Location: Amarillo, TX
Job Title: Cyber Policy Developer/Planner
Career Level From: Specialist
Career Level To: Senior Specialist
Organization: Chief Information Security Off (50003144)
Job Specialty: Cyber Security
What You'll Do
• Analyze, assess, and develop policy, programs, and guidelines for implementation.
• Draft, staff, and publish cyber policy, procedures, checklists, and other formalized mission documentation.
• Participate on agency and interagency policy boards.
• Ensure that cyber workforce management policies and processes comply with legal and organizational requirements regarding equal opportunity, diversity, and fair hiring/employment practices.
• Interpret and apply applicable laws, statutes, and regulatory documents and integrate into policy.
• Assess policy needs and collaborate with stakeholders to develop policies to govern cyber activities.
• Define and integrate policy for current and future mission requirements.
• Monitor the rigorous application of cyber policies, principles, and practices in the delivery of planning and management services.
• Provide policy guidance to cyber management, staff, and users.
• Review, conduct, or participate in audits of cyber programs and projects.
• Support the chief information officer and chief information security officer in the formulation of cyber-related policies.
What You Can Expect
- Meaningful work and unique opportunities to support missions vital to national and global security
- Top-notch, dedicated colleagues
- Generous pay and benefits with a stable organization
- Career advancement and professional development programs
- Work-life balance fostered through flexible work options and wellness initiatives
Minimum Job Requirements
- Bachelor's degree in engineering/science/information technology discipline with a minimum of 4 years of relevant experience
- OR Master's degree in engineering/science/information technology discipline with a minimum of 2 years of relevant experience
- OR PhD in engineering/science/information technology discipline.
- Knowledge of computer networking concepts and protocols, and network security methodologies.
- Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
- Knowledge of cybersecurity and privacy principles as well as cyber threats and vulnerabilities.
- Skill in administrative planning activities, to include preparation of functional and specific support plans, preparing and managing correspondence, and staffing procedures.
Preferred Job Requirements
• Knowledge of the organization's core business/mission processes.
• Knowledge of emerging technologies that have potential for exploitation.
• Knowledge of current and emerging cyber technologies.
• Knowledge of the National Institute of Standards and Technologies Risk Management Framework and 800-series documents.
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list).
• Skill in preparing plans and related correspondence.
• Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.
• Ability to leverage best practices and lessons learned of external organizations and academic institutions dealing with cyber issues.
• Knowledge of the DOE/NNSA cyber work environments, exposure to levels of leadership, customer, NNSA sites.
