Research Cybersecurity Compliance Analyst
Job Description
About the Role
Research Cybersecurity Compliance Analyst
Houston, TX, United States
Job Description
Special Instructions to Applicants: All interested applicants should attach a cover letter and a resume in the Supporting Documents section of the application. We suggest the documents be in a PDF format to avoid formatting issues.
Position Summary
The Research Cybersecurity Compliance Analyst primarily works with the Chief Information Security Officer (CISO) and Deputy CISO to develop and implement processes, procedures, documentation, and reporting that enable university researchers and collaborators to comply with research cybersecurity requirements. This includes assessing research areas, performing gap analysis, and providing guidance and assistance to university researchers and their support providers. This position will be required to work closely with other relevant organizations, including the Center for Research Computing, the Office of Information Technology, and the Office of Research.
Additionally, this position will support the Information Security Office (ISO) in providing other risk-based contract reviews and security assessments to ensure that internal systems and technologies comply with security standards and regulatory requirements. This role develops and implements campus-wide security initiatives, helps researchers, departments, and organizations across campus to ensure compliance with industry and legal regulations, and works with those groups to develop policies, procedures, and technical solutions to achieve compliance. The role will work with groups, including the Office of the General Counsel, to evaluate risk with contracts for new and existing services.
The ideal candidate has excellent time management and organization skills, is proactive and service-oriented.
This position is offered as a hybrid role, combining both in-office and remote work to provide flexibility and support collaboration. (minimum of 3 days in the office per week) Per Rice policy 440, work arrangements may be subject to change.
This is a full-time, benefits-eligible position, and the salary is contingent on experience and qualifications. *Exempt (salaried) positions under FLSA are not eligible for overtime.
Minimum Requirements
Bachelor’s Degree
In lieu of the education requirement, additional related experience, above and beyond what is required, on an equivalent year-for-year basis may be substituted
3 or more years of experience in cybersecurity compliance, risk assessment, and policy development within a research or academic environment
in lieu of the experience requirement, additional related education, above and beyond what is required, on an equivalent year-for-year basis may be substituted
Skills
Knowledge of current and emerging research cybersecurity regulations is required, including NIST SP 800-53, NIST SP 800-171, and Cybersecurity Maturity Model Certification (CMMC).
Knowledge of information security industry best practices is required
Knowledge of industry and legal regulations is required, including PCIDSS, GLBA, HIPAA, FERPA, and other federal and state laws
Must be able to work with people with varying degrees of technical and legal knowledge and understanding
Must have a strong technical background in operating systems, networking, and security assessment tools
Must have strong written communication skills
Preferences:
Experience in risk assessment and risk management, especially in federally funded areas.
Experience working in and assessing regulated research environments.
Experience working in and assessing regulated government environments.
CISSP, CRISC, CISA, CISM or equivalent certification
CMMC RP or RPA or equivalent certification
Essential Functions:
Works with Information Security and the Center for Research Computing leadership to develop and implement strategies that support and enable university research that includes cybersecurity requirements.
Establishes intentional relationships with IT-based stakeholders, including the Center for Research Computing and the Office of Information Technology.
Establishes and maintains intentional relationships with the Office of Research and researchers working on regulated projects.
Provides IT risk assessments for ITrelated systems both internal and external to the OIT division, especially those involving research with cybersecurity requirements.
Provides detailed guidance and recommendations on findings during assessments.
Works with system owners to ensure proper documentation is maintained for regulated environments, including the development and maintenance of accurate System Security Plans (SSP), Technology Control Plans (TCP), and any required Plans of Action and Milestones (POAM).
Provides reports to the CISO and others as directed.
Monitor and evaluate the effectiveness of security compliance initiatives through OKRs and KPIs.
Reviews ITrelated contracts for new and existing services.
Provides a periodic risk reassessment of existing cloud services and as terms or operations change.
Develops and participates in relevant industry and highered groups to keep current on changes in regulations and best practices and contributes to these groups when possible and as appropriate.
Performs all other duties as assigned.
Additional Functions
Participates in the investigation, development, deployment, and client support for information security office-provided tools and services
Works with other OIT Security team members during incidents to contain and resolve discovered and reported incidents
Rice University HR | Benefits: https://knowledgecafe.rice.edu/benefits
Rice Mission and Values: Mission and Values | Rice University
Rice University is an Equal Opportunity Employer committed to diversity at all levels and considers for employment qualified applicants without regard to race, color, religion, age, sex, sexual orientation, gender identity, national or ethnic origin, genetic information, disability, or protected veteran status.
About Us
Boasting a 300-acre tree-lined campus in Houston, Rice University is ranked among the nation’s top 20 universities by U.S. News & World Report. Rice has a 6-to-1 undergraduate student-to-faculty ratio, and a residential college system, which supports students intellectually, emotionally and culturally through social events, intramural sports, student plays, lectures series, courses and student government. Developing close-knit, diverse college communities is a strong campus tradition, which is why Rice is highly ranked for best quality of life and best value among private universities.
Job Info
Job Identification3894
Job CategoryStaff – Information Technology
Degree LevelBachelor’s Degree
Job ScheduleFull time
Locations Mudd 6100 Main Street, Houston, TX, 77005, US
