Description:
At client, we are committed to creating meaning, solving complex challenges, and enriching lives on a global scale. We are currently seeking a talented Information Security Officer to play a vital role in our dynamic and close-knit team within the Information Security Office. In this essential position, you will lead initiatives to protect our digital resources, developing and implementing innovative security strategies to effectively mitigate risks. Your expertise will contribute to our mission of maintaining a secure and resilient environment for education, research, and healthcare.

The Information Security Office is a high-profile team and is one of the few departments with university-wide purview, so you'll have plenty of opportunity to share and shine. We operate with a high degree of autonomy, expecting each of our contributors to bring their own special talents to bear on the tough challenges facing the university.

The Cybersecurity Governance, Risk, and Compliance (GRC) team within the Information Security Office is an innovative, newly formed team with an entrepreneurial spirit, and we invite you to help us grow while advancing your own career.

Job responsibilities

In this role, you will lead the overall NIST readiness effort to support the research community, with a particular focus on compliance with NIH requirements, Cybersecurity Maturity Model Certification (CMMC), and NIST SP 800-171 standards. Your leadership will be crucial in enhancing the university’s ability to meet these regulatory frameworks and ensure robust information security practices.

Your primary responsibilities will include executing a comprehensive strategy to prepare the university for an increasing number of security audits and evolving regulatory requirements, emphasizing compliance with CMMC, NIH, and NIST SP 800-171. You will take the lead in developing frameworks that not only meet current cybersecurity standards but also anticipate emerging challenges in the landscape of research-related security. You will closely collaborate with client Research Computing and local client IT groups to implement and refine security controls that align with regulatory requirements. Your guidance will be vital in assisting the research community as they navigate the complexities of compliance with these critical standards.

Additionally, you will coordinate efforts across various departments to establish and maintain a robust compliance framework. This involves assessing the university's existing security posture, identifying gaps that may hinder compliance with NIH, CMMC, and NIST SP 800-171, and implementing best practices and guidelines to strengthen cybersecurity measures in preparation for audits.

This involves identifying and analyzing the university's existing security posture and determining gaps that may hinder compliance. You will implement best practices and guidelines to enhance cybersecurity measures and aid in the preparation for audits. Additionally, you will work closely with legal, IT, and administrative stakeholders to develop and maintain policies, procedures, and training programs that promote a culture of security awareness and accountability.

Typical Activities

Lead the development and execution of a comprehensive strategy of NIST readiness to prepare the university for security audits and regulatory requirements, with a specific emphasis on compliance with NIH, Cybersecurity Maturity Model Certification (CMMC) and NIST SP 800-171 standards.
Develop a risk assessment framework and create a process to conduct comprehensive risk assessments, identifying potential security threats and implementing effective mitigation strategies to minimize risks to the organization’s assets and data.
Collaborate with the third-party for the development of System Security Plans (SSPs) that outline the security controls in place for the university's information systems and ensure they align with regulatory requirements.
Ensure that the actions pertaining to cybersecurity listed in the Plan of Actions and Milestones (POA&M) are executed effectively to meet compliance with industry regulations, best practices, and the university's risk management framework, including NIH, NIST, ISO 27001, HIPAA, and PCI DSS.
Develop, maintain, and enforce information security policies, procedures, and standards in line with industry regulations, best practices, and the organization's risk management program.
Ensure compliance with security policies, regulations, and standards, such as NIST, ISO 27001, HIPAA, and PCI DSS, and provide regular updates to stakeholders on changes in requirements.
Update security controls regularly and provide support to stakeholders on security controls, including internal assessments, regulations, protecting Personally Identifiable Information (PII) data, and Payment Card Industry Data Security Standards (PCI DSS).
Collaborate with cross-functional teams, including IT, Finance, Human Resources, and Legal, to integrate information security into the organization's overall risk management program.
Maintain detailed documentation and records of security incidents, risk assessments, and audit findings to support ongoing compliance efforts.
Coordinate with the Internal Audit team to facilitate security audits, and work collaboratively with the ISO Cloud Security team to conduct vulnerability assessments, identifying weaknesses in the university's security infrastructure and formulating action plans to address those vulnerabilities.
Perform any other related duties assigned to support the organization's information security program.

Requirements:
Minimum Education

You’re a well-rounded, critical thinker with a bachelor’s degree (or equivalent experience).
A minimum of seven years of experience in information security, risk management, or compliance.


Qualification

Proven experience in information security, risk management, and compliance with a focus on establishing robust security frameworks.
In-depth understanding of industry standards and regulations, particularly NIST & HIPAA.
Strong analytical and critical thinking skills, with a demonstrated ability to identify, assess, and mitigate complex security risks effectively.
Significant experience in leading security audits, risk assessments, and vulnerability assessments to ensure compliance and enhance security measures.
Comprehensive knowledge of security technologies, including encryption methods, firewalls, intrusion detection systems, and Security Information and Event Management (SIEM) solutions.
Multiple years of experience in a leadership role within a cybersecurity, information security, or compliance-related team, demonstrating the ability to guide and mentor junior staff while driving compliance initiatives.
Exceptional capability to convey complex technical concepts in accessible language to diverse audiences, ensuring effective communication with stakeholders at all levels of technical expertise.
Strong commitment to professional development and staying current with the latest security threats, technologies, and evolving industry regulations to inform compliance strategies.

Qualifications:

Experience in higher education
excellent communication skills - writing, speaking, reading
CMMC level 1 and level 2 experience
extensive policy/standards creation experience




Notes:

40 hours

M-F business hours
100% remote