IT Professional III Information Systems Security Officer

• Perform security and privacy risk and impact analysis for system additions (ex. new hardware, software, or services), significant changes to systems, and network- and system-level requests for control changes and exceptions.
• Support cybersecurity policy and procedure development, risk awareness, and control implementation training initiatives by creating and delivering online and in-person content.
• Support continuous assessment and monitoring of NLR's security and privacy posture by observing and reporting trends in risks assessed or observed among NLR'S information systems.
• Provide NLR colleagues with technical direction and coaching to remedy security and privacy control weaknesses.
• Analyze, prioritize, and report on the results of control weakness remediation.
• Champion cybersecurity and privacy best practices to technical and non-technical audiences.
• Participate in projects that improve the effectiveness and efficiency of NLR's cybersecurity program, including but not limited to workflow improvements, management tool enhancements, program or NLR strategic initiatives, and user awareness training.

Relevant Bachelor's Degree and 5 or more years of experience or equivalent relevant education/experience. Or, relevant Master's Degree and 3 or more years of experience or equivalent relevant education/experience. Or, relevant PhD or equivalent relevant education/experience. Complete understanding and wide application of principles, concepts and techniques in specific field. General knowledge of related IS disciplines. Strong leadership and project management skills. Skilled in analytical techniques, practices and problem solving. Advanced programming, design and analysis abilities with various computer software programs and information systems., * At least 5 years of experience working specifically in a risk assessment, auditing, and/or security planning and control implementation role.

• Subject matter expertise in one or a combination of the following areas: the system development and engineering lifecycle; network security principles including an understanding of firewalls and security segmentation; endpoint and application security principles including understanding of access controls, vulnerability management; encryption best practices; and cloud and vendor security management principles.

• One or more professional security certifications, such as GIAC (SANS) certifications, CRISC, CISA, CISSP, Security+.

• Awareness of or training in FAIR Analysis fundamentals.

• Interest or experience in improving processes through procedural analysis and/or automation.

• Familiarity with federal information security frameworks including but not limited to NIST frameworks and FISMA requirements.

• Awareness of legal and ethical issues related to cybersecurity including but not limited to privacy and regulatory or legal compliance requirements.

• Comfortable in a fast-paced, and rapidly changing environment.

• Experience with operational planning., * Ability to perform research, read documentation, and independently learn new skills.

• Ability to work both alone and as part of a collaborative team.

• Demonstrated skills in critical thinking and problem solving.

• Excellent communication skills, including active listening, ability to prepare and deliver presentations, and clear written correspondence and documentation.

• Completed SkillBridge or other internship program with DOE Laboratory Experience.

• Master Degree.

Candidates who possess or can obtain and maintain a DOE (L or Q) security clearance and SCI access are preferred. SCI access may require a polygraph examination.

NOTE: To obtain a clearance, an individual must be at least 18 years of age; U.S. citizenship is required except in very limited circumstances. See DOE Order 472.2 for additional information.

Benefits include medical, dental, and vision insurance; short*- and long-term disability insurance; pension benefits*; 403(b) Employee Savings Plan with employer match*; life and accidental death and dismemberment (AD&D) insurance; personal time off (PTO) and sick leave; paid holidays; and tuition reimbursement*. NLR employees may be eligible for, but are not guaranteed, performance-, merit-, and achievement- based awards that include a monetary component. Some positions may be eligible for relocation expense reimbursement. Limited-term positions are not eligible for long-term disability or tuition reimbursement.

NLR is located at the foothills of the Rocky Mountains in Golden, Colorado is the nation's primary laboratory for energy systems research and development. Join the National Laboratory of the Rockies (NLR), where world-class scientists, engineers, and experts are accelerating energy innovation through breakthrough research and systems integration. From our mission to our collaborative culture, NLR stands out in the research community for its commitment to an affordable and secure energy future. Spanning foundational science to applied systems engineering and analysis, we focus on solving complex challenges to deliver advanced, secure, reliable, and cost-effective energy solutions. Our work helps strengthen U.S. industries, support job creation, and promote national economic growth. At NLR, you'll find a mission-driven environment supported by state-of-the-art facilities, multidisciplinary research teams, and strong collaborations with industry, academia, and other national laboratories. We offer robust professional development opportunities, and a competitive benefits package designed to support your career and well-being., E-Verify is a registered trademark of the U.S. Department of Homeland Security. This business uses E-Verify in its hiring practices to achieve a lawful workforce.