As a UW employee, you have a unique opportunity to change lives on our campuses, in our state and around the world. UW employees offer their boundless energy, creative problem-solving skills and dedication to build stronger minds and a healthier world.
UW faculty and staff also enjoy outstanding benefits, professional growth opportunities and unique resources in an environment noted for diversity, intellectual excitement, artistic pursuits and natural beauty.
The IT team at the Applied Physics Laboratory at the University of Washington is hiring – see yourself at APL!
The Applied Physics Laboratory is a research unit at the University of Washington. Our research expertise is in ocean physics and engineering, ocean and medical acoustics, polar science, environmental remote sensing, and signal processing. We conduct research and development that is sponsored by a variety of federal and state agencies, and take great pride in our long-standing status as a US Navy-designated University Affiliated Research Center (UARC). Our work takes place not only on the University of Washington campus and medical centers, but in field locations around the world – at sea, in the air, and on polar ice caps. We apply rigorous scientific inquiry and engineering excellence in pursuit of solutions to important problems for the good of our region, nation, and world.
Diversity is a core value at University of Washington and the Applied Physics Laboratory shares this commitment. We are focused on building and sustaining an inclusive and equitable research environment for all students, staff, and collaborators. We believe every member on our team enriches our community by exposing us to a broad range of ways to understand and engage with the world, identify challenges, and to discover, design and deliver solutions.
The Applied Physics Lab has an outstanding full time opportunity for a Cybersecurity Manager.
The Cybersecurity Manager is responsible for managing regulatory compliance and cybersecurity best practices and controls leveraging frameworks such as NIST Special Publication 800-Series and others, and will also be responsible for managing internal/external IT audits and assessments. In addition, this role is responsible for instituting the Cyber Security Training and Awareness Program in order to support enhanced levels of awareness of Information Security tenants and communication of IT and Security policies in a manner that facilitates knowledge. The incumbent will be also be responsible for establishing a role-based training program for job-related security competencies in critical functions that includes enterprise-wide awareness campaigns to enhance the learning environment and invoke a culture shift.
The Cybersecurity Manager is a unique role which will work closely with the cybersecurity arm of the APL IT team, and will be relied on to function as a subject matter expert for regulatory compliance and managing related frameworks, representing APL as the liaison for IT audits and assessments with internal and external partners, and providing high level technical reports and analysis for outcomes of regular and ad hoc reviews. The person in this position must be swift in determining technical remediation, security, vulnerability and forensics assessments, and speak to and implement national security standards (NIST) and maintain a constant state of readiness. Managing a comprehensive Cyber Security Awareness training, this person will also be charged with creating and dissemination of relevant and targeted communications, overseeing metrics and compliance, and ensures that APL staff are following policies and procedures.
The most difficult aspect of this position is that it necessitates being a change agent in order to invoke a culture shift towards a more secure computing environment lab-wide. The candidate will be responsible for creating policy and implementing a Governance, Risk and Compliance program in an environment that is not well-practiced in adhering to defined security measures. APL IT systems and infrastructure consist of a mixed-mode, ad-hoc landscape which presents a unique challenge with effectively and securely managing the environment. The candidate will also be responsible for meeting with senior staff and researchers to ensure new policies are being adhered to and that they are understood.
The person selected for this Cybersecurity Manager role will be a part of a dynamic IT team that supports APL’s wide-reaching research enterprise. Your expertise will enable the success of researchers who are clearing hazardous seafloor debris from coastal areas, developing ultrasound technologies that advance medical care, conducting fieldwork on glaciers, polar regions, and the world’s oceans, and performing robotic exploration beneath oceanic ice shelves and on space missions.
Compliance: Supervises a small team to review corrective action, findings, and exceptions derived from audits and/or assessments as well as cybersecurity incident reports provided by internal or external audit organizations to determine effective remediation; evaluates and determines the technical sufficiency of remediation from IT staff and stakeholders in response to data and documentation requests; provides subject matter expert and/or advisory analysis, evaluation, and recommendations based on national security standards (NIST), industry best practices (ISO) and various regulatory implementation specifications, including classified and non-classified information and protocols; leads the internal audit and assessment program in order to establish a continuous compliance environment and state of readiness.
