Share this Job

Cyber Governance Team Lead

Date: Nov 17, 2022

Location: Oak Ridge, TN, US, 37830

Company: Oak Ridge National Laboratory

Requisition Id 9291 


Oak Ridge National Laboratory is searching for a Cyber Governance Team Lead to help mature and manage governance, risk, and compliance program initiatives and platform enablement. The successful candidate will collaborate with various groups and directorates across the Oak Ridge National Laboratory complex including, but not limited to: Information Technology, Physical Security, Classification Office, Cyber Security, Lab Internal Audit and Department of Energy (DOE) Office of Science. The successful candidate will manage and lead the Governance Team on security initiatives to ensure appropriate identification of risks, leading policy direction for data and network cyber protection while enabling mission and business objectives. The Cyber Governance Team Lead develops a coordinated approach to policy documents, security control assessments, and risk mitigation strategies to enable metrics and reporting. The selected candidate will report directly to the Cyber Operations Group Leader but be expected to interact as needed directly with all levels within the organization including senior managers, Group and Team Leaders, Enterprise and Data Architects, Cyber Operations, Researchers, and external partners.  Additionally, the role represents ORNL in working groups across DOE OCIO and Office of Science for cyber initiatives.


Major Duties/Responsibilities: 

  • Lead ORNL’s Cyber Governance Team (people, process, technology) across all functions and disciplines
  • Identify, review, and provide analysis and recommendations to meet requirements of applicable laws, regulations, orders, and the contract, and translate into policies, procedures, suggested control structures, analysis/white papers, etc. while aligning with business objectives
  • Provide guidance on policies and controls to support appropriate levels of risk, facilitate risk tolerance discussions and decisions, and recommend controls based on industry standards and practices
  • Lead initiative to mature the Governance, Risk, Compliance (GRC) platform capabilities and tools to improve business processes, risk management and enhance compliance
  • Lead risk management efforts including risk assessment process, identification of risk mitigation strategies, standardized assessment processes, risk management training and mentoring of staff
  • Participate in internal/external compliance audits, reviews, self-assessments, assessments, and data calls
  • Develop, maintain, and present risk, compliance metrics, key process indicators (KPIs) reports and remediation tracking to communicate compliance status of all relevant compliance programs
  • Act as representative with DOE OCIO and Office of Science risk and compliance initiatives
  • Identify, promote, and implement process improvements
  • Work directly with operations and engineering teams to automate and integrate applications and processes


Basic Qualifications:

  • Minimum eight years’ experience in Cyber and bachelor’s degree in related field, though equivalent combination of education and leadership experience will be considered for exceptional candidates
  • Experience writing and implementing Cyber Security Plans at both enterprise and system levels
  • Knowledge of and experience performing security control assessments
  • Experience with analysis and implementation of GRC platforms/tools
  • Strong analytical and organizational skills as well as problem solving capabilities to understand Cyber risk and exposure (legal, regulatory violations, etc.) to ORNL
  • Demonstrated experience implementing compliance frameworks (NIST, etc)
  • Facilitation and project management knowledge, skills and abilities; lead program implementations and proof of value executions
  • Demonstrated excellent interpersonal, verbal, written and presentation communication skills and demonstrated ability to interact with all levels of internal and external stakeholders as well as team members
  • Thorough understanding of industry standards and regulations including HIPAA, Privacy Act, NIST 800-53, NIST Risk Management Framework, and others as applicable
  • Working knowledge of privacy regulations and impacts
  • Experience integrating risk, compliance, and governance groups within an organization; support competing priorities, and provide guidance on how to meet requirements
  • Ability to work independently and meet deadlines
  • Exceptional communication, problem-solving and negotiation skills
  • Demonstrated record of high ethical standards and the ability to operate with integrity and professionalism
  • Ability to obtain and maintain a DOE Q security clearance


Preferred Qualifications:

  • Current active security clearance
  • Experience leading or managing a team both administratively and technically
  • Cyber security experience within a federal government program
  • Privacy management, cyber security, evaluating security controls, identifying control gaps, and mitigating measures along with a strong understanding of business practices and technology concepts
  • Highly motivated individual with an enthusiasm for governance, risk and compliance who can communicate benefits and drive success
  • Experience gaining an Authority to Operate (ATO) for a government system
  • Proven track record of managing and prioritizing tasking and meeting established deadlines
  • Master’s Degree in Information Systems, Business, or related field
  • Seven years’ experience working in an information security, information technology or information risk management related field
  • Cyber Security certifications (CISA, CISM, CRISC, CISSP)


Q clearance:

This position requires the ability to obtain and maintain a clearance from the Department of Energy. As such, this position is a Workplace Substance Abuse (WSAP) testing designated position. WSAP positions require passing a pre-placement drug test and participation in an ongoing random drug testing program.




This position will remain open for a minimum of 5 days after which it will close when a qualified candidate is identified and/or hired.

We accept Word (.doc, .docx), Adobe (unsecured .pdf), Rich Text Format (.rtf), and HTML (.htm, .html) up to 5MB in size. Resumes from third party vendors will not be accepted; these resumes will be deleted and the candidates submitted will not be considered for employment.

If you have trouble applying for a position, please email

ORNL is an equal opportunity employer. All qualified applicants, including individuals with disabilities and protected veterans, are encouraged to apply.  UT-Battelle is an E-Verify employer.

Nearest Major Market: Knoxville