Location: Amarillo, TX
Job Title: Cyber Policy Developer/Planner
Career Level From: Specialist
Career Level To: Senior Specialist
Organization: Chief Information Security Off (50003144)
Job Specialty: Cyber Security
• Analyze, assess, and develop policy, programs, and guidelines for implementation.
• Draft, staff, and publish cyber policy, procedures, checklists, and other formalized mission documentation.
• Participate on agency and interagency policy boards.
• Ensure that cyber workforce management policies and processes comply with legal and organizational requirements regarding equal opportunity, diversity, and fair hiring/employment practices.
• Interpret and apply applicable laws, statutes, and regulatory documents and integrate into policy.
• Assess policy needs and collaborate with stakeholders to develop policies to govern cyber activities.
• Define and integrate policy for current and future mission requirements.
• Monitor the rigorous application of cyber policies, principles, and practices in the delivery of planning and management services.
• Provide policy guidance to cyber management, staff, and users.
• Review, conduct, or participate in audits of cyber programs and projects.
• Support the chief information officer and chief information security officer in the formulation of cyber-related policies.
• Knowledge of the organization's core business/mission processes.
• Knowledge of emerging technologies that have potential for exploitation.
• Knowledge of current and emerging cyber technologies.
• Knowledge of the National Institute of Standards and Technologies Risk Management Framework and 800-series documents.
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list).
• Skill in preparing plans and related correspondence.
• Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.
• Ability to leverage best practices and lessons learned of external organizations and academic institutions dealing with cyber issues.
• Knowledge of the DOE/NNSA cyber work environments, exposure to levels of leadership, customer, NNSA sites.
If a range of Career Levels is posted, i.e., Senior Associate to Senior Specialist, internal applicants already in one of the Career Levels would come across at their current Career Level. Internal applicants currently in a lower level Career Level would move to the lowest posted Career Level.
Requires a Q clearance; however all qualified candidates will be considered regardless of their current clearance status. The ability to obtain and maintain a Department of Energy Q clearance is required.
Position may require entry into Materials Access Areas (MAA) and participation in the Human Reliability Program (HRP). If HRP is required, candidate must complete a counterintelligence-scope polygraph, pursuant to 10CFR 709. Medical requirements may apply.
CNS is a drug-free workplace. Candidates accepting a job offer will be required to pass a pre-placement physical, drug screening and background investigation. As an employee, you may be required to receive and maintain a security clearance from the United States Department of Energy in order to meet eligibility requirements for access to sensitive information or matter. U.S. citizenship is a requirement for security clearance applicants. All employees are subject to being randomly selected for drug testing without advance notification.
CNS is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, gender, sexual orientation, gender identity, age, religion, national origin, ancestry, genetic information, disability or veteran status.