies and strategies that comply with relevant regulations.
• Solid grasp of cybersecurity threats, vulnerabilities, and their operational impacts.
• A fundamental understanding of IT and cyber principles along with strong communication skills.
• Comfortable navigating ambiguity and proficient in creating technical documentation.
• Outstanding communication skills, including negotiation and conflict resolution.
• Familiarity with the NIST Cyber Security Framework and technologies for data protection.
• Demonstrated strategic thinking abilities in operational implementation.
• Excellent analytical capabilities and business savvy to align performance with objectives.
• Must possess (or be able to obtain) a “Q” level security clearance.
• Bachelor’s Degree in Computer Science, Cyber Security or related field.
• Must have 10 years of relevant information assurance experience.
• At least 3 years Defensive Cyberspace Operations (DCO) or Cyber Protection Team experience
• At least one year of documenting and implementing security policies, standards, and/or controls
• Experience operating and maintaining IAM, DLP, and/or VM infrastructure, leading or participating in their day-to-day operations and maintenance, as well as monitoring, reporting, and auditing technical, security, and business activities.

Nice To Haves

• IT audit and risk advisory experience is a distinct advantage.
• Proven skills in facilitation and building consensus in collaborative environments.
• Experience working as a Business Systems Analyst on multiple projects and business functions is a plus.
• Experience working successfully in a highly matrixed work environment.
• CISA, CRISC, CISSP, or CISM certifications beneficial.
• Other IAT/IAM Level I, II & III Certifications will be beneficial.

Responsibilities

• Advise the Authorizing Official on cyber risks
• Analyze results from security assessments
• Implement mitigation strategies in alignment with national security objectives
• Leverage knowledge of security policies, standards, controls, and industry best practices to consult with partners across the DOE complex
• Ensure that Governance, Risk and Compliance (GRC) functions are incorporated into key security services and program while validating risk mitigation functions are functioning correctly
• Document and assist others in documenting security domain specific policies, standards, controls, control operating procedures
• Liaise with GRC and stakeholders to ensure alignment between all groups
• Translate ambiguous high-level language into real world operations
• Diplomatically influence teams to implement a Governance Framework showing the value it will bring and tactfully help adjust existing operations to align with the framework
• Stay current on information security technologies, trends, standards and best practices
• Develop and understand Information Technology (IT)/cybersecurity strategies, policies, and guidelines for secure implementations
• Assess policy needs and collaborate with stakeholders to develop policies to govern IT/cyber activities
• Review, conduct, or participate in audits of cyber programs and projects
• Support management in the formulation of IT/cyber-related policies and provide expertise to course of action development
• Develop, implement, and recommend changes to appropriate planning procedures and policies
• Facilitate the sharing of “best practices” and “lessons learned” throughout the IT/ cyber operations community
• Provide subject matter expertise to planning teams, coordination groups, exercise, and task forces as necessary
• Provide input for the development and refinement of the IT/cyber operations objectives, priorities, strategies, plans, and programs
• Document lessons learned that convey the results of events and/or exercises
• Initiate, develop, and work data audits by collecting and reviewing all requirements and ensuring the correct information and data are prepared for team lead. Supporting and improving internal controls and data projects
• Assist in developing data briefings for high-level executives
• Assist with development of internal organization policies and procedures, which affect cross-functional activities and best practices
• Create SOPs, including process maps, for developed dashboards and reporting procedures
• Research of emerging technologies that have potential for exploitation and the impact on systems
• Provide and leverage industry best practices and lessons learned of external organizations and academic institutions dealing with cyber issues
• Analyze and assess internal and external partner (i.e., EM-HQ, DOE OCIO) cyber operations capabilities and tools
• Assist DOE-SR Cyber Security with developing and maintenance of Cyber Lab
• Develop and perform Cyber Security Awareness training
• Develop outcome-based measures (metrics) to determine the effectiveness and efficiency of the cyber security program and security controls

Benefits

• Covers 100% of employee benefit premiums, including Medical (PPO or HDHP Option), Vision, Dental
• Matching 401K
• Short- and Long-Term Disability
• Pet Insurance
• Professional Development/Education Reimbursement
• Parking and Transit Benefits for NY, NJ, ATL, and DC Metro areas