Cyber Policy Architect - Cyber Assurance Architect (Experienced) - Hybrid

at  Sandia National Laboratories

ABOUT SANDIA

Sandia National Laboratories is the nation’s premier science and engineering lab for national security and technology innovation, with teams of specialists focused on cutting-edge work in a broad array of areas. Some of the main reasons we love our jobs:

• Challenging work with amazing impact that contributes to security, peace, and freedom worldwide
• Extraordinary co-workers
• Some of the best tools, equipment, and research facilities in the world
• Career advancement and enrichment opportunities
• Flexible work arrangements for many positions include 9/80 (work 80 hours every two weeks, with every other Friday off) and 4/10 (work 4 ten-hour days each week) compressed workweeks, part-time work, and telecommuting (a mix of onsite work and working from home)
• Generous vacations, strong medical and other benefits, competitive 401k, learning opportunities, relocation assistance and amenities aimed at creating a solid work/life balance*

World-changing technologies. Life-changing careers. Learn more about Sandia at: http://www.sandia.gov

• These benefits vary by job classification.

WHAT YOUR JOB WILL BE LIKE

We are seeking a Cyber Assurance Architect to join our team and provide cyber and policy analysis expertise in support of the national security mission of Sandia National Labs. Are you passionate about identifying and engaging in the resolution of complex issues? Do you want to help plan, document, and support the effective implementation of the Cyber Security program across Sandia? If so, consider applying for this great opportunity.

On any given day, you may be called on to:

• Engage in policy analysis, development, and implementation projects for Sandia’s Cyber Security Program.
• Develop cyber security policy, standards, best practices, guidance, and procedures in coordination with the Cyber Assurance, ISSM, Cyber Project Management, and IT Policy teams
• Identify gaps and conflicts in cyber security policy guidance and make recommendations to close identified gaps.
• Maintain up-to-date technical knowledge and interpretation of regulatory requirements and authority documents to include DOE Orders, NNSA directives, NIST Cybersecurity Framework, NIST SP 800-37, NIST SP 800-53, and other requirement drivers.
• Support audit response activities as they pertain to cyber security policy.
• Develop cyber security-related policy briefings, presentations, and white papers for distribution to the diverse user and stakeholder community.
• Work with oversight officials to document frameworks that provide effective information assurance support of program and project mission requirements.
• Act as a cyber security subject matter expert to address customer and stakeholder questions and concerns.

This position is eligible for Hybrid work and the selected applicant must live within a reasonable distance for commuting to the assigned work location when necessary.

QUALIFICATIONS WE REQUIRE

• Bachelor’s degree in Management Information Systems, Information Assurance, Computer Science or other relevant field plus five (5) or more years of relevant experience;
• or Master’s degree in above subject areas or related field;
• or combination of education and experience that are demonstrably equivalent to the requirement above.
• Experience with policy analysis and policy development
• Experience and understanding of the Risk Management Framework as detailed in NIST publications.
• Ability to obtain and maintain a DOE Q clearance

QUALIFICATIONS WE DESIRE

• Active DOE Q or DOD TS security clearance
• Experience working with a federal cyber security program
• Knowledge and experience with DOE Orders/NNSA cyber security directives and policies; relevant federal and private standards and requirements (e.g., NIST, ISO, CNSS, STIGS)
• Previous experience as an Information System Security Manager (ISSM) or Information System Security Officer (ISSO).
• Demonstrated technical writing experience.
• Demonstrated experience partnering across organization
• Familiarity with Sandia Cyber and IT processes and procedures
• Excellent verbal communication skills.

NNSA REQUIREMENTS FOR MEDPEDS

If you have a Medical Portable Electronic Device (MedPED), such as a pacemaker, defibrillator, drug-releasing pump, hearing aids, or diagnostic equipment and other equipment for measuring, monitoring, and recording body functions such as heartbeat and brain waves, if employed by Sandia National Laboratories you may be required to comply with NNSA security requirements for MedPEDs.
If you have a MedPED and you are selected for an on-site interview at Sandia National Laboratories, there may be additional steps necessary to ensure compliance with NNSA security requirements prior to the interview date

Please refer the Job description for details