Cybersecurity Training and Awareness: Leads a team responsible for: Managing a Cyber Security Awareness training program and ensuring the program meets regulatory compliance while incorporating industry standards and best practice; delivering targeted supplemental awareness campaigns such as “Security Minute” emails, hand-outs, blogs, wiki articles, periodic posters, and other creative mechanisms to build a culture of cybersecurity awareness; developing training metrics and reporting to ensure APL-UW staff are compliant.
Tech-writing Works with technical staff to ensure policies, procedures and work instructions follow the desired format and that any documentation for APL-UW staff consumption has high readability; maintains internal documentation library and sets the standard for library process and continuity.
Supervision: Supervise and lead work of 2 direct reports. This position will have the authority to hire staff, evaluate job performance, and take corrective action if performance is not acceptable; provide ongoing leadership and direction to the team while also mentoring and providing growth opportunities; oversee staff performance, including annual staff performance review process, and work with the staff on corrective action plans and performance management, as necessary.
Bachelor's degree in Computer Science, Computer Information Systems, Cybersecurity or similar technical discipline AND at least 5 years in total in Information technology with the majority of time spent in cybersecurity concentrations, including:
Of those 5 years, at least 4 of those years in working with security domains and industry best practices; business continuity and disaster recovery, supply chain and third-party management; and up to date on evolving cyber-threats, defense strategies, and emerging technology.
Of those 5 years, at least 4 years work experience auditing, assessing compliance and managing risk mitigation and treatment with frameworks such as the Cybersecurity Framework (CSF), NIST 800 Special Publication Series, SOX, ISO 27k, HIPAA.
Demonstrated leadership skills. Excellent communication skills. Proven ability to take ownership, self-motivate, and deliver results in highly ambiguous, yet maturing IT environment.
Industry certification preferably CISSP, CISM, ISO 27k Lead Auditor or other comparable certifications.
Ability to translate highly technical matter to a non-technical audience.
Equivalent education/experience will substitute for all minimum qualifications except when there are legal requirements, such as a license/certification/registration.
*Incumbent will be required to submit for a Department of Defense Secret-level security clearance within the first 3-6 months of employment, and once granted must maintain eligibility to hold a Secret-level clearance. *
Proficiencies in: Information governance and risk management, threat and vulnerability management, vendor management, infrastructure, security architecture for traditional, wireless, and cloud-hosted networks, cryptography/encryption protocols, business continuity and disaster recovery, social engineering and awareness training methodologies
CONDITIONS OF EMPLOYMENT:
May be subject to successful completion of E-Verify process.
Application Process: The application process for UW positions may include completion of a variety of online assessments to obtain additional information that will be used in the evaluation process. These assessments may include Work Authorization, Cover Letter and/or others. Any assessments that you need to complete will appear on your screen as soon as you select “Apply to this position”. Once you begin an assessment, it must be completed at that time; if you do not complete the assessment you will be prompted to do so the next time you access your “My Jobs” page. If you select to take it later, it will appear on your "My Jobs" page to take when you are ready. Please note that your application will not be reviewed, and you will not be considered for this position until all required assessments have been completed.
Founded in 1861, the University of Washington is one of the oldest public institutions in the west coast and one of the preeminent research universities in the world. The University of Washington is a multi-campus university comprised of three different campuses: Seattle, Tacoma, and Bothell. The Seattle campus is made up of sixteen schools and colleges that serve students ranging from an undergraduate level to a doctoral level. The university is home to world-class libraries, arts, music, drama, and sports, as well as the highest quality medical care in Washington State and a world-class academic medical center. The teaching and research of the University’s many professional schools provide undergraduate and graduate students the education necessary toward achieving an excellence that will serve the state, the region, and the nation. As part of a large and diverse community, the University of Washington serves more students than any other institution in the Northwest.