Cyber Security Policy Analyst
Full-Time# of Openings:
The Princeton Plasma Physics Laboratory is a world-class fusion energy research laboratory managed by Princeton University for the U.S. Department of Energy’s Office of Science. PPPL is dedicated to developing the scientific and technological knowledge base for fusion energy. The Laboratory advances the fields of fusion energy and plasma physics research to develop the scientific understanding and key innovations needed to realize fusion as an energy source for the world. The PPPL cyber security program is responsible for enabling the science mission by protecting the confidentiality, integrity, and availability of information and information systems using a risk management approach. PPPL seeks a Cyber Security Policy Analyst to help meet the ever-increasing 21st century organizational challenges of cyber security governance, risk, and compliance and provide essential functions and subject matter expertise in several key areas of expanding cyber requirements and responsibility.Responsibilities
PPPL seeks a qualified candidate to join the cyber security team as a Cyber Security Policy Analyst. This individual will complement existing Governance, Risk, and Compliance (GRC) efforts by working with cyber staff and other stakeholders to develop, review, and maintain cyber security authorization documents, policies, procedures, and other program documents. The policy analyst will be responsible for technical documents associated with the Cyber Security Program Plan (CSPP), System Security Plans, Risk and Threat assessments, and Contingency Plans. Additional responsibilities include preparation of responses to data call requests for cyber program information from stakeholders, assistance with cyber security audits and assessments, participation in external working groups and integrated project teams, and maintenance of plans of action and milestones (POA&Ms).
QualificationsEducation and Experience:
- Work with the IT Department, Cyber Security Division, and relevant stakeholders to develop and maintain a suite of cyber security program documents (50%):
- Cyber Security Authorization Package including the Cyber Security Program Plan, System
- Security Plans, Risk Assessment, Threat Statement, Contingency Plan.
- Cyber Security and IT Policies and Procedures
- Information Security Continuous Monitoring Plan
- Cyber Security Risk Registry
- Plan of Action and Milestones
- Respond to data call requests for information from the Department of Energy (DOE) and internal stakeholders (25%).
- Continuously monitor and analyze DOE and other Cyber/IT emerging requirements to determine the impact on the organization and to ensure compliance and use of current best practices. Engage with DOE peers and stakeholders and participate in integrated project teams and working groups. (20%)
- Assist with cyber security audits and assessments including programmatic reviews and management of corrective action plans (5%)
Knowledge, Skills and Abilities:
- BA/BS degree in Cyber Security Policy or other Policy field, or a BA/BS degree preferably in a technical field such as computer science, cyber security, information technology, or communications.
- 5+ years’ experience as a Policy Analyst in Information Technology, Cyber Security, or a related field.
- Experience working in a US Government environment is desirable.
Certificates and Licenses:
- Excellent technical writing skills (English) and ability to understand and translate complex cyber security requirements into clear and organized written form.
- Knowledge of Federal, state, and local laws, regulations, policies, and ethics as they relate to cyber security and privacy.
- Understanding of US Government cyber security standards and methodologies including FISMA, the NIST Cyber Security Framework, NIST 800-37 Risk Management Framework, NIST 800-53 Cyber Security Controls, and the Federal Risk and Authorization Management Program (FedRAMP).
- Knowledge of other common industry cyber security standards and organizational best practices (e.g. ISO-27000 series, Center for Internet Security).
- Knowledge of current cyber security threats and vulnerabilities.
- Understanding of basic and advanced information technology concepts, cloud computing methodologies, systems and network architecture, and security controls.
- Proficient in use of standard document management and editing software such as Google Workspace tools and Microsoft Office 365 (Word, Excel, PowerPoint).
- Excellent verbal communication and presentation skills and ability to present security concepts to a wide range of audiences.
- Current CISA or CISSP certification, or equivalent experience.
- Technical writing certifications are a plus.
- Ability to work in a remote capacity if required by organizational policy.
- Ability to achieve and maintain a US Government security clearance.
Princeton University is an Equal Opportunity/Affirmative Action Employer
and all qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity or expression, national origin, disability status, protected veteran status, or any other characteristic protected by law. EEO IS THE LAW
Please be aware that the Department of Energy (DOE) prohibits DOE employees and contractors from participation in certain foreign government talent recruitment programs. All PPPL employees are required to disclose any participation in a foreign government talent recruitment program and may be required to withdraw from such programs to remain employed under the DOE Contract.