Job ID: 2022-15225 Type: Full-Time # of Openings: 1 Category: Information Technology
The PPPL cyber security program is responsible for enabling the science mission by protecting the confidentiality, integrity, and availability of information and information systems using a risk management approach. PPPL seeks a Cyber Security Policy Analyst to help meet the ever-increasing 21st century organizational challenges of cyber security governance, risk, and compliance and provide essential functions and subject matter expertise in several key areas of expanding cyber requirements and responsibility.
PPPL seeks a qualified candidate to join the cyber security team as a Cyber Security Policy Analyst. This individual will complement existing Governance, Risk, and Compliance (GRC) efforts by working with cyber staff and other stakeholders to develop, review, and maintain cyber security authorization documents, policies, procedures, and other program documents. The policy analyst will be responsible for technical documents associated with the Cyber Security Program Plan (CSPP), System Security Plans, Risk and Threat assessments, and Contingency Plans. Additional responsibilities include preparation of responses to data call requests for cyber program information from stakeholders, assistance with cyber security audits and assessments, participation in external working groups and integrated project teams, and maintenance of plans of action and milestones (POA&Ms).
Are you interested in joining the world’s brightest talent in solving some of the world’s grandest scientific challenges of the 21st century? Princeton Plasma Physics Laboratory (PPPL) is doing just that! Whether it be through science, engineering, technology or professional services, every team member has an opportunity to make their mark on our world. PPPL aims to attract and support people with a rich variety of backgrounds, interests, experiences, and cultural viewpoints. We are committed to equity, diversity, and inclusion and believe that each member of our team contributes to our scientific mission in their own unique way. Come join us!
50%- Work with the IT Department, Cyber Security Division, and relevant stakeholders to develop and maintain a suite of cyber security program documents:
Cyber Security Authorization Package including the Cyber Security Program Plan, System Security Plans, Risk Assessment, Threat Statement, Contingency Plan.
Cyber Security and IT Policies and Procedures.
Information Security Continuous Monitoring Plan.
Cyber Security Risk Registry.
Plan of Action and Milestones.
25%- Respond to data call requests for information from the Department of Energy (DOE) and internal stakeholders.
20%- Continuously monitor and analyze DOE and other Cyber/IT emerging requirements to determine the impact on the organization and to ensure compliance and use of current best practices. Engage with DOE peers and stakeholders and participate in integrated project teams and working groups.
5%- Assist with cyber security audits and assessments including programmatic reviews and management of corrective action plans.
Education and Experience:
BA/BS degree in Cyber Security Policy or other Policy field, or a BA/BS degree preferably in a technical field such as computer science, cyber security, information technology, or communications.
5+ years’ experience as a Policy Analyst in Information Technology, Cyber Security, or a related field.
Experience working in a US Government environment is desirable.
Knowledge, Skills and Abilities:
Excellent technical writing skills (English) and ability to understand and translate complex cyber security requirements into clear and organized written form.
Knowledge of Federal, state, and local laws, regulations, policies, and ethics as they relate to cyber security and privacy.
Understanding of US Government cyber security standards and methodologies including FISMA, the NIST Cyber Security Framework, NIST 800-37 Risk Management Framework, NIST 800-53 Cyber Security Controls, and the Federal Risk and Authorization Management Program (FedRAMP).
Knowledge of other common industry cyber security standards and organizational best practices (e.g. ISO-27000 series, Center for Internet Security).
Knowledge of current cyber security threats and vulnerabilities.
Understanding of basic and advanced information technology concepts, cloud computing methodologies, systems and network architecture, and security controls.
Proficient in use of standard document management and editing software such as Google Workspace tools and Microsoft Office 365 (Word, Excel, PowerPoint).
Excellent verbal communication and presentation skills and ability to present security concepts to a wide range of audiences.
Certificates and Licenses:
Current CISA or CISSP certification, or equivalent experience.
Technical writing certifications are a plus.
Ability to work in a remote capacity if required by organizational policy.
Ability to achieve and maintain a US Government security clearance.
Princeton University is an Equal Opportunity/Affirmative Action Employer and all qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity or expression, national origin, disability status, protected veteran status, or any other characteristic protected by law. EEO IS THE LAW
Please be aware that the Department of Energy (DOE) prohibits DOE employees and contractors from participation in certain foreign government talent recruitment programs. All PPPL employees are required to disclose any participation in a foreign government talent recruitment program and may be required to withdraw from such programs to remain employed under the DOE Contract.
Princeton University is a vibrant community of scholarship and learning that stands in the nation's service and in the service of all nations. Chartered in 1746, Princeton is the fourth-oldest college in the United States. Princeton is an independent, coeducational, nondenominational institution that provides undergraduate and graduate instruction in the humanities, social sciences, natural sciences and engineering.As a world-renowned research university, Princeton seeks to achieve the highest levels of distinction in the discovery and transmission of knowledge and understanding. At the same time, Princeton is distinctive among research universities in its commitment to undergraduate teaching.Today, more than 1,100 faculty members instruct approximately 5,200 undergraduate students and 2,600 graduate students. The University's generous financial aid program ensures that talented students from all economic backgrounds can afford a Princeton education.