Director of Cybersecurity Governance Risk and Compliance

Director of Cybersecurity Governance Risk and Compliance

Requirements

• Must be a U.S. citizen, resident, or officially recognized asylee.
• Bachelor’s degree and a minimum of 3 years of experience in a restricted research environment, information security policies, controls, and practices; cybersecurity; or governance, risk, and compliance (GRC). Relevant education and experience may be substituted as appropriate.
• Familiarity with NIST 800-171 (CUI), ITAR, DFARS compliance frameworks and/or related controls.
• Ability to analyze, interpret and explain complex regulations, statutes, policies, terms and conditions of grants, cooperative agreements, contracts, and subcontracts.
• Demonstrated proficiency operating with a high degree of independence executing with excellent follow-through for assigned tasks, while also knowing when to stop, ask questions, and seek input from the team or management.
• Demonstrated ability to manage and execute numerous parallel activities in a fast-paced, dynamic team environment.
• Exceptional written and verbal communication skills with all levels of a complex organization.
• Self-motivated to learn and share knowledge.

Responsibilities

• Implement a program to provide infrastructure, resources, and support for research involving controlled unclassified information (CUI).
• Collaborate with UT’s and the Cockrell School of Engineering’s information technology personnel, researchers, and UT’s Defense Research Advancement office to establish secure research computing and laboratory environments that comply with federal requirements for protecting CUI.
• Develop information resources and deliver training to assist researchers with understanding the requirements for working with CUI and implementing those requirements, as needed, for their sponsored research.
• Consult with Principal Investigators (PI) in pre-award or post-award review of information technology security and privacy controls compliance requirements.
• Develop and manage security standards, guidelines, policies, procedures, processes and controls based on best practices, compliance frameworks (for example Supplier Performance Risk System NIST assessments), and audit findings.
• Perform ongoing monitoring of research projects and environments to ensure continued compliance with security requirements.
• Assess, evaluate, and make recommendations regarding the adequacy of the cybersecurity controls for TIE’s environment and business objectives.
• Develop plans and tracking for non-compliance with applicable controls, POA&Ms, and monitor remediation progress against agreed upon timelines.
• Engage in ongoing risk assessment within the TIE research environment, develop risk registers aligned to NIST controls, and implement risk mitigation controls in collaboration with University/Engineering IT, TIE units, and researchers.
• Evaluate new and existing technologies for compliance with information governance controls (e.g., access, authentication, encryption, logging, retention).
• Perform other duties as assigned.

Preferred Qualifications

• Demonstrated ability to implement and ensure compliance of infrastructure for common security and privacy frameworks and regulation (e.g., NIST 800-53, NIST 800-171, CIS, HIPAA, DFARS/CUI, HECVAT)
• Experience with university research, research compliance or administration
• Experience in risk management and intelligence analysis
• Project management experience