Tennessee Valley Authority Specialist, Cybersecurity Governance - 509649 in CHATTANOOGA, Tennessee
Specialist, Cybersecurity Governance - 509649
Job ID: 509649 Location: CHATTANOOGA, TN Regular/Temporary:
Specialist, Cybersecurity Governance- 509649
Organization: Information Technology
Department: Cybersecurity Governance and Engagement
Location: Chattanooga, Tennessee
Relocation Assistance Offered: Yes, if eligible
Posting Open: 12/4/2019
Posting Close: 12/11/2019 at 11:59pm EST
This person will be accountable for having firm knowledge in a broad range of Information Security disciplines and to educate and drive the implementation and standardization of the TVA enterprise security program. This will involve contributing to the development, maintenance, and implementation of the enterprise security program, and helping to ensure the overall achievement and compliance with the security goals, regulatory requirements and company direction. This person will have security compliance experience, focusing on FISMA, CIP, and SOX, and will exhibit excellent written and oral communication skills. This person will bring some industry insight and information security understanding to TVA. Develops, implements and safeguards TVA cybersecurity practices.
Provide support for the ongoing execution of TVA’s enterprise-wide Federal Information Security Management Act (FISMA) program.
Provide support for the development of FISMA System Security Plans (SSPs) for TVA business units.
Provide support for determining the appropriate Federal Information Processing Standard Publication 199 (FIPS 199) ratings for key TVA business systems across the enterprise.
Provide support in the development of security processes, procedures, and work instructions in support of FISMA requirements.
Provide support for control and vulnerability assessments to identify weaknesses and assess the effectiveness of existing controls, and recommends remedial action.
Plays an advisory role in application development or acquisition projects, to assess security requirements and controls and ensure that security controls are implemented as planned
Provide support for critical projects to ensure that security issues are addressed throughout the project life cycle.
Assist in building business cases to establish, grow and change business groups, functions and technologies and establishes, develops and grows information security, risk and compliance operational security program.
Coordinate with Cybersecurity Operations staff to inter-connect governance needs and operational activities, to include vulnerability assessments and related mitigation activities.
Support the development of security architecture and security policies, principles and standards
Assist in the development of standard awareness and overall education/outreach programs related to information security and establish a mechanism to monitor and measure Information Security Risk understanding and maturity level.
Recommends security configuration and operations standards for security systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems
Recommends and validates baseline security configurations for operating systems, applications, networking and telecommunications equipment
Support internal/external audits and remediation of findings
Provides support to incident investigations. Identify the findings and associated mitigation and ensure they are implemented in a timely fashion. Take these findings and incorporate into long term remediation/prevention efforts
Education — A Bachelor’s Degree in computer science, engineering or a related field of study; or equivalent education, training & experience.
Experience — Five or more years of current and hands on Information Technology experience protecting electronic and information based assets through efforts related to governance, operational security or audit. FISMA, CIP, and SOX experience is highly desired. Audit/Investigations experience is highly desired.
Certification/License, etc — CISSP, CISM, CISA, CPP, CAP or equivalent preferred.
Knowledge/Skills/Abilities — Broad knowledge of business functions and related security needs. Must stay familiar with Federal laws, regulations, and industry best practices for security strategies and technology. Basic Knowledge of FISMA programs and related requirements. Basic experience with CIP and SOX compliance. Excellent ability to research, evaluate and recommend technical solutions. Ability to develop plans and execute complex efforts involving application of advanced technological knowledge. Must demonstrate tact and effective judgment dealing with confidential/sensitive material. Ability to obtain and maintain Secret security clearance required. Candidate may be required to obtain and maintain a security clearance based on position / access requirements and essential job functions.
Equal Employment Opportunity
TVA values and embraces diversity. We encourage all individuals to apply regardless of race, color, national origin, ethnicity, gender, sex, abilities/disabilities, sexual orientation, religion, veteran status and age. We strive to be inclusive of all the people we serve across the Valley.
TVA is an Equal Opportunity employer and complies with all applicable laws and regulations regarding equal employment opportunities. Any applicant or employee who believes s/he has a discrimination claim (including harassment or retaliation) must contact TVA’s Equal Opportunity Compliance office within 45 calendar days of the event or action s/he believes to constitute discrimination, harassment, or retaliation.
All TVA Non-Nuclear employees are covered by TVA's Federal Drug-Free Workplace Program Plan, in accordance with Executive Order 12564, Public Law 100-71 and the Mandatory Guidelines for Federal Workplace Drug Testing. Information regarding the Drug Free Workplace Program can be found at www.samhsa.gov/workplace. TVA Non-Nuclear employees in Testing Designated Positions, including those performing safety-sensitive duties are also subject to random drug testing. TVA Nuclear employees are subject to random alcohol and drug tests in accordance with 10 CFR Part 26 as mandated by the Nuclear Regulatory Commission (NRC).
How to Claim Vet Preference
If you are a U.S. Military Veteran and would like to be considered a preference-eligible veteran for the purposes of your employment application to TVA, please take the necessary actions outlined in the application process. Please submit your military documents each time you apply for a position.
How to Submit Documentation:
1) Upload documents after you complete the application by clicking Careers Home, Cover Letters and Attachments, and Add Attachment, or
2) Email documents to Veteran@tva.gov