Senior Information Systems Security Officer

Posting Title Senior Information Systems Security Officer

.

Location Remote

.

Position Type Regular

.

Hours Per Week 40

.

Working at NREL

Join the National Renewable Energy Laboratory (NREL), where world-class scientists, engineers, and experts are accelerating energy innovation through breakthrough research and systems integration. From our mission to our collaborative culture, NREL stands out in the research community for its commitment to an affordable and secure energy future. Spanning foundational science to applied systems engineering and analysis, we focus on solving complex challenges to deliver advanced, secure, reliable, and cost-effective energy solutions. Our work helps strengthen U.S. industries, support job creation, and promote national economic growth.

At NREL, you’ll find a mission-driven environment supported by state-of-the-art facilities, multidisciplinary research teams, and strong collaborations with industry, academia, and other national laboratories. We offer robust professional development opportunities, and a competitive benefits package designed to support your career and well-being.

Learn about NREL’s critical objectives: NREL's Mission and Vision.

Job Description

Summary:

As a Senior Information Systems Security Officer, you serve as the principal advisor on security and privacy for NREL information systems. Reporting to the Information Systems Security Manager, the Senior Information Systems Security Officer assesses information systems and develops system security plans to ensure NREL is appropriately protected from risk.

Job Duties :

• Partner with NREL operational units toidentify, analyze and mitigate security risk for NREL information systems utilizing IT controls.
• Facilitate compliance with NREL’s implementation of the NIST framework, including risk assessment, control design, system authorization, audit assessment and continuous monitoring.
• Maintain policies and procedures that support the security and privacy of NREL’s information technology operating environment.
• Perform security and privacy risk assessments for new systems and significant system changes.
• Develop corrective action plans with process owners to address control design or operating deficiencies.
• Lead projects that improve the effectiveness and efficiency of NREL’s information security program.
• Ensure awareness of security requirements and policies across the organization.

.

Basic Qualifications Relevant Bachelor's Degree and 9 or more years of experience or equivalent relevant education/experience. Or, relevant Master's Degree and 7 or more years of experience or equivalent relevant education/experience. Or, relevant PhD and 4 or more years of experience or equivalent relevant education/experience. Applies extensive IS expertise in specific field and has full knowledge of related disciplines. Evaluates new hardware, software, systems tools and applications and makes procurement recommendations. Excellent leadership and project management skills. Skilled in analytical techniques, practices and problem solving. Extensive programming and architecture abilities with various computer software programs and information systems.

* Must meet educational requirements prior to employment start date.

Additional Required Qualifications

Standard Requirements for All Cyber Positions:

• Ability to perform research, read documentation, and independently learn new skills.
• Ability to work both alone and as part of a collaborative team.
• Demonstrated skills in critical thinking and problem solving.
• Excellent communication skills, including active listening, ability to prepare and deliver presentations, and clear written correspondence and documentation.

Must be able to obtain and maintain a DOE (L or Q) security clearance and SCI access. SCI access may require a polygraph examination.

NOTE: To obtain a clearance, an individual must be at least 18 years of age; U.S. citizenship is required except in very limited circumstances. See DOE Order 472.2 for additional information.

Preferred Qualifications

• Applicable information security certifications (CISSP, CISA, CRISC, FITSP-M or similar).
• Existing active security clearance.
• Experience at DOE national laboratory or similar setting.
• Understanding of relevant information security frameworks (NIST SP 800-53, NIST SP 800-18, COBIT).
• Experience in assessing information systems in accordance with NIST SP 800-53, SOC 2 or SOX IT control requirements.
• Experience in evaluating security, privacy and regulatory compliance requirements.
• Solid understanding of mitigation practices for information security and privacy risks.
• Ability to work with subject matter experts and process owners to agree action plans addressing difficult issues.
• Able to meet deadlines, manage schedules, take initiative, and perform assigned tasks with minimal supervision.

.

Job Application Submission Window

The anticipated closing window for application submission is up to 30 days and may be extended as needed.

Annual Salary Range (based on full-time 40 hours per week) Job Profile: IT Professional IV / Annual Salary Range: $97,800 - $176,000

NREL takes into consideration a candidate’s education, training, and experience, expected quality and quantity of work, required travel (if any), external market and internal value, including seniority and merit systems, and internal pay alignment when determining the salary level for potential new employees. In compliance with the Colorado Equal Pay for Equal Work Act, a potential new employee’s salary history will not be used in compensation decisions.

Benefits Summary Benefits include medical, dental, and vision insurance; short*- and long-term disability insurance; pension benefits*; 403(b) Employee Savings Plan with employer match*; life and accidental death and dismemberment (AD&D) insurance; personal time off (PTO) and sick leave; paid holidays; and tuition reimbursement*. NREL employees may be eligible for, but are not guaranteed, performance-, merit-, and achievement- based awards that include a monetary component. Some positions may be eligible for relocation expense reimbursement. Limited-term positions are not eligible for long-term disability or tuition reimbursement.

* Based on eligibility rules

Badging Requirement NREL is subject to Department of Energy (DOE) access restrictions. All employees must also be able to obtain and maintain a federal Personal Identity Verification (PIV) card as required by Homeland Security Presidential Directive 12 (HSPD-12), which includes a favorable background investigation. Drug Free Workplace

NREL is committed to maintaining a drug-free workplace in accordance with the federal Drug-Free Workplace Act and complies with federal laws prohibiting the possession and use of illegal drugs. Under federal law, marijuana remains an illegal drug.

If you are offered employment at NREL, you must pass a pre-employment drug test prior to commencing employment. Unless prohibited by state or local law, the pre-employment drug test will include marijuana. If you test positive on the pre-employment drug test, your offer of employment may be withdrawn.

Submission Guidelines

Please note that in order to be considered an applicant for any position at NREL you must submit an application form for each position for which you believe you are qualified. Applications are not kept on file for future positions. Please include a cover letter and resume with each position application.

.

Equal Opportunity Employer

All qualified applicants will receive consideration for employment without regard basis of age (40 and over), color, disability, gender identity, genetic information, marital status, domestic partner status, military or veteran status, national origin/ancestry, race, religion, creed, sex (including pregnancy, childbirth, breastfeeding), sexual orientation, and any other applicable status protected by federal, state, or local laws.

Reasonable Accommodations

E-Verify www.dhs.gov/E-Verify For information about right to work, click here for English or here for Spanish.

E-Verify is a registered trademark of the U.S. Department of Homeland Security. This business uses E-Verify in its hiring practices to achieve a lawful workforce.