Senior Lead, Cybersecurity Policy & Compliance

University Corporation for Atmospheric Research (UCAR)CO
82d$137,229 - $171,537
Match Resume

About The Position

Reporting to the Chief Information Officer and serving on the IT Senior Leadership Team, the Senior Lead for Cybersecurity Policy and Compliance will serve as the organization’s leading subject matter expert on cybersecurity. The successful candidate will be responsible for maintaining a cybersecurity policy that is flexible enough to meet the demands of a national research center, but concrete enough to provide enforceable, actionable guidance to all the organization’s staff, including administrative staff, educators, researchers, IT staff, and others. The Senior Lead is responsible for developing, implementing, managing, and evolving the organization's cybersecurity policies, standards, guidelines, and procedures. This individual will ensure adherence to relevant laws, regulations, industry standards, organizational policies, funder requirements, and internal requirements. The Senior Lead will provide expert guidance on compliance matters and drive the maturity of the cybersecurity compliance program, working in collaboration with the organization’s Research Security program, Office of General Counsel, and Contracts Office. This role requires a deep understanding of federal cybersecurity frameworks and regulatory landscapes. The Senior Lead must be able to translate complex technical requirements into clear policies, take firm action with respect to compliance, and ensure that those actions do not disrupt research, educational, operational activities, and/or other mission-facing activities. In addition to policy and compliance responsibilities, the Senior Lead will direct a small team that manages specific cybersecurity-related services and programs such as audit preparation & response, vendor security & privacy assessments, data preservation, cybersecurity aspects of legal holds, annual cybersecurity training, phishing simulation, and related cybersecurity services and programs. Critically, the Senior Lead will serve as the point person for all cybersecurity incident responses, working closely with the Cybersecurity Operations group, which reports separately into UCAR’s IT Operations unit. During any incident response situations, the Senior Lead will be expected to coordinate and direct the activities of the Cybersecurity Operations group, serving as a temporary matrixed manager for the duration of the incident.

Requirements

  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field; Master's degree preferred.
  • Minimum of 8 years of progressive experience in cybersecurity, with a strong focus on policy, compliance, and governance roles.
  • Proven experience in developing, implementing, and managing cybersecurity policies and standards within a complex organizational environment.
  • Extensive experience with common cybersecurity frameworks (e.g., NIST CSF, ISO 27001, COBIT, CIS Controls).
  • Demonstrated experience in managing compliance with regulatory requirements (e.g., GDPR, CCPA, HIPAA, PCI DSS, SOX, CMMC, etc.).
  • 4+ years of Security Compliance or Audit related experience.
  • FedRAMP or DoD auditing experience.
  • Experience leading or significantly contributing to internal and external audits.

Nice To Haves

  • CISSP (Certified Information Systems Security Professional) is strongly preferred.
  • CISM (Certified Information Security Manager).
  • CRISC (Certified in Risk and Information Systems Control).
  • CISA (Certified Information Systems Auditor).

Responsibilities

  • Lead the development, review, and continuous improvement of cybersecurity policies, standards, baselines, and guidelines in alignment with various frameworks and regulatory requirements.
  • Ensure policies are clear, concise, actionable, and effectively communicated across the organization.
  • Establish and maintain a policy lifecycle management process, including regular reviews and updates.
  • Oversee and manage the organization's compliance with cybersecurity regulations, laws, and internal policies.
  • Conduct regular compliance assessments, gap analyses, and risk assessments to identify areas of non-compliance and recommend remediation strategies.
  • Develop and implement remediation plans for audit findings and compliance gaps.
  • Act as a primary point of contact for internal and external audits related to cybersecurity.
  • Provide expert advice and guidance to various business units, IT teams, and leadership on cybersecurity policy and compliance matters.
  • Translate complex technical security requirements into understandable business language for stakeholders.
  • Contribute to the strategic development and maturity of the overall cybersecurity compliance program.
  • Develop and report on key performance indicators (KPIs) and metrics related to policy adherence and compliance posture.
  • Collaborate effectively with legal, internal audit, external auditors, IT operations, development teams, and business units.
  • Lead, mentor, and inspire technical teams while collaborating cross-functionally with diverse stakeholders.

Benefits

  • Medical, dental, vision, retirement, and life insurance.
  • Tuition Assistance and professional development opportunities.
  • UCAR contributes 10% of your eligible pay into your retirement account; 100% fully vested on day one.
  • Starting minimum accrual of 20 days of personal time off each year.
  • 10 paid holidays.
  • 12 weeks of paid parental leave.
  • Short-term medical leave paid at 100% of your regular salary.
  • EcoPass for local Colorado residents to use the Denver and Boulder-area transit system at no cost.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Senior

Education Level

Bachelor's degree

Job Search Resources

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service