Cybersecurity Risk Management Jobs in Tennessee (NOW HIRING)

Napakiak Environmental and Construction (NEC) is a leading provider of information technology, technology development, and environmental and construction services, specializing in Federal and Commercial projects. Our company is committed to delivering high-quality solutions that meet stringent regulatory standards and client requirements.

We are seeking a highly experienced and mission-focused Information System Security Manager (ISSM) to lead cybersecurity efforts supporting a commercial-style manufacturing operation performing work funded through the Department of Energy. This position operates within the nuclear sector and supports advanced technology development and manufacturing technology deployment. The environment is fast-moving, engineering-driven, and focused on delivering real operational outcomes, requiring cybersecurity leadership that enables innovation while maintaining strong security and compliance. The ISSM will serve as the senior cybersecurity authority responsible for guiding the implementation, oversight, and continuous improvement of the organization's information security program. This role requires a professional who understands how to balance federal cybersecurity requirements with the realities of operational and manufacturing environments. The ideal candidate will lead efforts that ensure systems remain secure and compliant while supporting the mission of deploying advanced technologies and manufacturing capabilities. This position will work closely with engineering leadership, program managers, IT personnel, operational teams, and external stakeholders to ensure cybersecurity is integrated into system design, manufacturing technology deployment, and operational execution. The ISSM must be able to interpret federal cybersecurity requirements and guide teams in implementing those requirements in practical ways that allow work to move forward efficiently and securely. The role will oversee cybersecurity activities aligned with federal standards including NIST Special Publication 800-53, which defines security and privacy controls for federal information systems, and NIST Special Publication 800-82, which addresses cybersecurity considerations for industrial control systems and operational technology environments. Because the environment includes advanced manufacturing and operational technologies, the ISSM will guide security practices across both traditional IT systems and operational technology. The ISSM will lead Risk Management Framework activities including oversight of system authorization packages, system security plans, security control implementation, vulnerability management programs, and continuous monitoring strategies. This role will coordinate cybersecurity assessments, guide remediation efforts, and ensure documentation and reporting remain accurate and audit-ready. The ISSM will also provide strategic guidance to leadership regarding cybersecurity risk, compliance posture, and operational security improvements. This role requires a leader who approaches cybersecurity with a solution-oriented mindset and who can help teams navigate complex requirements while maintaining operational momentum. The ISSM must be comfortable working in a collaborative environment where cybersecurity is integrated into engineering, manufacturing, and technology development processes. The position is located on-site in Oak Ridge, Tennessee and supports systems performing work funded through the Department of Energy.

• This position requires U.S Citizenship and the ability to obtain and maintain a U.S. government security clearance. Candidates who currently hold an active clearance are strongly preferred. Individuals who are eligible and capable of obtaining a clearance will also be considered.
• A minimum of seven to ten years of experience supporting information security, cybersecurity compliance, or information assurance programs within regulated, federal, or contractor environments.
• Demonstrated expertise with NIST Special Publication 800-53 security and privacy controls and experience implementing or overseeing these controls within operational environments.
• Familiarity with NIST Special Publication 800-82 and cybersecurity considerations related to industrial control systems or operational technology environments.
• Experience leading or managing cybersecurity activities under the Risk Management Framework, including system authorization processes, security control implementation, continuous monitoring, and vulnerability management.
• Experience overseeing system security plans, security documentation, compliance reporting, and security assessment activities.
• Demonstrated ability to guide technical teams, engineers, system administrators, and operational leadership in implementing cybersecurity requirements within operational environments.
• Strong leadership, communication, and documentation skills, with the ability to translate complex cybersecurity standards into practical guidance for engineering and operational teams.

• Experience supporting Department of Energy programs or federally funded technology development environments.
• Active security clearance.
• Experience supporting cybersecurity programs within advanced manufacturing, industrial control systems, or operational technology environments.
• Professional cybersecurity certifications such as CISSP, CISM, or similar leadership-level credentials.
• Experience working within engineering-driven environments focused on technology development, manufacturing deployment, or mission-critical infrastructure.

This role is well suited for a cybersecurity leader who enjoys working at the intersection of innovation, manufacturing, and national security. The ISSM will play a key role in ensuring cybersecurity enables rather than limits the deployment of advanced technologies while maintaining the integrity, compliance, and protection of systems supporting critical work.

Napakiak Environmental and Construction (NEC) is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran, or disability status. All full-time employees are considered benefit eligible for company benefit programs and 401-K upon date of hire.