Information Security Compliance Officer

Description

We are committed to creating meaning, solving complex challenges, and enriching lives on a global scale. We are currently seeking a talented individual to play a vital role in our dynamic and close-knit team within the Information Security Office. In this essential position, you will lead initiatives to protect our digital resources, developing and implementing innovative security strategies to effectively mitigate risks. Your expertise will contribute to our mission of maintaining a secure and resilient environment for education, research, and healthcare.

The Information Security Office is a high-profile team and is one of the few departments with university-wide purview, so you'll have plenty of opportunity to share and shine. We operate with a high degree of autonomy, expecting each of our contributors to bring their own special talents to bear on the tough challenges facing the university.

The Cybersecurity Governance, Risk, and Compliance (GRC) team within the Information Security Office is an innovative, newly formed team with an entrepreneurial spirit, and we invite you to help us grow while advancing your own career.

Job Responsibilities

• Lead the overall NIST readiness effort to support the research community, with a particular focus on compliance with NIH requirements, Cybersecurity Maturity Model Certification (CMMC), and NIST SP 800-171 standards.
• Execute a comprehensive strategy to prepare the university for an increasing number of security audits and evolving regulatory requirements, emphasizing compliance with CMMC, NIH, and NIST SP 800-171.
• Develop frameworks that not only meet current cybersecurity standards but also anticipate emerging challenges in the landscape of research-related security.
• Collaborate with Research Computing and local IT groups to implement and refine security controls that align with regulatory requirements.
• Coordinate efforts across various departments to establish and maintain a robust compliance framework.
• Assess the university's existing security posture, identify gaps that may hinder compliance, and implement best practices and guidelines to strengthen cybersecurity measures in preparation for audits.
• Work closely with legal, IT, and administrative stakeholders to develop and maintain policies, procedures, and training programs that promote a culture of security awareness and accountability.
• Lead the development and execution of a comprehensive strategy of NIST readiness to prepare the university for security audits and regulatory requirements.
• Develop a risk assessment framework and create a process to conduct comprehensive risk assessments.
• Collaborate with third parties for the development of System Security Plans (SSPs) that outline the security controls in place for the university's information systems.
• Ensure that actions pertaining to cybersecurity listed in the Plan of Actions and Milestones (POA&M) are executed effectively.
• Develop, maintain, and enforce information security policies, procedures, and standards in line with industry regulations.
• Ensure compliance with security policies, regulations, and standards, and provide regular updates to stakeholders on changes in requirements.
• Update security controls regularly and provide support to stakeholders on security controls.
• Collaborate with cross-functional teams to integrate information security into the organization's overall risk management program.
• Maintain detailed documentation and records of security incidents, risk assessments, and audit findings.
• Coordinate with the Internal Audit team to facilitate security audits and work collaboratively with the ISO Cloud Security team to conduct vulnerability assessments.
• Perform any other related duties assigned to support the organization's information security program.

Requirements

• Minimum Education: Bachelor's degree (or equivalent experience).
• A minimum of seven years of experience in information security, risk management, or compliance.
• Proven experience in information security, risk management, and compliance with a focus on establishing robust security frameworks.
• In-depth understanding of industry standards and regulations, particularly NIST & HIPAA.
• Strong analytical and critical thinking skills, with a demonstrated ability to identify, assess, and mitigate complex security risks effectively.
• Significant experience in leading security audits, risk assessments, and vulnerability assessments.
• Comprehensive knowledge of security technologies, including encryption methods, firewalls, intrusion detection systems, and Security Information and Event Management (SIEM) solutions.
• Multiple years of experience in a leadership role within a cybersecurity, information security, or compliance-related team.
• Exceptional capability to convey complex technical concepts in accessible language to diverse audiences.
• Strong commitment to professional development and staying current with the latest security threats, technologies, and evolving industry regulations.
• Important qualifications: Experience in higher education, excellent communication skills, CMMC level 1 and level 2 experience, extensive policy/standards creation experience.

Additional Information

• Full time or part time: Full time
• Number of hours per week: 40 hours
• Shift timing/schedule: M-F business hours
• Location Address: 100% remote