Information Systems Security Officer (ISSO) - Xcel Engineering

COMPANY OVERVIEW

XCEL Engineering, Inc. is an award-winning small business that provides trusted information technology, engineering, consulting and project management solutions and services to federal agencies and organizations. Originally founded in 1971 by professional engineers at the University of Tennessee, XCEL was acquired in 2003 by U.S. Army and Navy veterans and in 2023 became a MartinFed company.

XCEL Engineering is a part of IT Lab Partners (ITLP) which was created to support a leading research facility in the East Tennessee region in recruiting the best and the brightest technical talent. Considering joining our impressive team today!

JOB OVERVIEW

Xcel Engineering is currently seeking qualified applicants to serve as Information Systems Security Officer (ISSO).The ISSO is a primary stakeholder and facilitator of the continuous monitoring efforts that promote RMF compliance throughout the organization. The ISSO provides direction to IT and infrastructure support personnel on the application of security patches and secure configurations. Routine collaboration and consultation with the ISSM regarding the design, development, integration, and analysis of unclassified information systems. Under general supervision, the candidate is responsible for performing a full range of Information Assurance functions in support of the security needs of the ISSM.

This is a full-time position that will work onsite in Oak Ridge, TN.

ESSENTIAL FUNCTIONS

• Provide assistance to the ISSM and CISO in the certification and accreditation (C&A) of systems/networks and implementation of cybersecurity requirements and procedures across the client site.
• Ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures and as outlined in applicable System Security Plans (SSPs).
• Perform documented procedures for authorizing users to access information systems.
• Develop and maintain SSPs for system C&A.
• Manage Plans of Action and Milestones to closure for information systems under accreditation.
• Provide guidance on policies and controls to support appropriate levels of risk, facilitate risk tolerance discussions and decisions, and recommend controls based on industry standards and practices. Escalate questions/concerns/issues to more senior-level staff as required.
• Participate in internal/external compliance audits, reviews, self-assessments, assessments, and data calls.
• Identify, promote, and make recommendations for process improvements.
• Assist with annual self-inspections, system certification testing, periodic security testing, and functional testing on systems/networks.
• Ensure compliance of all network equipment with applicable DOE and ORNL requirements
• Other duties as assigned for support within the program.

BASIC QUALIFICATIONS

• Bachelor's degree with 5-7 years of relevant experience (ex. cybersecurity assessments, risk management, cybersecurity policy, and compliance, etc.). An equivalent combination of education and experience may be considered.
• Ability to obtain and maintain a DOE Q security clearance or equivalent is required.
• Strong analytical and organizational skills as well as problem solving capabilities to understand Cybersecurity risk and exposure (legal, regulatory violations, etc.) to ORNL.
• Demonstrated experience implementing compliance frameworks (NIST, etc)
• Excellent interpersonal, verbal, written, and presentation communication skills.
• Thorough understanding of industry standards and regulations including NIST 800-53, NIST Risk Management Framework, and NIST Cybersecurity Framework (CSF).
• Working knowledge of privacy regulations and impacts.
• Ability to work independently, meet deadlines, and uphold high ethical standards.

PREFERRED QUALIFICATIONS:

• Active DOE Q or TS security clearance or equivalent.
• Master's degree in information assurance or related field with 4-6 years of relevant experience working in an information security, information technology or information risk management related field.
• Cybersecurity certifications (CISSP, CISA, CISM, CRISC, CCSP, SSCP) and Incident Response Certification
• Privacy management, cybersecurity, evaluating security controls, identifying control gaps, and mitigating measures along with a strong understanding of business practices and technology concepts.
• Highly motivated individual with an enthusiasm for governance, risk and compliance who can communicate benefits and drive success.
• Demonstrated background in governance, risk, and compliance.
• Experience in obtaining Authority to Operate (ATO) for DOE government systems.

PHYSICAL REQUIREMENTS & ENVIRONMENTAL CONDITIONS

• Inside office environment.
• Working on a computer for long periods of time.
• May involve long period of sitting at a desk.

OTHER DUTIES

This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.

Xcel Engineering is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regards to race, color, religion, religious creed, gender, sexual orientation, gender identity, gender expression, transgender, pregnancy, marital status, national origin, ancestry, citizenship status, age, disability, protected Veteran Status, genetics or any other characteristics protected by applicable federal, state or local law.

If you are a qualified individual with a disability or disabled veteran, you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access Xcel Engineering's current openings as a result of your disability. You can request reasonable accommodations by calling 855.212.1810. Thank you for your interest in Xcel Engineering.

All positions at Xcel Engineering, Inc. are contingent upon passing both a background check and drug screening prior to a start date and are subject to random drug screenings during the employment period. In addition, Xcel Engineering is an E-Verify employer.