Cyber Governance Information Systems Security Officer (ISSO)

Oak Ridge National Laboratory•Oak Ridge, TN

3d•Onsite

About The Position

We’re hiring an Information Systems Security Officer (ISSO) to facilitate continuous monitoring and RMF compliance across the organization. The ISSO will collaborate with various groups and ensure DOE security policies are properly implemented. Reporting to the Cyber Governance NSS Team Leader, the selected candidate will interact with all levels of the organization. The ISSO is responsible for ensuring security and compliance of classified information systems through policy implementation, user authorization, and system monitoring. This position resides in the Cyber Governance group in the Cybersecurity division in the Information Technology Services Directorate at Oak Ridge National Laboratory (ORNL).

Requirements

BS in information technology, information systems, or a related discipline and a minimum of 5-7 years of aligned professional Cybersecurity experience with a proven track record of implementing enterprise-wide security plans and controls is required for consideration. An overall combination of equivalent education and experience may be considered.
Demonstrated expertise in security control assessments and compliance frameworks (NIST 800-53, NIST CSF, CNSSI, ISO 27001, CIS), with strong analytical skills for evaluating cyber risks.
Superior communication abilities across written, verbal, and presentation formats, with experience developing comprehensive cybersecurity documentation.
Proven ability to work autonomously while maintaining strict deadlines and ethical standards in complex technical environments.
Ability to obtain and maintain a clearance from the Department of Energy.
Must be able to pass a pre-placement drug test and participate in an ongoing random drug testing program.

Nice To Haves

An MS in information technology, information systems, or a related discipline and a minimum of 4-6 years of aligned professional Cybersecurity experience with a proven track record of implementing enterprise-wide security plans and controls
Valid DOE Q, DOD Top Secret, or DOD TS/SCI clearance.
Demonstrated success obtaining Authorization to Operate (ATO) for government systems while managing competing priorities in high-pressure situations
Industry-recognized certifications (CISSP, CISM, CISA, CRISC)
Extensive experience with vulnerability management tools and processes
Deep understanding of incident response procedures and enterprise security tool implementation

Responsibilities

Leads continuous monitoring initiatives to maintain Risk Management Framework (RMF) compliance across the organization.
Serves as the primary facilitator between security requirements and implementation, requiring strong information security knowledge, problem-solving capabilities for complex security challenges, and effective communication skills to bridge technical and non-technical stakeholders.
Operate and maintain systems per DOE and NNSA security policies and SSPs
Establish user authorization procedures for classified systems
Support ISSM in cyber security policy implementation
Develop/maintain SSPs and manage POA&Ms
Conduct compliance reviews against NIST/CNSSI standards
Oversee configuration management and change control
Implement system recovery processes and contingency plans
Assist with security testing and annual inspections
Review system audit records and manage data transfers
Document procedures and conduct user training
Deliver ORNL’s mission by aligning behaviors, priorities, and interactions with our core values of Impact, Integrity, Teamwork, Safety, and Service.
Promote equal opportunity by fostering a respectful workplace – in how we treat one another, work together, and measure success.