Governance, Risk, and Compliance (GRC) Analyst

Founded in 1999 in the beautiful Smoky Mountains of East Tennessee, Cadre5 provides innovative technical solutions to our customers locally and nationally. Our Cadre5 Lab Partners division has partnered with the Information Technology Services Directorate at Oak Ridge National Laboratory (ORNL) to recruit a qualified Governance, Risk, and Compliance (GRC) Analyst to support the Cybersecurity Division’s Governance team for unclassified operations. The successful candidate will implement and manage comprehensive information protection strategies focused on Controlled Unclassified Information (CUI) and Cybersecurity Programs. This role involves developing and enforcing security policies, conducting assessments, and ensuring compliance with relevant Department of Energy (DOE) regulations and standards. The position requires collaboration with various teams across the lab, including Information Technology, Physical Security, Classification Office, Cybersecurity, Lab Enterprise Risk, and Lab Internal Audit.

ORNL delivers scientific discoveries and technical breakthroughs needed to realize solutions in energy and national security and provides economic benefit to the nation. This premier research institution located near Knoxville in Oak Ridge, TN, addresses national needs through impactful research and world-leading research centers.

This is a full-time, permanent position that require on-site work.

Why Cadre5?

• Working with highly talented team members
• 3 weeks’ vacation
• Excellent medical insurance, up to 100% paid by employer and contributions to HSA Plans
  
  
  

Purpose:

The primary responsibility of the Information Protection Specialist is to assist the Information Systems Security Manager (ISSM) and the Chief Information Security Officer (CISO) in ensuring unclassified information security controls are implemented per cybersecurity requirements and procedures across ORNL. This role aligns with the Cybersecurity Division's mission to safeguard critical infrastructure, protect sensitive information, and drive research and innovation. By promoting collaboration, leveraging technology, and adhering to best practices, we ensure the resilience and integrity of our digital landscape while empowering stakeholders with secure solutions.

Duties and Responsibilities:

The Information Protection Specialist will assist the ISSM and CISO in managing the CUI program at ORNL. Responsibilities include providing guidance on the ORNL CUI program and ensuring compliance with applicable DOE and ORNL information protection requirements.

Job Responsibilities:

• Provide assistance to the ISSM and CISO in the implementation of the Controlled Unclassified Information (CUI) program across the Oak Ridge National Laboratory (ORNL)
• Develop, implement, and maintain policies and procedures for handling and protecting CUI.
• Ensure compliance with federal regulations, such as Executive Order 13556, and 32 CFR Part 2002.
• Monitor compliance with CUI policies and procedures.
• Maintain thorough documentation of all CUI-related policies, procedures, and incidents.
• Continuously evaluate and improve the CUI program to address evolving threats and regulatory changes.
• Ensure that all activities and practices within ORNL comply with applicable laws, regulations, and guidelines related to CUI.
• Serve as a point of contact for compliance audits and reviews related to CUI.
• Identify, promote, and make recommendations for process improvements with applicable DOE and ORNL requirements.
• Other duties as assigned for support within the program.
  
  
  

Basic Qualifications:

• Bachelor’s degree with 2-4 years of relevant experience in information security, cybersecurity, assessments, risk management, or cybersecurity policy and compliance. An equivalent combination of education and experience may be considered.
• Ability to obtain and maintain a DOE Q security clearance or equivalent.
• Strong analytical and organizational skills, problem-solving capabilities, and experience implementing compliance programs such as Export Controlled Information (ECI), Classified Material Protection and Control (CMPC), or Official Use Only (OUO).
• Excellent interpersonal, verbal, written, and presentation communication skills.
• Thorough understanding of industry standards and regulations including Executive Order 13556, and 32 CFR Part 2002.
• Working knowledge of privacy regulations and impacts such as GDPR and HIPAA.
• Ability to work independently, meet deadlines, and uphold high ethical standards.
• Experience performing self-assessments to comply with DOE or other government agency directives.
• The ability to obtain and maintain a Department of Energy "Q" clearance is required. This requires US Citizenship.
  
  
  

Preferred Qualifications:

• Active DOE Q or TS security clearance or equivalent.
• Master’s degree in information assurance or related field with 1-3 years of relevant experience in information assurance, application security or related field.
• Knowledge of NIST Risk Management Framework, and NIST Cybersecurity Framework.
• Experience with evaluating security controls, and mitigating measures along with a strong understanding of business practices and technology concepts.
• Demonstrated background in governance, risk, and compliance.
  
  
  

Benefits

Cadre5 offers excellent pay and benefits, to include full medical, dental, and vision coverage coupled with 401K match, 15 days PTO, and 10 holidays.

Cadre5 is an equal opportunity employer. All qualified applicants, including individuals with disabilities and protected veterans, are encouraged to apply. Cadre5 is an E-Verify Employer.