Director of Research IT Security

University of Colorado Boulder•Boulder, CO

41d•$110,000 - $130,000•Hybrid

About The Position

The Office of Information Technology encourages applications for a Director of Research IT Security! This role is a collaborative, strategic leader who will engage directly with our research community to reinforce standard practices, bridge organizational silos, and champion a culture of secure, compliant, and risk-aware research innovation. This position reflects CU Boulder's commitment to integrating cybersecurity, research administration, and compliance culture under a unified, researcher-centric vision. CU Boulder's $700M+ research portfolio with global impact spans areas including AI, quantum science, aerospace, energy, and climate research. The Director of Research IT Security will play a pivotal role in positioning CU Boulder as a national leader in trusted research by building unity, clarity, and sustainable processes to manage cybersecurity risks around secure and compliant research practices in sophisticated, challenging environments where standard security practices do not suffice. The successful candidate will bring extensive experience working with sponsored research. Reporting to the Information Security Officer (CISO) within the Office of Information Technology, the Director will serve as a strategic integrator-bridging the Information Security Office, Research Computing, Research & Innovation Office, Export Controls, and Ethics & Compliance around shared priorities for secure research enablement. The role is designed to unify CU Boulder's approach to research security and compliance, fostering a culture of collaboration and clarity across research, security, and compliance domains. The Director will engage directly with researchers to understand their goals and challenges, ensuring the university provides secure, compliant, and enabling solutions that advance discovery and innovation. By aligning campus expertise and facilitating consensus on which secure research opportunities CU Boulder is best positioned to pursue, the Director will help ensure that the technical, policy, procedural, and cultural foundations are in place for the university to make coordinated, risk-informed decisions that empower world-class, responsible research. CU is an Equal Opportunity Employer and complies with all applicable federal, state, and local laws governing nondiscrimination in employment. We are committed to creating a workplace where all individuals are treated with respect and dignity, and we encourage individuals from all backgrounds to apply, including protected veterans and individuals with disabilities.

Requirements

Bachelor's degree (or equivalent experience) from an accredited institution in information technology, computer science, law or related field. A combination of education and/or experience as described below can be substituted for the degree on a year for year basis.
5+ years of experience in cybersecurity, research compliance, or risk management within higher education, government, or research settings.
Demonstrated ability to collaborate across technical, administrative, and academic communities.
Deep understanding of research data lifecycles, cybersecurity frameworks, and compliance standards.
Ability to be a visibly involved leader with strong relationship skills, a reputation for visibility, integrity, and high ethical standards, who will rigorously uphold quality standards earning the trust of individuals within and outside the university.
An open-minded and multi-dimensional approach to problem-solving.
Ability to comprehend complex technical information in research proposals and agreements.
Ability to organize work effectively, conceptualize and prioritize objectives, and exercise independent judgment based on an understanding of university policies and activities.
Proficient interpersonal and communication skills demonstrated by effective interactions and clear articulation of organizational goals.
Track record of establishing relationships quickly and effectively across a broad constituency; a high degree of ease, sensitivity, and flexibility in working with partners across organizational lines.
Ability to bring parties with disparate views toward mutually beneficial outcomes.
Demonstrated proficiency in communicating complex regulations and policies.
Experience analyzing dynamic contracts, legal documents, and policies, including intellectual property.
Ability to evaluate internal controls and understand organizational risk, implementing appropriate policies or procedures to ensure compliance.
Passion for service excellence, including research and operational integrity.
Ability to collect and analyze data, develop performance indicators and benchmarks, identify trends, and implement changes to achieve operational effectiveness.
Solid understanding of higher education or research organization policies, practices and procedures, including reporting standard methodologies.

Nice To Haves

PHD (or equivalent experience) in information technology, computer science, or a related subject area.
Experience with federal research compliance regimes (e.g., Export Controls, FISMA, CMMC, IRB).
Familiarity with ITIL and enterprise system architecture.
Familiarity with the Trusted CI Framework.
Demonstrated national-level presence within the research communities.
Ability to acquire a US Government security clearance.

Responsibilities

Strategic Research Enablement & Integration:
Serve as a strategic integrator between researchers, compliance offices, and technical implementers, ensuring mutual understanding and alignment, effectuating cross-unit decision making and to help educate on the current infrastructure to guide future grant and research opportunities.
Lead efforts to adopt and extend the Trusted CI Framework, grounding CU Boulder's practices in evidence-based, researcher-driven cybersecurity solutions.
Provide information security subject matter expertise informing planning efforts around classified environments.
Through an IT Security lens, serve as a trusted partner, problem-solver, and proactive strategic advisor to faculty and research teams, championing adoption and communication, ensuring researchers, faculty and staff understand the tools, frameworks, and expectations for secure research.
Promote a culture of compliance that values clarity, accountability, and thoughtful, leadership-supported risk management.
Provide information security guidance for CU Boulder's grant and contract review process to guide and facilitate alignment of supporting systems and platforms with business needs and security requirements.
Coordinate Systems and Service Evolution:
Work in partnership with OIT and Research Computing service owners (e.g., CMMC compliant enclave, supercomputer, peta-scale storage, and secure computing environments) to identify gaps, prioritize enhancements, and promote adoption.
Bring a technical understanding of system architecture and ITIL principles to translate compliance needs into actionable service roadmaps, without direct operational ownership.
Advance Research Cybersecurity and Risk Mitigation:
Work proactively and collaboratively with Export Control, Ethics & Compliance, Contracts & Grants, and peers within the Office of Information Technology Security to sustain and enhance compliance with NIST 800-171, CMMC, DFARS, and other federal mandates impacting university researchers.