Associate Director, Research Security
University of Pennsylvania
Philadelphia, PA
JOB DETAILS
SALARY
$83,500–$125,000 Per Year
LOCATION
Philadelphia, PA
POSTED
1 day ago
University Overview
The University of Pennsylvania, the largest private employer in Philadelphia, is a world-renowned leader in education, research, and innovation. This historic, Ivy League school consistently ranks among the top 10 universities in the annual U.S. News & World Report survey. Penn has 12 highly-regarded schools that provide opportunities for undergraduate, graduate and continuing education, all influenced by Penn’s distinctive interdisciplinary approach to scholarship and learning. As an employer Penn has been ranked nationally on many occasions with the most recent award from Forbes who named Penn one of America’s Best Large Employers in 2023.
Penn offers a unique working environment within the city of Philadelphia. The University is situated on a beautiful urban campus, with easy access to a range of educational, cultural, and recreational activities. With its historical significance and landmarks, lively cultural offerings, and wide variety of atmospheres, Philadelphia is the perfect place to call home for work and play.
The University offers a competitive benefits package that includes excellent healthcare and tuition benefits for employees and their families, generous retirement benefits, a wide variety of professional development opportunities, supportive work and family benefits, a wealth of health and wellness programs and resources, and much more.
Posted Job Title
Associate Director, Research Security
Job Profile Title
Information Technology Security Analyst Senior
Job Description Summary
Federal requirements related to research security have been increasing over the past several years. These requirements include the need to establish a Research Security Program including cybersecurity as well as increasingly stringent contractual requirements related to how research data and information are stored and shared. As a preeminent research institution, the University of Pennsylvania (Penn) is committed to providing the necessary policies, infrastructure, and support to its research community for the management of regulated research data.
The Associate Director of Research Data Security will serve as a key member of the Research Security Program management team. Key responsibilities include ensuring Penn’s compliance with Cybersecurity Maturity Model Certification (CMMC), NIST SP 800-171 controls, and FAR 52.204-21, assessing and advising on Penn’s readiness to meet cybersecurity requirements related to NSPM-33, the evaluation of data security requirements specified in sponsored projects agreements as well as advising as to whether those requirements can currently be met in the applicable school/center, and if they cannot, provide expertise to assist with meeting compliance.
The role will coordinate institution-wide initiatives related to federal research data security requirements to mitigate research security data risks. The role will convene relevant research IT professionals from across campus to ensure an integrated, consistent, and comprehensive approach to research data security, to include, among others, the Offices of the Vice Provost for Research, Information Security and Computing, the Libraries, Central and School Administration, and Office of Audit Compliance and Privacy. The role will be a resource and subject matter expert for information regarding research data cybersecurity compliance, and risk assessment. The role will work closely with representatives from Departments, Schools, and Centers to build knowledge of and compliance with research data security requirements across campus.
The Associate Director of Research Data Security will be responsible for maintaining the campus-wide inventory of systems that house research data, including the security capabilities of each system. They will assist in identifying appropriate resources to comply with contractually specified research data security requirements. The Associate Director of Research Data Security will periodically review and monitor compliance with research data security plans as well as the overall institutional system security plan(s).
The Associate Director of Research Data Security will also provide subject matter expertise and advice to contract negotiators in the Office of Research Services, the Penn Center for Innovation, and the Office of Clinical Research, and coordinate needed action plans if there are situations where the ability to comply with contractual data security requirements is unclear. The role will participate in training content and delivery methods and will serve as an institutional resource for matters related to research data security and record keeping.
The role will interface with various stakeholders, partners, constituents, vendors, leaders, and customers/clients across the University and must exhibit the highest ethics, adherence to modeling Penn’s values and behaviors/competencies and willingness to maintain and uphold confidentiality. The role is expected to engage in continuous professional development, committee work, and special projects, and successfully navigate and negotiate through a complex and decentralized/dynamic/changing higher education environment. The role actively inspires others through energy, enthusiasm, and optimism and ensures the productive resolution of conflict. The role works collaboratively with their direct report team, supervisors/managers, and diverse stakeholders across the University.
Job Description
Job Responsibilities
+ Develop and oversee a risk-based institutional research data security program, including training content and delivery, particularly for management of sensitive, restricted, and controlled data received, developed, shared, or used in university research projects. Periodically review System Security Plan, System Inventory and Baseline, and Document Traceability Matrix with the technical team to ensure shared understanding and preparedness for the annual Security Controls Assessment for Penn’s Secure Research Environment(s) (SREs).
+ Inventory and document existing University systems that house research data, including the security capabilities of each system. Document existing data safeguards and ensure that such safeguards are maintained.
