"Research Information Security Compliance Program Manager"

Posting Details

Working Title
Research Information Security Compliance Program Manager

Position Number
01399A

Department
INFORMATION TECHNOLOGY SERV-ACAD

Location
Norfolk, VA

Type of Position
Classified

Type of Job
Full Time

EEO Category
B Professionals

Job Description

The chief objective of the Research Information Security Compliance Program Manager is to oversee and coordinate research IT compliance across the university and manage a research security program. This position ensures that all research IT environments—including those handling Controlled Unclassified Information (CUI), compliance with CMMC, SIPRNet/Classified Cloud/MUSA, HIPAA, and NIH data—meet federal, sponsor, and institutional standards. The Program Manager leads efforts to manage regulatory requirements such as NSPM-33, the CHIPS and Science Act, and NIH data security plans, working collaboratively with research, compliance, and IT teams to maintain a secure and compliant research IT landscape. Activities are aligned with university security policies and will also inform the broader University Information Security Office Governance, Risk, and Compliance (GRC) program and risk register.

Knowledge, skills and abilities

Considerable knowledge of IT compliance or research IT program management, preferably in higher education or regulated research environments.
Demonstrated expertise with federal and sponsor research compliance frameworks, including but not limited to NSPM-33, CHIPS and Science Act, CMMC (Levels 1 & 2), NIST SP 800-171/53, HIPAA, and NIH data security requirements.
Strong understanding of CUI, classified/unclassified hybrid environments, and the management of regulated data within research IT systems.
Proven ability to collaborate effectively across departments, including research administration, IT, compliance, legal, and academic units.
Experience reviewing and managing Data Use Agreements (DUAs), Data Security Plans (DSPs), and related documentation.
Familiarity with SIPRNet, classified cloud, MUSA, and requirements for secure operation and compliance.
Excellent organizational, communication, and documentation skills, with a focus on regulatory evidence, risk tracking, and compliance reporting.
Ability to manage multiple projects and competing priorities in a complex, regulated environment.

Special licenses, registration or certification

Relevant certifications such as CISSP, CISM, CISA, or equivalent preferred but not required.
Ability to obtain and maintain security clearances or other credentials as required by research sponsors or federal regulations.

Education or training

None

Level and type of experience

Significant experience in research IT, compliance management, or information security within an academic or research-intensive environment is strongly preferred.

Additional Considerations (supplemental knowledge, skills, abilities, education, experience, licensure, certification)

Understanding of enclave architectures, secure research computing, and sponsor-mandated cybersecurity reporting.
Experience with university research administration processes and sponsor compliance audits.
Certifications such as CISSP, GCCC, GCED, or other industry certifications.

Conditions of Employment

This position is fully remote and will require participation in on-call rotations. The candidate must have high-speed and reliable internet.

This position is designated as sensitive. A fingerprint-based criminal history check will be required of the final candidate.

This position has special requirements. The candidate or incumbent must:
• be a U.S. Citizen
• have or obtain a Secret security clearance

Annual Salary/Hourly Rate
Salary range between $90,000-$115,000

Job Open To
General Public

Open Date
12/10/2025

Close Date
01/05/2026

Open Until Filled
No

Special Instructions Summary
Along with the completed application, please attached a resume.