New

Research Cybersecurity Compliance Lead

Utah State University
Commensurate based on qualifications plus excellent benefits
United States, Utah, Logan
Nov 02, 2025
Research Cybersecurity Compliance Lead Requisition ID: 2025-9662 # of Openings: 1 Location: US-UT-Logan Category: Information Technology Position Type: Benefited Full-Time Job Classification: Exempt College: Operational Strategy Department: Information Technology Advertised Salary: Commensurate based on qualifications plus excellent benefits Overview Utah State University seeks a Research Cybersecurity Compliance Lead to guide the development and long-term management of a secure research computing environment that complies with federal cybersecurity and export control requirements, including CMMC, NIST 800-171, ITAR, EAR, OFAC, and other applicable regulations. The Lead will work alongside the university's selected vendor to stand up a compliant, turn-key environment, gaining deep understanding of its architecture and controls from the beginning. Over time, this role will take on increasing responsibility for managing and improving the environment as more of the work shifts in-house. The position requires both technical and compliance expertise. The Lead will draw on experience in cybersecurity operations, systems administration, and cloud platforms such as Microsoft Entra ID/M365, combined with knowledge of identity and access management. In addition, the role will oversee compliance alignment, risk management, and assessment readiness, ensuring that research projects meet regulatory obligations and security standards. The Lead will manage relationships with external vendors, serve as the primary liaison during C3PAO and other compliance assessments, and work closely with the Office of Research and other partners across campus to ensure researchers can securely conduct projects involving sensitive data while the institution maintains accountability for compliance. Responsibilities Vendor collaboration and transition: Partner with the university's selected vendor to stand up a compliant secure research environment. Learn the environment's architecture, configuration, and controls from the beginning, with the goal of gradually assuming more responsibility for day-to-day management and long-term sustainability. Program leadership: Serve as the lead point of contact for USU's research cybersecurity compliance program, ensuring that the secure environment supports requirements such as CMMC, NIST 800-171, ITAR, EAR, OFAC, and related regulations. Policy and procedure development: Translate cybersecurity and export control requirements into practical research-wide policies, procedures, and standards that can be consistently followed by researchers and IT staff. Research collaboration: Work closely with the Office of Research and individual researchers to develop project-specific compliance plans, including Technology Control Plans (TCPs), and provide guidance for securely handling Controlled Unclassified Information (CUI) and other regulated data. Assessment readiness: Act as the primary liaison during third-party assessments, including C3PAO evaluations, ensuring that required documentation and evidence meet CMMC criteria for sufficiency and adequacy and are maintained in an audit-ready state. Risk and vulnerability management: Conduct or coordinate internal risk assessments, track vulnerabilities, and ensure remediation within the research environment. Documentation stewardship: Maintain essential records, including the System Security Plan (SSP), Plans of Action and Milestones (POA&Ms), incident response procedures, and other compliance documentation. Continuous improvement: Regularly evaluate the effectiveness of controls, policies, and processes, providing reports and recommendations to university leadership. Training and outreach: Provide guidance and education to researchers and staff on compliance obligations, secure workflows, and the use of the secure research environment. Qualifications Minimum Qualifications: Bachelor's degree in information technology, computer science, cybersecurity, engineering, or a closely related field. Equivalent professional experience may be considered in lieu of a degree. At least 5 years of professional experience in cybersecurity, systems administration, or IT infrastructure management, with demonstrated responsibility for secure system design and operations. Hands-on experience administering both Linux and Windows environments, including implementation of security baselines and compliance controls. Experience with cloud services and identity platforms such as Microsoft Entra ID, M365, and Azure, particularly in identity and access management. Working knowledge of federal cybersecurity and export control requirements including NIST 800-171, CMMC, ITAR, and EAR. Strong ability to translate regulatory requirements into technical and procedural controls that can be understood and followed by researchers and non-technical staff. Ability to obtain the Certified CMMC Professional (CCP) credential within six months of employment. Preferred Qualifications: Advanced degree in information security, computer science, engineering, or a related field. More than 7 years of professional experience in cybersecurity operations, secure systems administration, or IT infrastructure management, with at least 3 years in a compliance or research security context. Demonstrated experience with federal security and compliance frameworks such as NIST SP 800-171, CMMC, NIST 800-53, FedRAMP, and export control requirements (ITAR, EAR, OFAC). See also, https://www.usu.edu/infosec/regulations/ Direct involvement in preparing for or supporting CMMC or other third-party compliance assessments, with familiarity in evaluating evidence for sufficiency, adequacy, and audit readiness under the CMMC Assessment Process (CAP). Professional certifications such as CISSP, CISM, CCSP, or CompTIA Security+, in addition to or in pursuit of Certified CMMC Professional (CCP) or Certified CMMC Assessor (CCA). Strong understanding of identity and access management concepts and their