As a member of the Office of Research & Economic Development (ORED), and working closely with the ITS Senior Security & Compliance Officer and the Export Control Officer, this position will provide subject matter expertise in cyber risk management oversight, direction, and advisory services aligned with federal contracts and NIST standards to business units with the focus on their research mission.
Salary Grade: 17
Please see Staff Compensation Structure or Skilled Crafts and Service Maintenance Compensation Schedule for salary ranges. For salary grade UC, these positions are "Unclassified" and salary ranges are determined by the hiring department.
The Office of Research Compliance & Security (ORC&S) is a unit of the Vice President for Research and Economic Development. ORC&S seeks to respectfully guide and serve the Mississippi State University community while engaging in research through compliance and ethical practices in order to protect the University, researchers, and research subjects.
Essential Duties and Responsibilities:
This position will oversee the ORED security program to ensure compliance with federal security regulations, as well as contractual agreements regarding the protection of data up to and including Controlled Unclassified Information (CUI), Protected Health Information (PHI), and Personally Identifiable Information (PII). This position will assist senior level administrators, faculty, staff, and students with guidance and interpretation of federal government regulations and policies concerning CUI, PHI, and PII. This position will develop, maintain, coordinate, and communicate policies, procedures, and practices governing the usage, maintenance, and security research information systems within the university. Partner with government agencies to obtain rulings, interpretations, and acceptable deviations for compliance with regulations.
• Preparation and maintenance of System Security Plans (SSP) to accurately reflect the installation and security provisions of the unclassified research information systems thereby assuring Mississippi State University obtains and maintains CMMC certification.
• Development and maintenance of Plan of Action and Milestones (POA&M) used to identify information system weaknesses, mitigating actions, resources, and timelines for corrective actions.
• Implementation of an effective information system security education, training, and awareness program to ensure compliance with government regulations.
• Conducting technical security control assessments and baseline validations to identify vulnerabilities and correct deficiencies as part of a continuous monitoring program.
• Ensuring audit records are collected and analyzed in accordance with the System Security Plans.
• Assisting with the design of secure networks and determine best practices methods based on requirements.
Bachelor’s degree and 4+ years of relevant experience.
US Citizenship required.
• Master’s degree in Information Technology, Computer Science, or a related field.
• Experience designing and managing a cybersecurity risk management program based on U.S. Government’s NIST standards and frameworks.
• Preferred applicants will possess or be working toward cybersecurity certifications, such as CISSP, ISSEP, or an equivalent certification recognized by Industry and U.S. Government agencies.
• 6+ years of experience in managing the complexities of federal information security mandates at the organizational, business unit, and system levels.
Knowledge, Skills, and Abilities:
• Experience developing, maintaining, and overseeing an information system security program and policies within a complex organization.
• Familiarity with Cybersecurity Maturity Model Certification (CMMC) guidelines.
• Familiarity with HIPAA Security Rule and Privacy Rule guidelines.
• Working knowledge of information system technology and cybersecurity principles to include vulnerability scanning, Security Information and Event Management (SIEM) tools and processes, network security principles, authentication and authorization, and incident response.
• Industry accepted information security-oriented certifications (Security+, SSCP, CISSP, etc.).
• Experience in the application of Risk Management Frameworks as described in National Institute of Standards and technology (NIST) Special Publication (SP) 800-37, and NIST Security and Privacy Controls as described in SP 800-171 and SP 800-53a.
Working Conditions and Physical Effort
• No unusual physical requirements. Requires limited lifting of files and records and nearly all work is performed in a comfortable indoor facility.
• Frequent externally-imposed deadlines set and revised beyond one’s control; interruptions influence priorities; difficult to anticipate nature or volume of work with certainty beyond a few days; meeting of deadlines and coordination of unrelated activities are key to position; involves conflict-resolution or similar interactions involving emotional issues or stress on a regular basis.
• Job frequently requires walking, sitting, reaching, talking, hearing, and handling objects with hands.
Instructions for Applying:
Link to apply: http://explore.msujobs.msstate.edu/
Apply online via MSU Job portal system.
Position is contingent upon funding availability.
Equal Employment Opportunity Statement:
MSU is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, ethnicity, sex, religion, national origin, disability, age, sexual orientation, genetic information, pregnancy, gender identity, status as a U.S. veteran, and/or any other status protected by applicable law. We always welcome nominations and applications from women, members of any minority group, and others who share our passion for building a diverse community that reflects the diversity in our student population.