This job has expired

Cyber Security Policy Analyst

Employer
Princeton University
Location
Princeton, New Jersey

View more

Administrative Jobs
Institutional & Business Affairs, Safety & Security
You need to sign in or create an account to save a job.

Job Details


Cyber Security Policy Analyst

US-NJ-Princeton

Job ID: 2021-12857
Type: Full-Time
# of Openings: 1
Category: Information Technology

Princeton University

Overview

The Princeton Plasma Physics Laboratory is a world-class fusion energy research laboratory managed by Princeton University for the U.S. Department of Energy’s Office of Science. PPPL is dedicated to developing the scientific and technological knowledge base for fusion energy. The Laboratory advances the fields of fusion energy and plasma physics research to develop the scientific understanding and key innovations needed to realize fusion as an energy source for the world.

The PPPL cyber security program is responsible for enabling the science mission by protecting the confidentiality, integrity, and availability of information and information systems using a risk management approach. PPPL seeks a Cyber Security Policy Analyst to help meet the ever-increasing 21st century organizational challenges of cyber security governance, risk, and compliance and provide essential functions and subject matter expertise in several key areas of expanding cyber requirements and responsibility.



Responsibilities

PPPL seeks a qualified candidate to join the cyber security team as a Cyber Security Policy Analyst. This individual will complement existing Governance, Risk, and Compliance (GRC) efforts by working with cyber staff and other stakeholders to develop, review, and maintain cyber security authorization documents, policies, procedures, and other program documents. The policy analyst will be responsible for technical documents associated with the Cyber Security Program Plan (CSPP), System Security Plans, Risk and Threat assessments, and Contingency Plans. Additional responsibilities include preparation of responses to data call requests for cyber program information from stakeholders, assistance with cyber security audits and assessments, participation in external working groups and integrated project teams, and maintenance of plans of action and milestones (POA&Ms).

  • Work with the IT Department, Cyber Security Division, and relevant stakeholders to develop and maintain a suite of cyber security program documents (50%):
    • Cyber Security Authorization Package including the Cyber Security Program Plan, System
    • Security Plans, Risk Assessment, Threat Statement, Contingency Plan.
    • Cyber Security and IT Policies and Procedures
    • Information Security Continuous Monitoring Plan
    • Cyber Security Risk Registry
    • Plan of Action and Milestones
  • Respond to data call requests for information from the Department of Energy (DOE) and internal stakeholders (25%).

  • Continuously monitor and analyze DOE and other Cyber/IT emerging requirements to determine the impact on the organization and to ensure compliance and use of current best practices. Engage with DOE peers and stakeholders and participate in integrated project teams and working groups. (20%)

  • Assist with cyber security audits and assessments including programmatic reviews and management of corrective action plans (5%)



Qualifications

Education and Experience:

  • BA/BS degree in Cyber Security Policy or other Policy field, or a BA/BS degree preferably in a technical field such as computer science, cyber security, information technology, or communications.
  • 5+ years’ experience as a Policy Analyst in Information Technology, Cyber Security, or a related field.
  • Experience working in a US Government environment is desirable.
Knowledge, Skills and Abilities:

  • Excellent technical writing skills (English) and ability to understand and translate complex cyber security requirements into clear and organized written form.
  • Knowledge of Federal, state, and local laws, regulations, policies, and ethics as they relate to cyber security and privacy.
  • Understanding of US Government cyber security standards and methodologies including FISMA, the NIST Cyber Security Framework, NIST 800-37 Risk Management Framework, NIST 800-53 Cyber Security Controls, and the Federal Risk and Authorization Management Program (FedRAMP).
  • Knowledge of other common industry cyber security standards and organizational best practices (e.g. ISO-27000 series, Center for Internet Security).
  • Knowledge of current cyber security threats and vulnerabilities.
  • Understanding of basic and advanced information technology concepts, cloud computing methodologies, systems and network architecture, and security controls.
  • Proficient in use of standard document management and editing software such as Google Workspace tools and Microsoft Office 365 (Word, Excel, PowerPoint).
  • Excellent verbal communication and presentation skills and ability to present security concepts to a wide range of audiences.
Certificates and Licenses:

  • Current CISA or CISSP certification, or equivalent experience.
  • Technical writing certifications are a plus.
Working Conditions:

  • Ability to work in a remote capacity if required by organizational policy.
  • Ability to achieve and maintain a US Government security clearance.

Princeton University is an Equal Opportunity/Affirmative Action Employer and all qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity or expression, national origin, disability status, protected veteran status, or any other characteristic protected by law. EEO IS THE LAW


Please be aware that the Department of Energy (DOE) prohibits DOE employees and contractors from participation in certain foreign government talent recruitment programs. All PPPL employees are required to disclose any participation in a foreign government talent recruitment program and may be required to withdraw from such programs to remain employed under the DOE Contract.

PI143214450

Organization

Princeton entrance

Princeton University is a vibrant community of scholarship and learning that stands in the nation's service and the service of humanity. As a world-renowned research university, Princeton seeks to achieve the highest levels of distinction in the discovery and transmission of knowledge and understanding. At the same time, Princeton is distinctive among research universities in its commitment to undergraduate teaching.

Princeton University facultyOpportunity and Impact

At Princeton, every member of our community plays an important role in our mission of teaching and research. That mission provides every faculty and staff member with the opportunity to make an impact bigger than oneself. Learn about working at Princeton and meet some of our wonderful employees.

 

Services and Resources

When you make a commitment to our teaching and research mission, you will have access to the University’s world-renowned resources to help you succeed at work and in life. Discover the exceptional benefits and unique opportunities we offer as part of our commitment to you.

Work-Life Integration

Life is complicated. At Princeton, we recognize that and are sensitive and responsive to the challenges our employees face. The University offers a broad array of benefits and services that help our staff in a variety of ways.

Explore Our Job OpeningsPrinceton students and prof

Whether you’re already part of our community or just getting to know us for the first time, we invite you to imagine the meaningful difference you can make while working at Princeton. For faculty member and academic professional opportunities, visit the Dean of the Faculty website. For staff member job openings and to join our Talent Network, visit our Careers website.

Connect With Us
LinkedIn
Instagram
Facebook
Snapchat
YouTube

Find Us
Location
United States
You need to sign in or create an account to save a job.

Get job alerts

Create a job alert and receive personalised job recommendations straight to your inbox.

Create alert