Share this Job

Information System Security Officer

Date: Jun 4, 2022

Location: Oak Ridge, TN, US, 37830

Company: Oak Ridge National Laboratory

Requisition Id 8206 


Oak Ridge National Laboratory is currently seeking qualified applicants to serve as Information Systems Security Officer (ISSO) to support the Information Technology Service Division for unclassified operations. The successful candidate should have a basic understanding of all aspects of cybersecurity. The candidate will collaborate with other teams across the lab, to include Information Technology, Physical Security, Classification Office, Cybersecurity, Lab Enterprise Risk, Lab Internal Audit, and others as appropriate.


 Primary Responsibilities:

  • Provide assistance to the Information Systems Security Manager (ISSM) and Chief Information Security Officer (CISO) in the certification and accreditation (C&A) of systems/networks and implementation of cybersecurity requirements and procedures across the Oak Ridge National Laboratory (ORNL)
  • Ensure systems are operated, maintained, and disposed of in accordance with DOE security policies and procedures and as outlined in applicable System Security Plans (SSPs).
  • Establish and perform documented procedures for authorizing users to information systems
  • Develop and maintain SSPs for system C&A.
  • Identify, review, and provide analysis and recommendations to meet requirements of applicable laws, regulations, orders, and the contract, translate into policies, procedures, suggested control structures, analysis/white papers, aligning with business objectives
  • Provide guidance on policies and controls to support appropriate levels of risk, facilitate risk tolerance discussions and decisions, and recommend controls based on industry standards and practices
  • Participate in internal/external compliance audits, reviews, self-assessments, assessments, and data calls
  • Identify, promote, and implement process improvements


Qualifications Required:             

  • Bachelor’s degree in IT, Cybersecurity, Information Assurance, or related field and at least 5 years of experience in cybersecurity policy, risk management, governance, and compliance through a combination of education and experience may be considered for exceptional candidates.
  • Experience in security control assessments, Master Plans, and Cybersecurity program plans
  • Strong analytical and organizational skills as well as problem solving capabilities to understand Cybersecurity risk and exposure (legal, regulatory violations, etc.) to ORNL
  • Demonstrated experience implementing compliance frameworks (NIST, etc)
  • Facilitation and project management knowledge, skills and abilities; lead program implementations
  • Demonstrated excellent interpersonal, verbal, written and presentation communication skills and demonstrated ability to interact with all levels of internal and external stakeholders
  • Strong customer service, networking, and teamwork skills with all levels of internal and external personnel, demonstrated ability to work with all levels of an organization
  • Thorough understanding of industry standards and regulations including PCI, HIPAA, Privacy Act, NIST 800-53, NIST Risk Management Framework, FAIR
  • Working knowledge of privacy regulations and impacts
  • Ability to work independently and meet deadlines
  • High ethical standards and operates with integrity and professionalism
  • Must be able to obtain and maintain a DOE Q security clearance


Preferred Qualifications:            

  • Master’s Degree in Information Assurance or related field
  • Minimum five years’ experience working in an information security, information technology or information risk management related field
  • Cybersecurity certifications (CISA, CISM, CRISC, CISSP, CCSP, SSCP)
  • Incident Response Certification
  • Privacy management, cybersecurity, evaluating security controls, identifying control gaps, and mitigating measures along with a strong understanding of business practices and technology concepts
  • Highly motivated individual with an enthusiasm for governance, risk and compliance who can communicate benefits and drive success
  • Experience gaining an Authority to Operate (ATO) for a government system
  • Proven track record of prioritizing tasking and meeting established deadlines
  • Active DOE Q or TS clearance


Special Requirement:

This position requires the ability to obtain and maintain a clearance from the Department of Energy. As such, this position is a Workplace Substance Abuse (WSAP) testing designated position. WSAP positions require passing a pre-placement drug test and participation in an ongoing random drug testing program.


This position will remain open for a minimum of 5 days after which it will close when a qualified candidate is identified and/or hired.

We accept Word (.doc, .docx), Adobe (unsecured .pdf), Rich Text Format (.rtf), and HTML (.htm, .html) up to 5MB in size. Resumes from third party vendors will not be accepted; these resumes will be deleted and the candidates submitted will not be considered for employment.

If you have trouble applying for a position, please email

ORNL is an equal opportunity employer. All qualified applicants, including individuals with disabilities and protected veterans, are encouraged to apply.  UT-Battelle is an E-Verify employer.

Nearest Major Market: Knoxville