Research Cybersecurity Compliance Analyst

at  Rice University

Special Instructions to Applicants: All interested applicants should attach a cover letter and a resume in the Supporting Documents section of the application. We suggest the documents be in a PDF format to avoid formatting issues.

POSITION SUMMARY

The Research Cybersecurity Compliance Analyst primarily works with the Chief Information Security Officer (CISO) and Deputy CISO to develop and implement processes, procedures, documentation, and reporting that enable university researchers and collaborators to comply with research cybersecurity requirements. This includes assessing research areas, performing gap analysis, and providing guidance and assistance to university researchers and their support providers. This position will be required to work closely with other relevant organizations, including the Center for Research Computing, the Office of Information Technology, and the Office of Research.
Additionally, this position will support the Information Security Office (ISO) in providing other risk-based contract reviews and security assessments to ensure that internal systems and technologies comply with security standards and regulatory requirements. This role develops and implements campus-wide security initiatives, helps researchers, departments, and organizations across campus to ensure compliance with industry and legal regulations, and works with those groups to develop policies, procedures, and technical solutions to achieve compliance. The role will work with groups, including the Office of the General Counsel, to evaluate risk with contracts for new and existing services.
The ideal candidate has excellent time management and organization skills, is proactive and service-oriented.
This position is offered as a hybrid role, combining both in-office and remote work to provide flexibility and support collaboration. (minimum of 3 days in the office per week) Per Rice policy 440 , work arrangements may be subject to change.
This is a full-time, benefits-eligible position, and the salary is contingent on experience and qualifications. *Exempt (salaried) positions under FLSA are not eligible for overtime.

MINIMUM REQUIREMENTS

• Bachelor’s Degree
• In lieu of the education requirement, additional related experience, above and beyond what is required, on an equivalent year-for-year basis may be substituted
• 3 or more years of experience in cybersecurity compliance, risk assessment, and policy development within a research or academic environment
• in lieu of the experience requirement, additional related education, above and beyond what is required, on an equivalent year-for-year basis may be substituted
• Skills
• Knowledge of current and emerging research cybersecurity regulations is required, including NIST SP 800-53, NIST SP 800-171, and Cybersecurity Maturity Model Certification (CMMC).
• Knowledge of information security industry best practices is required
• Knowledge of industry and legal regulations is required, including PCI‐DSS, GLBA, HIPAA, FERPA, and other federal and state laws
• Must be able to work with people with varying degrees of technical and legal knowledge and understanding
• Must have a strong technical background in operating systems, networking, and security assessment tools
• Must have strong written communication skills

• Works with Information Security and the Center for Research Computing leadership to develop and implement strategies that support and enable university research that includes cybersecurity requirements.
• Establishes intentional relationships with IT-based stakeholders, including the Center for Research Computing and the Office of Information Technology.
• Establishes and maintains intentional relationships with the Office of Research and researchers working on regulated projects.
• Provides IT risk assessments for IT‐related systems both internal and external to the OIT division, especially those involving research with cybersecurity requirements.
• Provides detailed guidance and recommendations on findings during assessments.
• Works with system owners to ensure proper documentation is maintained for regulated environments, including the development and maintenance of accurate System Security Plans (SSP), Technology Control Plans (TCP), and any required Plans of Action and Milestones (POAM).
• Provides reports to the CISO and others as directed.
• Monitor and evaluate the effectiveness of security compliance initiatives through OKRs and KPIs.
• Reviews IT‐related contracts for new and existing services.
• Provides a periodic risk reassessment of existing cloud services and as terms or operations change.
• Develops and participates in relevant industry and higher‐ed groups to keep current on changes in regulations and best practices and contributes to these groups when possible and as appropriate.
• Performs all other duties as assigned.