Collaborate with mission stakeholders to create a risk based cyber security program. • Proactively plan security solutions for NREL mission and partners. • Build and maintain a multi-year cyber security roadmap for NREL. • Formulate and manage a direct-funded cyber security budget. • Lead and manage a team of cyber security architects, engineers, analysts and administrators; providing guidance, performance goals, and feedback. • Become an active participant with a team of Cyber Security Managers across the DOE laboratory/plant complex. • Work with DOE representatives from the Office of the Undersecretary of Energy, the Energy Efficiency (EE) program, and the DOE Golden Field Office (GFO). • Lead the implementation, maintenance, enhancement, and documentation of NREL’s Cyber Security Program (e.g. System Security Plans (SSP), Business Impact Analysis and Assessment, Contingency Plan, Disaster Recovery, Continuity of Operations, etc.) • Be responsible for Cyber Security related audits, site assists visits, and action plans resulting from these assessments. • Evaluate and incorporate government requirements into NREL’s Cyber Security Program, including reviewing, calculating impacts, and commenting on DOE draft directives. • Promote awareness of security issues, including developing and conducting Cyber Security Awareness Training. • Develop, maintain, publish and oversee up-to-date security policies, standards and guidelines. Create, communicate and implement a risk-based process for vendor risk management, including assessment and treatment for risks that may result from partners, consultants and other service providers. • Develop and oversee effective disaster recovery policies and standards to align with enterprise business continuity management program goals. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security incident, and provide direction, support and in-house consulting in these areas. • Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security. • Be visible and available with mission and operations leadership to provide guidance and expert advice, strategy, plans and policy.
|