The National Renewable Energy Laboratory (NREL), located in beautiful Golden, Colorado, is a leader in the U.S. Department of Energy's effort to secure an energy future for the nation that is environmentally and economically sustainable.
Cyber Security Manager and Chief Information Security Officer Job Req #R2609
Job Summary The NREL Cyber Security Manager and Chief Information Security Officer will lead Laboratory's Cyber Security Program with a focus on advancing NREL's mission in Renewable Energy and Energy Efficiency. Utilizing a risk-based approach, this individual will serve as the technical advisor on information technology security issues, and provide direction and guidance to plan, coordinate, implement, update, and effectively communicate a proactive program by presenting advanced knowledge of information systems security concepts for new or alternative solutions to complex computing security issues, while constantly being mindful of advancing the mission and balancing risk. The Cyber Security Manager is a member of the Information Technology Services Leadership Team, and advises NREL executive management and DOE on the feasibility of program and policy options.
Collaborate with mission stakeholders to create a risk-based cyber security program.
Proactively plan security solutions for NREL mission and partners.
Work with the Information Technology Services Leadership Team to build and maintain a multi-year cyber security roadmap for NREL.
Formulate and manage a direct-funded cyber security budget.
Lead and manage a team of cyber security architects, engineers, analysts and administrators; providing guidance, performance goals, and feedback.
Become an active participant with a team of Cyber Security Managers across the DOE laboratory/plant complex.
Work with DOE representatives from the Office of the Undersecretary for Science and Energy, the Energy Efficiency and Renewable Energy (EERE) program, and the DOE Golden Field Office (GFO).
Lead the Cyber Security team in the implementation, maintenance, enhancement, and documentation of NREL's Cyber Security Program (e.g. System Security Plans (SSP), Business Impact Analysis and Assessment, Contingency Plan, Disaster Recovery, Continuity of Operations, etc.)
Be responsible for Cyber Security related audits, site assists visits, and action plans resulting from these assessments.
Evaluate and incorporate government requirements into NREL's Cyber Security Program, including reviewing, calculating impacts, and commenting on DOE draft directives.
Promote awareness of security issues, including developing and conducting Cyber Security Awareness Training.
Develop, maintain, publish and oversee up-to-date security policies, standards and guidelines. Create, communicate and implement a risk-based process for vendor risk management, including assessment and treatment for risks that may result from partners, consultants and other service providers.
Develop and oversee effective disaster recovery policies and standards to align with enterprise business continuity management program goals. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security incident, and provide direction, support and in-house consulting in these areas.
Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security.
Be visible and available with mission and operations leadership to provide guidance and expert advice, strategy, plans and policy.
EEO Policy / E-Verify
NREL's policy is to provide equal employment opportunities to all qualified persons without regard to race, age, color, sex, religion, national origin, marital or veteran status, or any other legally protected status.
NREL validates right to work using E-Verify. NREL will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS), with information from each new employee's Form I-9 to confirm work authorization. For additional information, please click here http://www.nrel.gov/employment/eeo.html.
Pre-employment drug testing required.
Submit Your Resume Please apply online at: www.nrel.gov/careers and search for Req R2609
Please note that in order to be considered an applicant for any position at NREL you must submit an application form for each position for which you believe you are qualified. Applications are not kept on file for future positions. Please include a cover letter and resume with each position application.
Required Knowledge, Skills and Attributes
Demonstrated knowledge of legal and ethical management issues and practices. In-depth knowledge of the issues and best practices in the applicable field of expertise. Generally viewed as subject matter expert for group or work units.
Excellent organization, project management, budgeting, interpersonal and communication skills. Proven problem-solving and negotiation skills. Demonstrated ability to make appropriate decisions regarding work activities and projects. Demonstrated ability to effectively lead and direct personnel with diverse skills, work styles and values.
Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
Proven track record and experience developing information security policies and procedures and successfully executing programs that meet objectives of excellence in a dynamic environment.
Poise and ability to act calmly and competently in high-pressure, high-stress situations.
Must be a critical thinker with strong problem-solving skills.
Knowledge and understanding of relevant legal and regulatory requirements, such as NIST, DOE, and OMB directives.
Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
High level of personal integrity and the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.
High degree of initiative, dependability and ability to work with little supervision.
Knowledge of network related protocols and security event log management and reporting tools.
Exceptional collaboration, negotiation, and marketing skills to communicate with technical and nontechnical internal and external audiences.
Demonstrated competency in strategic, analytical, and conceptual thinking, with strong abilities in leadership and relationship management.
Proven success in diplomacy within the laboratory initiatives and staff, with the ability to understand the political climate of the laboratory and how to successfully navigate the politics.
Must have or be able to obtain a “Q” Security Clearance.
Previous management and budget adherence experience may be required.
Degree in appropriate field may also be required.
Required Education, Experience, and Skills
Previous management, budget development and/or significant leadership in an individual contributor role required. Degree in appropriate field is required. Demonstrated skill in dealing with legal and ethical management issues and practices. Broad and in-depth knowledge of the issues and best practices in the applicable field of expertise. Excellent organization, project management, budgeting, interpersonal and communication skills. Proven problem-solving and negotiation skills. Ability to collaborate with individuals at all levels of the organization. Demonstrated ability to effectively lead and direct personnel with diverse skills, work styles and values, both directly and through subordinate management.
Experience in building a reputation of strategic partnership with peers, laboratory staff, and management.
Strong combination of collaboration and leadership skills.
Bachelors Degree in technology or related field or equivalent work-related experience.
Minimum of eight to ten years experience in a combination of risk management, information security and information technology positions – at least four must be in a leadership role. Employment history must demonstrate increasing levels of responsibility.