Job Description

Responsibilities
Vendor collaboration and transition: Partner with the university’s selected vendor to stand up a compliant secure research environment. Learn the environment’s architecture, configuration, and controls from the beginning, with the goal of gradually assuming more responsibility for day-to-day management and long-term sustainability.
Program leadership: Serve as the lead point of contact for USU’s research cybersecurity compliance program, ensuring that the secure environment supports requirements such as CMMC, NIST 800-171, ITAR, EAR, OFAC, and related regulations.
Policy and procedure development: Translate cybersecurity and export control requirements into practical research-wide policies, procedures, and standards that can be consistently followed by researchers and IT staff.
Research collaboration: Work closely with the Office of Research and individual researchers to develop project-specific compliance plans, including Technology Control Plans (TCPs), and provide guidance for securely handling Controlled Unclassified Information (CUI) and other regulated data.
Assessment readiness: Act as the primary liaison during third-party assessments, including C3PAO evaluations, ensuring that required documentation and evidence meet CMMC criteria for sufficiency and adequacy and are maintained in an audit-ready state.
Risk and vulnerability management: Conduct or coordinate internal risk assessments, track vulnerabilities, and ensure remediation within the research environment.
Documentation stewardship: Maintain essential records, including the System Security Plan (SSP), Plans of Action and Milestones (POA&Ms), incident response procedures, and other compliance documentation.
Continuous improvement: Regularly evaluate the effectiveness of controls, policies, and processes, providing reports and recommendations to university leadership.
Training and outreach: Provide guidance and education to researchers and staff on compliance obligations, secure workflows, and the use of the secure research environment.
Qualifications
Minimum Qualifications:

Bachelor’s degree in information technology, computer science, cybersecurity, engineering, or a closely related field. Equivalent professional experience may be considered in lieu of a degree.
At least 5 years of professional experience in cybersecurity, systems administration, or IT infrastructure management, with demonstrated responsibility for secure system design and operations.
Hands-on experience administering both Linux and Windows environments, including implementation of security baselines and compliance controls.
Experience with cloud services and identity platforms such as Microsoft Entra ID, M365, and Azure, particularly in identity and access management.
Working knowledge of federal cybersecurity and export control requirements including NIST 800-171, CMMC, ITAR, and EAR.
Strong ability to translate regulatory requirements into technical and procedural controls that can be understood and followed by researchers and non-technical staff.
Ability to obtain the Certified CMMC Professional (CCP) credential within six months of employment.
US Citizenship required in order to comply with ITAR and EAR regulations.
Preferred Qualifications:

Advanced degree in information security, computer science, engineering, or a related field.
More than 7 years of professional experience in cybersecurity operations, secure systems administration, or IT infrastructure management, with at least 3 years in a compliance or research security context.
Demonstrated experience with federal security and compliance frameworks such as NIST SP 800-171, CMMC, NIST 800-53, FedRAMP, and export control requirements (ITAR, EAR, OFAC). See also, https://www.usu.edu/infosec/regulations/
Direct involvement in preparing for or supporting CMMC or other third-party compliance assessments, with familiarity in evaluating evidence for sufficiency, adequacy, and audit readiness under the CMMC Assessment Process (CAP).
Professional certifications such as CISSP, CISM, CCSP, or CompTIA Security+, in addition to or in pursuit of Certified CMMC Professional (CCP) or Certified CMMC Assessor (CCA).
Strong understanding of identity and access management concepts and their application in environments such as Microsoft Entra ID, M365, and Azure.
Excellent written and verbal communication skills, with the ability to explain complex compliance and technical requirements to both technical and non-technical stakeholders.
Knowledge, Skills, and Abilities:

Strong knowledge of cybersecurity operations, including incident response, vulnerability management, system hardening, and secure configuration practices across Linux, Windows, and cloud environments.
Familiarity with identity and access management (IAM) concepts, technologies, and best practices, with emphasis on Microsoft Entra ID, M365, and Azure Active Directory.
Understanding of federal security frameworks and export control regulations, including NIST SP 800-171, CMMC, NIST 800-53, ITAR, EAR, and OFAC.
Ability to analyze compliance requirements, evaluate evidence for sufficiency and adequacy under the CMMC Assessment Process (CAP), and design controls that address identified gaps.
Skill in developing, documenting, and maintaining policies, procedures, and security plans, such as System Security Plans (SSPs) and Plans of Action and Milestones (POA&Ms).
Capacity to lead projects that cross organizational boundaries, balancing vendor management, research needs, and IT operational priorities.
Strong communication and interpersonal skills, with the ability to clearly explain complex technical and compliance concepts to researchers, administrators, and leadership.
Analytical and problem-solving ability to address emerging risks, regulatory changes, and evolving research requirements.
Commitment to continuous learning and professional development in cybersecurity, compliance, and research security.
Required Documents
Along with the online application, please attach:

1. Resume to be uploaded at the beginning of your application in the Candidate Profile under “Resume/CV”

2. Cover letter to be typed/pasted at the end of your application (iForm)