application in environments such as Microsoft Entra ID, M365, and Azure. Excellent written and verbal communication skills, with the ability to explain complex compliance and technical requirements to both technical and non-technical stakeholders. Knowledge, Skills, and Abilities: Strong knowledge of cybersecurity operations, including incident response, vulnerability management, system hardening, and secure configuration practices across Linux, Windows, and cloud environments. Familiarity with identity and access management (IAM) concepts, technologies, and best practices, with emphasis on Microsoft Entra ID, M365, and Azure Active Directory. Understanding of federal security frameworks and export control regulations, including NIST SP 800-171, CMMC, NIST 800-53, ITAR, EAR, and OFAC. Ability to analyze compliance requirements, evaluate evidence for sufficiency and adequacy under the CMMC Assessment Process (CAP), and design controls that address identified gaps. Skill in developing, documenting, and maintaining policies, procedures, and security plans, such as System Security Plans (SSPs) and Plans of Action and Milestones (POA&Ms). Capacity to lead projects that cross organizational boundaries, balancing vendor management, research needs, and IT operational priorities. Strong communication and interpersonal skills, with the ability to clearly explain complex technical and compliance concepts to researchers, administrators, and leadership. Analytical and problem-solving ability to address emerging risks, regulatory changes, and evolving research requirements. Commitment to continuous learning and professional development in cybersecurity, compliance, and research security. Required Documents Along with the online application, please attach: 1. Resume to be uploaded at the beginning of your application in the Candidate Profile under "Resume/CV" 2. Cover letter to be typed/pasted at the end of your application (iForm) Document size may not exceed 10 MB. Advertised Salary Commensurate based on qualifications plus excellent benefits ADA Employees work indoors and are protected from weather and/or contaminants, but not, necessarily, occasional temperature changes. The employee is regularly required to sit and often uses repetitive hand motions. College/Department Highlights University Highlights Founded in 1888, Utah State University is Utah's premier land-grant, public service university. As an R1 research institution, Utah State is dedicated to advancing knowledge and serving the public good through innovative research and scholarly activities that are grounded in reciprocal engagement with local, regional, and global communities. USU prepares students to be active, civically engaged leaders who are prepared to address critical societal challenges. Dedicated to providing a high-quality and affordable education, USU remains a leader in research, discovery, and public impact. USU enrolls 28,900 students, both online and in person at locations throughout the state. Utah State's 30 locations include a main campus in Logan, Utah, residential campuses in Price and Blanding, and six additional statewide campuses, along with education centers serving every county. USU Online educates students from all 50 states and 55 countries. For over 25 years, USU Extension has served and engaged Utahns in all of Utah's counties. Competing at the NCAA Division I level, USU is a proud member of the Mountain West Conference and will join the Pac-12 Conference beginning in the 2026-2027 season. The Aggies' long-standing tradition of athletic and academic excellence is exemplified by conference championships in multiple sports, reflecting USU's commitment to perseverance and achievement. Utah State is dedicated to fostering a community where all individuals feel respected, valued, and supported. We seek to recruit, hire, and retain people from all walks of life who will champion excellence in education, research, discovery, outreach, and service. We believe that promoting a strong sense of community and belonging empowers and engages all members of USU to thrive and be successful. Forbes recognized our commitment to employees when they named Utah State the best employer in Utah in 2023. Learn more about USU. The university provides a Dual Career Assistance Program to support careers for partners who are also seeking employment. Additionally, USU is committed to providing access and a reasonable accommodation for individuals with disabilities. To request a reasonable accommodation for a disability, contact the university's ADA Coordinator in the Office of Human Resources at (435) 797-0122 or hr@usu.edu . updated 09/2025 https://careers-usu.icims.com/jobs/9662/research-cybersecurity-compliance-lead/job?in_iframe=1* Notice of Non-discrimination In its programs and activities, including in admissions and employment, Utah State University does not discriminate or tolerate discrimination, including harassment, based on race, color, religion, sex, national origin, age, genetic information, sexual orientation, gender identity or expression, disability, status as a protected veteran, or any other status protected by University policy, Title IX, or any other federal, state, or local law. The following individuals have been designated to handle inquiries regarding the application of Title IX and its implementing regulations and/or USUs non-discrimination policies: Executive Director of the Office of Equity Matthew Pinner, discrimination@usu.edu, Distance Education Rm. 401, 435-797-1266 Title IX Coordinator Matthew Pinner, titleix@usu.edu, Distance Education Rm. 404, 435-797-1266 Mailing address: 5100 Old Main Hill, Logan, Ut 84322 For further information regarding non-discrimination, please visit https://equity.usu.edu/, or contact: U.S. Department of Education, Office of Assistant Secretary for Civil Rights, 800-421-3481, OCR@ed.gov U.S. Department of Education, Denver Regional Office, 303-844-5695, OCR.Denver@ed.gov Copyright 2025 Jobelephant.com Inc. All rights reserved. Posted by the FREE value-added recruitment advertising agency jeid-99da9e50f392644da3d75f35c3f09010