Job Title: Cyber Policy & Strategy Planner
Location: Oak Ridge, TN (Hybrid)
Clearance Required: Q Clearance
Travel Required: Yes
Travel Frequency: 50% initially to catch up, then drops to 25% (approx. 20 trips)
Position Overview:
We are seeking a skilled Cyber Policy & Strategy Planner to join our team in Oak Ridge, TN. This hybrid position requires a dynamic individual with a strong background in cybersecurity policies, strategies, and compliance. The ideal candidate will have a comprehensive understanding of NIST requirements, DFARS requirements, and a proven ability to work collaboratively with vendors to assess and ensure compliance with cybersecurity standards.
Key Responsibilities:
- Interpret and analyze cybersecurity plans submitted by vendors to determine compliance with NIST requirements.
- Communicate effectively with vendor IT and Cyber staff to clarify and address compliance issues.
- Conduct assessments and document assessment results for NIST SP 800-171 security controls.
- Aggregate risks for NIST SP 800-171 security controls into an overall risk assessment for non-federal information systems processing Controlled Unclassified Information (CUI) data.
- Develop and maintain documentation regarding vendor compliance with NIST 800-171 standards.
- Correspond with vendors to correct deficiencies and ensure compliance.
- Attend meetings to discuss compliance status and provide updates to stakeholders.
- Provide subject matter expertise on NIST SP 800-53, NIST SP 800-53A, and other relevant cybersecurity frameworks.
- Collaborate with cross-functional teams to develop and implement cybersecurity policies and strategies.
Qualifications and Skills:
- General understanding of cyber requirements and best practices.
- Strong knowledge and experience with NIST 800-171, NIST SP 800-53, and NIST SP 800-53A.
- Familiarity with DFARS requirements for processing CUI data on non-federal information systems.
- Ability to assess and document cybersecurity controls and provide comprehensive risk assessments.
- Excellent written and verbal communication skills for effective interaction with vendors and stakeholders.
- Certification as a Certified CMMC Professional (CCP) or Certified CMMC Assessor (CCA) is preferred.
- Training associated with the assessment of NIST security controls is highly desirable.
Specific Deliverables:
- Determination documentation on vendor NIST 800-171 compliance.
- Effective correspondence with vendors to address and resolve compliance deficiencies.
- Regular attendance and participation in compliance status meetings.
*Duties and responsibilities in this Job listing are not all inclusive and subject to change. For more specific information, please reach out the Rampant Hiring Team.