Cybersecurity Controls & Compliance Analyst

Job description

Overview This position supports the U.S. Department of Energy Office of Scientific and Technical Information (DOE OSTI) in its mission to ensure the long-term preservation and accessibility of DOE scientific and technical information. The role focuses on assessing cybersecurity controls, supporting audit readiness, and ensuring compliance with federal cybersecurity frameworks and OSTI’s internal policies. This is onsite in Oak Ridge, TN. Responsibilities: Essential Duties & Responsibilities: Responsibilities include, but are not limited to the following: - Evaluate and document the effectiveness of cybersecurity controls across OSTI’s network and systems. - Support internal and external audits, including evidence collection, control mapping, and remediation tracking. - Conduct risk assessments and gap analyses aligned with NIST, FISMA, and DOE cybersecurity requirements. - Collaborate with system owners and technical teams to ensure security controls are implemented and maintained. - Monitor compliance with OSTI’s cybersecurity policies, procedures, and standards. - Maintain and update system security plans (SSPs), risk registers, and control documentation. - Assist in the developm...