Reporting directly to the Director of Information Security, this role provides oversight and leadership of a program that ensures Northeastern University's compliance with established safeguards for the handling of Controlled unclassified information (CUI), in addition to certification of compliance with security standards established by the United States Department of Defense under the Cybersecurity Maturity Model (CMMC).
Compliance to security standards regarding the handling of CUI, and Cybersecurity Maturity Model certification (CMMC) demonstrates the University's dedication to secure practices which protect information and data as well as maintaining continuity of Governmental-funded research opportunities.
The Compliance Program Manager will lead the strategic design, development, and implementation of a comprehensive CMMC compliance program in support of the university's research mission, providing local support for researchers, and various units throughout the University who support elements of CMMC compliance. These include, for example, Human Resources for personnel screening documentation, the (OGC) Office of General Counsel, and Northeastern University Research Enterprise Services (NU-RES)
The right individual for this role will have the ability to build partnerships and lead successful teams, having experience with a variety of compliance frameworks, proficiency in technical concepts, and the ability to manage complex projects.
At Team ITS, your success matters as much as the mission. Learn more about our flexible, highly dynamic, and values-first culture at careers.its.northeastern.edu.
This position is eligible for remote work.
The minimum education, experience, and skills required to perform the job successfully.
Bachelor's degree in Information Security, Risk Management, Audit, Information Systems or Computer Science related field, and/or equivalent combination of education and work experience.
Minimum seven years of professional IT experience, preferably building or operating programs within the domain areas of IT Internal Audit, Governance/Risk and Compliance, Security Awareness and Education, risk assessments and IT Security.
Experience with security standards and frameworks such as CMMC, NIST, FedRamp, FISMA, (DFARS), coordinating initiatives for obtaining security related assurances or certification, including process control design and testing.
Minimum of three years of management experience, with emphasis on growing and mentoring direct reports.
Well-versed in the information security issues affecting educational entities and cloud-based application service providers.
Experience defining, revising, and implementing corporate information security policies, and the associated standards and guidelines.
Ability to assess computer systems and business processes for security risks or violations and work with ITS (Information Technology Services), campus staff and technology vendors to recommend solutions.
Excellent interpersonal, communication, and presentation skills, including formal report writing experience.
High level of knowledge regarding Project Management methodologies, and practices (Agile/Scrum), including program roadmap development, and assuring that deliverables are measurable, tracked and successfully achieved.
3 years' experience performing cybersecurity risk and compliance assessments or audits.
Information security related training or certifications, such as CISA, CISSP, CCSK, CIPP, or CRISC preferred.
Familiarity with federal and state legal regulatory requirements related to information security and privacy including GDPR (General Data Protection Regulations), FERPA (Family Educational Privacy Rights Act), and CCPA (California Consumer Privacy Act).
Familiarity with tracking of risk and compliance within a GRC/IRM platform, preferably ServiceNow.
Northeastern University is an equal opportunity employer, seeking to recruit and support a broadly diverse community of faculty and staff. Northeastern values and celebrates diversity in all its forms and strives to foster an inclusive culture built on respect that affirms inter-group relations and builds cohesion.
All qualified applicants are encouraged to apply and will receive consideration for employment without regard to race, religion, color, national origin, age, sex, sexual orientation, disability status, or any other characteristic protected by applicable law.
Founded in 1898, Northeastern University is a private research university located in the heart of Boston. Northeastern is a leader in worldwide experiential learning, urban engagement, and interdisciplinary research that meets global and societal needs. Our broad mix of experience-based education programs?our signature cooperative education program, as well as student research, service learning, and global learning?build the connections that enable students to transform their lives. The University offers a comprehensive range of undergraduate and graduate programs leading to degrees through the doctorate in nine colleges and schools.