Senior Information Systems Security Officer (ISSO)

About The Position

Requirements

• BS / BA degree in information technology or technical equivalent and a minimum of eight years of experience in cyber security and the C&A process. Additional years of experience may be considered in lieu of a degree.
• Current TS clearance with SCI eligibility
• Previous experience supporting SCI environments
• Security + or equivalent DoD Directive 8570 / 8140 Information Assurance Management Level I - III certification
• Working knowledge of: Risk Management Framework (RMF) process & requirements.
• Working knowledge of: NIST and CNSSI requirements
• Working knowledge of: Intelligence Community Directive 503 (ICD-503)
• Working knowledge of: Joint Special Access Program (SAP) Implementation Guide (JSIG)
• Excellent written and oral communication skills
• Demonstrated organizational skills
• Must be organized, self-motivated, and be able to work with minimal guidance
• Excellent written and verbal communication skills with an ability to interface with numerous cognizant security agencies, customers, and senior managers
• Previous experience in developing, testing, and collecting artifacts for RMF packages and BoEs of multiple systems
• Experience in authorized data transfers across multiple systems and different classifications

Nice To Haves

• Eligibility for access to Special Access Program Information
• CISSP, SEC+, or other relevant certifications
• Relevant ISSO / ISSE experience within the DoW or Intelligence Community.
• Experience with DoW/IC cybersecurity practices for on-premises and cloud native Kubernetes-based processing system.
• Knowledge of the Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) and configuration standards.
• Working knowledge of Industry Standard tools for purposes of audit reduction, vulnerability scanning, and malware analysis is preferred. Relevant tools include but are not limited to: Splunk, Tenable Nessus, Host Based Security System (HBSS) components, Security Content Automation Protocol (SCAP) Checker, and STIG viewer.
• Experience with Security Directives, Policies, Publications, and Regulations.

Responsibilities

• Oversee compliance with DOE and DoW cybersecurity policies and SSPs across multiple facilities.
• Conduct routine self-inspections, audits, and incident investigations, ensuring timely resolution and remediation.
• Manage continuous monitoring activities, system recovery processes, and contingency planning.
• Administer access controls, evaluate user accounts annually, and support ISSM in enforcing cybersecurity policy.
• Create, review, and maintain SSPs using Xacta, and support certification and accreditation activities.
• Perform and lead system certification testing, periodic and functional security testing, and annual self-inspections.
• Monitor system audit logs, execute authorized data transfers, and manage classified media in accordance with policy.
• Communicate effectively with stakeholders, document best practices, and deliver user training on security procedures.
• Uphold high ethical standards and maintain a commitment to ES&H protocols.
• Deliver ORNL’s mission by aligning behaviors, priorities, and interactions with our core values of Impact, Integrity, Teamwork, Safety, and Service. Promote equal opportunity by fostering a respectful workplace – in how we treat one another, work together, and measure success.

Benefits

• Prescription Drug Plan
• Dental Plan
• Vision Plan
• 401(k) Retirement Plan
• Contributory Pension Plan
• Life Insurance
• Disability Benefits
• Generous Vacation and Holidays
• Parental Leave
• Legal Insurance with Identity Theft Protection
• Employee Assistance Plan
• Flexible Spending Accounts
• Health Savings Accounts
• Wellness Programs
• Educational Assistance
• Relocation Assistance
• Employee Discounts