"Associate Director, Research Security"

Job Details

Associate Director, Research Security

University Overview The University of Pennsylvania, the largest private employer in Philadelphia, is a world-renowned leader in education, research, and innovation. This historic, Ivy League school consistently ranks among the top 10 universities in the annual U.S. News & World Report survey. Penn has 12 highly-regarded schools that provide opportunities for undergraduate, graduate and continuing education, all influenced by Penn's distinctive interdisciplinary approach to scholarship and learning. As an employer Penn has been ranked nationally on many occasions with the most recent award from Forbes who named Penn one of America's Best Large Employers in 2023. Posted Job Title Associate Director, Research Security Job Profile Title Information Technology Security Analyst Senior Job Description Summary Federal requirements related to research security have been increasing over the past several years. These requirements include the need to establish a Research Security Program including cybersecurity as well as increasingly stringent contractual requirements related to how research data and information are stored and shared. As a preeminent research institution, the University of Pennsylvania (Penn) is committed to providing the necessary policies, infrastructure, and support to its research community for the management of regulated research data. The Associate Director of Research Data Security will serve as a key member of the Research Security Program management team. Key responsibilities include ensuring Penn's compliance with Cybersecurity Maturity Model Certification (CMMC), NIST SP 800-171 controls, and FAR 52.204-21, assessing and advising on Penn's readiness to meet cybersecurity requirements related to NSPM-33, the evaluation of data security requirements specified in sponsored projects agreements as well as advising as to whether those requirements can currently be met in the applicable school/center, and if they cannot, provide expertise to assist with meeting compliance. Job Description Job Responsibilities

• Develop and oversee a risk-based institutional research data security program, including training content and delivery, particularly for management of sensitive, restricted, and controlled data received, developed, shared, or used in university research projects. Periodically review System Security Plan, System Inventory and Baseline, and Document Traceability Matrix with the technical team to ensure shared understanding and preparedness for the annual Security Controls Assessment for Penn's Secure Research Environment(s) (SREs).
• Inventory and document existing University systems that house research data, including the security capabilities of each system. Document existing data safeguards and ensure that such safeguards are maintained.
• Partner with other key stakeholders in the development and maintenance of Plan of Action and Milestones (POA&M) used to identify information system weaknesses, mitigating actions, resources, and timelines for corrective actions. Partner with the Information Security Office to identify vulnerabilities and correct deficiencies as part of a continuous monitoring program. Schedule required annual Security Controls Assessment and Risk Assessment for Penn's SRE(s).
• Manage the development of project-specific information and security controls in collaboration with the PI, Office of Research Services, Penn Center for Innovation, Office of Clinical Research, Export Controls, Research Computing, Research Integrity, Information Security, Penn Global, and other campus partners. Ensure SRE users and data are appropriately onboarded and offboarded.
• Plan, design, enforce, and audit security policies and procedures which safeguard the integrity of and access to University information systems
• Investigate security incidents; perform computer forensics studies and maintain incident tracking records
• Maintain knowledge of changing information security threats and technologies
• Manage security improvement projects
• Coach and direct more junior staff
• Other duties and responsibilities as assigned

Qualifications

• Bachelor's degree and 4+ years of relevant experience (Masters degree in Information Technology, Computer Science, or a related field preferred.)
• Experience developing, maintaining, and overseeing an information systems security program and policies within a complex organization.
• Strong skills in organizing and setting priorities and accomplishing tasks by identifying risk-based solutions to time-sensitive problems.
• Demonstrated familiarity with CMMC guidelines.
• Working knowledge of information system technology and cybersecurity principles to include vulnerability scanning, network security principles, authentication and authorization, and incident response.
• Experience in the application of Risk Management Frameworks as described in the National Institute of Standards and Technology (NIST) Special Publications (SP) 800-37, SP 800-171 and SP 800-53.
• Demonstrated ability to develop training materials and to provide individual training as appropriate.
• Ability to work effectively in a highly matrixed and decentralized environment with the ability to navigate through ambiguity and demonstrate appreciation and support for diversity, inclusion, and belonging in a constantly evolving academic/higher education environment.

The ideal candidate will model and exhibit the following competencies, behaviors, experiences, and traits to be successful in the role:

• High efficiency in project management, change management and/or process improvement.
• Ability to influence without authority and manage change in a dynamic higher education environment.
• Strong collaboration skills, global mindset, and curiosity and tenacity in managing operations across a highly matrixed and decentralized environment.
• Experience with contract review for data security requirements.
• Proven track record to work and communicate effectively and eloquently with multiple stakeholders at different levels in a complex and diverse environment.
• Experience in driving efficiency, project prioritization, simplification, standardization of work, process improvement, and translating programs into practical and efficient solutions for various stakeholders and audiences across the University.
• A high level of learning agility, urgency for action/speed along with a natural curiosity to work with different audiences, cultures, time zones, people, and mindsets.

Job Location - City, State Philadelphia, Pennsylvania Department / School Division of Finance Pay Range $83,500.00 - $125,000.00 Annual Rate To apply, visit https://wd1.myworkdaysite.com/en-US/recruiting/upenn/careers-at-penn/job/Franklin-Building/Associate-Director--Research-Security_JR00116843