Information Systems Security Officer (Isso)

COMPANY OVERVIEW

XCEL Engineering, Inc. is an award-winning small business that provides trusted information technology, engineering, consulting and project management solutions and services to federal agencies and organizations. Originally founded in 1971 by professional engineers at the University of Tennessee, XCEL was acquired in 2003 by U.S. Army and Navy veterans and in 2023 became a MartinFed company.

XCEL Engineering is a part of IT Lab Partners (ITLP) which was created to support a leading research facility in the East Tennessee region in recruiting the best and the brightest technical talent. Considering joining our impressive team today!

JOB OVERVIEW

Xcel Engineering is currently seeking qualified applicants to serve as Information Systems Security Officer (ISSO). The successful candidate should have a basic understanding of all aspects of cybersecurity. The candidate will collaborate with other teams across the lab, to include Information Technology, Physical Security, Classification Office, Cybersecurity, Lab Enterprise Risk, Lab Internal Audit, and others as appropriate.

This is a full-time, permanent position that will work onsite in Oak Ridge, TN.

ESSENTIAL FUNCTIONS

• Aid the Information Systems Security Manager (ISSM) and Chief Information Security Officer (CISO) in the certification and accreditation (C&A) of systems/networks and implementation of cybersecurity requirements and procedures across the organization.
• Ensure systems are operated, maintained, and disposed of in accordance with DOE security policies and procedures and as outlined in applicable System Security Plans (SSPs).
• Establish and perform documented procedures for authorizing users to Information Systems.
• Develop and maintain SSPs for system C&A.
• Identify, review, and provide analysis and recommendations to meet requirements of applicable laws, regulations, orders, and the contract, translate into policies, procedures, suggested control structures, analysis/white papers, aligning with business objectives.
• Provide guidance on policies and controls to support appropriate levels of risk, facilitate risk tolerance discussions and decisions, and recommend controls based on industry standards and practices.
• Participate in internal/external compliance audits, reviews, self-assessments, assessments, and data calls.
• Identify, promote, and implement process improvements.

BASIC QUALIFICATIONS

• Experience in security control assessments, Master Plans, and Cybersecurity program plans
• Strong analytical and organizational skills as well as problem solving capabilities to understand Cybersecurity risk and exposure (legal, regulatory violations, etc.)
• Demonstrated experience implementing compliance frameworks (NIST, etc)
• Facilitation and project management knowledge, skills and abilities; lead program implementations
• Demonstrated excellent interpersonal, verbal, written and presentation communication skills and demonstrated ability to interact with all levels of internal and external stakeholders.
• Strong customer service, networking, and teamwork skills with all levels of internal and external personnel, demonstrated ability to work with all levels of an organization.
• Ability to work independently and meet deadlines.
• High ethical standards and operates with integrity and professionalism.
• Ability to obtain and maintain a DOE Security Clearance if needed which requires US Citizenship.
• Bachelor's degree in IT, Cybersecurity, Information Assurance, or related field and at least 2+ years of experience in cybersecurity policy, risk management, governance, and compliance through a combination of education and experience may be considered for exceptional candidates.

PREFERRED QUALIFICATIONS:

• Cybersecurity certifications (CISA, CISM, CRISC, CISSP, CCSP, SSCP)
• Incident Response Certification
• Privacy management, cybersecurity, evaluating security controls, identifying control gaps, and mitigating measures along with a strong understanding of business practices and technology concepts.
• Thorough understanding of industry standards and regulations including PCI, HIPAA, Privacy Act, NIST 800-53, NIST Risk Management Framework, FAIR
• Working knowledge of privacy regulations and impacts
• Highly motivated individual with an enthusiasm for governance, risk and compliance who can communicate benefits and drive success.
• Experience gaining an Authority to Operate (ATO) for a government system.
• Proven track record of prioritizing

PHYSICAL REQUIREMENTS & ENVIRONMENTAL CONDITIONS

• Inside office environment.
• Working on a computer for long periods of time.
• May involve long period of sitting at a desk.

OTHER DUTIES

This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.

Xcel Engineering is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regards to race, color, religion, religious creed, gender, sexual orientation, gender identity, gender expression, transgender, pregnancy, marital status, national origin, ancestry, citizenship status, age, disability, protected Veteran Status, genetics or any other characteristics protected by applicable federal, state or local law.

If you are a qualified individual with a disability or disabled veteran, you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access Xcel Engineering's current openings as a result of your disability. You can request reasonable accommodations by calling 855.212.1810. Thank you for your interest in Xcel Engineering.

All positions at Xcel Engineering, Inc. are contingent upon passing both a background check and drug screening prior to a start date and are subject to random drug screenings during the employment period. In addition, Xcel Engineering is an E-Verify employer.