Privacy CUI Analyst

Venesco is looking for a highly motivated and detail-oriented Cybersecurity Analyst to support NASA’s cybersecurity program. This self-starter will be working within the Agency Office of the Chief Information Officer (OCIO) and will actively participate as a leader in a broad range of Agency-level cybersecurity operations, governance, compliance, budgetary, reporting, and communications tasks in support of a comprehensive cybersecurity, privacy, and controlled unclassified information program.

The Cybersecurity, Privacy and Controlled Unclassified Information (CUI) Analyst will join an existing team of government and contractor professionals who are committed to:  exceeding the expectations of their customer, supporting the success of the team, supporting the NASA missions, adding value for the taxpayer, and actively engaged in educating themselves about the dynamic and evolving cybersecurity, and privacy arenas.

Knowledge, Skills, and Abilities Needed

  • Knowledge of cybersecurity and privacy principles and Federal privacy program governance requirements
  • Knowledge of privacy disclosure statements based on current laws
  • Knowledge of Federal privacy breach response best practices and reporting requirements
  • Knowledge of cybersecurity risk management processes (e.g., methods for assessing, scoring, and mitigating risk)
  • Knowledge of existing and emerging industry technologies’ potential cybersecurity vulnerabilities, issues, and risks
  • Knowledge of NASA’s core business/mission processes
  • Skilled in creating policies that reflect the Agency’s core privacy objectives
  • Skilled in reviewing Privacy Impact Assessments (PIA) to ensure systems and/or applications are utilizing privacy best practices and are following Federal privacy standards.
  • Skilled in communicating with all levels of management especially with C-Level executives (e.g., interpersonal skills, approachability, effective listening skills, appropriate use of style and language for the audience)
  • Skilled in the use of critical thinking to analyze organizational patterns and relationships
  • Ability to monitor advancements in information privacy laws and Federal guidance to ensure organizational adaptation and compliance
  • Ability to interpret and apply laws, regulations, policies, and guidance relevant to organization cybersecurity and privacy objectives
  • Ability to determine whether a security incident violates a privacy principle or legal standard requiring specific legal action
  • Ability to apply critical reading/thinking skills to develop policy, plans, and strategy in compliance with laws, regulations, policies, and/or standards in support of the Agency’s cyber activities and mission needs
  • Ability to deliver high-quality work daily, on deadline, and to ensure factual accuracy of content
  • Ability to recommend and implement process improvements, as necessary, to facilitate team and stakeholder collaboration and improve cybersecurity, privacy, and controlled unclassified information operations

Tasks and Activities

  • Review and assess Privacy Impact Assessments (PIAs) for the appropriate security controls, which protect the confidentiality and integrity of Personally Identifiable Information (PII)
  • Promote awareness of cybersecurity policy and strategy as appropriate among management and technical communities of interest, to ensure sound cybersecurity and privacy principles are reflected in the Agency’s mission, vision, and goals
  • Design/integrate a cybersecurity, privacy, and controlled unclassified information strategy which outlines the vision, mission, and goals and align with the organization’s strategic plan
  • Support the CIO in the formulation of cybersecurity, privacy, and controlled unclassified information related policies
  • Provide cybersecurity, privacy, and controlled unclassified information policy guidance to management, staff, and users
  • Establish and maintain all communication channels with stakeholder communities of interest
  • Facilitate meetings, advocate for civil servant positions, or potentially serve on, NASA and/or interagency cybersecurity, privacy, and controlled unclassified information policy and management boards
  • Collaborate with senior agency leadership and subject matter experts to develop, edit, review and/or streamline communications, presentations, and Congressional testimony on federal cybersecurity, privacy, and controlled unclassified information topics
  • Assist with Agency-level IT Security policies, processes, and procedures to support an Agency-level cybersecurity program built around National Institute of Standards and Technology (NIST) Special Publications (SP) 800-53, SP 800-37, 800-39, 800-160, 800-171, and other relevant NIST information security publications
  • Coordinate communications and facilitate information sharing on Agency-level cybersecurity initiatives and priorities with cybersecurity stakeholders across the NASA Centers and Mission Directorates, and with external federal stakeholders including CISA, DHS, OMB, GAO, and Congress

Minimum Qualifications

  • Bachelor’s Degree, or higher, in subjects of study with a focus on project management, cybersecurity, systems engineering, information assurance, communications, or public administration (i.e. Computer Science, Cybersecurity, Journalism, Public Administration, Public Policy, Political Science, or International Relations)
  • A solid understanding of information technology and cybersecurity best practices and experience with NIST Information Security guidance – especially NIST SP 800-53 and delivering a NIST 800-37 compliant program
  • Knowledge and experience with current federal cybersecurity, privacy, and controlled unclassified information legislation and compliance requirements, including but not limited to FISMA, Privacy Act, HIPPA, COPPA, and OMB Memoranda M-03-22 and M-17-26, etc.
  • Three or more years of experience with C-level executive communications
  • Five years or more of work experience in the fields of information technology, privacy, or cybersecurity
  • Proven ability to take complex issues and distill information, ideas, and concepts to essential elements
  • Understanding of Federal cybersecurity communities of interest and stakeholders–including the ability to articulate the differences between GAO and OIG their stakeholders and constituencies
  • Understanding of Federal privacy communities of interest–including the impact of the Federal Trade Commission and the Federal Privacy Council
  • Understanding of Federal controlled unclassified information communities of interest –including the impact of the National Archives and Records Administration
  • Outstanding written and oral communications and presentation skills
  • US Citizenship

Ideal Candidate

  • An expert multitasker who can quickly triage competing priorities and is comfortable balancing long-term goals with short-term demands
  • A solid communicator who can research and synthesize information from multiple sources and be able to present complex subjects clearly and concisely for executive-level decision makers, both verbally and in writing
  • A seasoned professional who can comprehend a strategic direction set by our Agency customer, and who has the drive to pursue that direction via tactical planning, establishment of goals, and independently execute initiatives, objectives, and deliverables
  • Will hold one or more privacy certifications – prefer a Certified Information Privacy Professional (CIPP), or other privacy industry recognized certification

Venesco LLC, is an equal opportunity and affirmative action employer. Venesco is committed to administering all employment and personnel actions on the basis of merit and free of discrimination based on race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or status as an individual with a disability. Consistent with this commitment, we are dedicated to the employment and advancement of qualified minorities, women, individuals with disabilities, protected veterans, persons of all ethnic backgrounds and religions according to their abilities.

For questions or to submit your résumé, please contact us at careers@venesco.com.