+ Partner with other key stakeholders in the development and maintenance of Plan of Action and Milestones (POA&M) used to identify information system weaknesses, mitigating actions, resources, and timelines for corrective actions. Partner with the Information Security Office to identify vulnerabilities and correct deficiencies as part of a continuous monitoring program. Schedule required annual Security Controls Assessment and Risk Assessment for Penn’s SRE(s).
+ Manage the development of project-specific information and security controls in collaboration with the PI, Office of Research Services, Penn Center for Innovation, Office of Clinical Research, Export Controls, Research Computing, Research Integrity, Information Security, Penn Global, and other campus partners. Ensure SRE users and data are appropriately onboarded and offboarded.
+ Plan, design, enforce, and audit security policies and procedures which safeguard the integrity of and access to University information systems
+ Investigate security incidents; perform computer forensics studies and maintain incident tracking records
+ Maintain knowledge of changing information security threats and technologies
+ Manage security improvement projects
+ Coach and direct more junior staff
+ Other duties and responsibilities as assigned
Qualifications
+ Bachelor’s degree and 4+ years of relevant experience (Masters degree in Information Technology, Computer Science, or a related field preferred.)
+ Experience developing, maintaining, and overseeing an information systems security program and policies within a complex organization.
+ Strong skills in organizing and setting priorities and accomplishing tasks by identifying risk-based solutions to time-sensitive problems.
+ Demonstrated familiarity with CMMC guidelines.
+ Working knowledge of information system technology and cybersecurity principles to include vulnerability scanning, network security principles, authentication and authorization, and incident response.
+ Experience in the application of Risk Management Frameworks as described in the National Institute of Standards and Technology (NIST) Special Publications (SP) 800-37, SP 800-171 and SP 800-53.
+ Demonstrated ability to develop training materials and to provide individual training as appropriate.
+ Ability to work effectively in a highly matrixed and decentralized environment with the ability to navigate through ambiguity and demonstrate appreciation and support for diversity, inclusion, and belonging in a constantly evolving academic/higher education environment.
The ideal candidate will model and exhibit the following competencies, behaviors, experiences, and traits to be successful in the role:
+ High efficiency in project management, change management and/or process improvement.
+ Ability to influence without authority and manage change in a dynamic higher education environment.
+ Strong collaboration skills, global mindset, and curiosity and tenacity in managing operations across a highly matrixed and decentralized environment.
+ Experience with contract review for data security requirements.
+ Proven track record to work and communicate effectively and eloquently with multiple stakeholders at different levels in a complex and diverse environment.
+ Experience in driving efficiency, project prioritization, simplification, standardization of work, process improvement, and translating programs into practical and efficient solutions for various stakeholders and audiences across the University.
+ A high level of learning agility, urgency for action/speed along with a natural curiosity to work with different audiences, cultures, time zones, people, and mindsets.
This position description should not be construed to imply that these requirements are the exclusive standards of the position. Incumbents will follow any other instructions, and perform any other related duties, as may be required by the University. The University has the right to revise this position description at any time.
Job Location - City, State
Philadelphia, Pennsylvania
Department / School
Division of Finance
Pay Range
$83,500.00 - $125,000.00 Annual Rate
Salary offers are made based on the candidate’s qualifications, experience, skills, and education as they directly relate to the requirements of the position, and in alignment with salary ranges based on external market data for the job’s level. Internal organization and peer data at Penn are also considered.
Equal Opportunity Statement
The University of Pennsylvania is an equal opportunity employer. Candidates are considered for employment without regard to race, color, sex, sexual orientation, religion, creed, national origin (including shared ancestry or ethnic characteristics) , citizenship status, age, disability, veteran status or any class protected under applicable federal, state or local law .
Special Requirements Background checks may be required after a conditional job offer is made. Consideration of the background check will be tailored to the requirements of the job.
University Benefits
+ Health, Life, and Flexible Spending Accounts : Penn offers comprehensive medical, prescription, behavioral health, dental, vision, and life insurance benefits to protect you and your family’s health and welfare. You can also use flexible spending accounts to pay for eligible health care and dependent care expenses with pre-tax dollars.
+ Tuition : Take advantage of Penn's exceptional tuition benefits . You, your spouse, and your dependent children can get tuition assistance here at Penn. Your dependent children are also eligible for tuition assistance at other institutions.
+ Retirement: Penn offers generous retirement plans to help you save for your future. Penn’s Basic, Matching, and Supplemental retirement plans allow you to save for retirement on a pre-tax or Roth basis. Choose from a wide variety of investment options through TIAA and Vanguard.
+ Time Away from Work: Penn provides you with a substantial amount of time away from work during the course of the year. This allows you to relax, take vacations, attend to personal affairs, recover from illness or injury, spend time with family—whatever your personal needs may be.
+ Long-Term Care Insurance: In partnership with Genworth Financial, Penn offers faculty and staff (and your eligible family members) long-term care insurance to help you cover some of the costs of long-term care services received at home, in the community or in a nursing facility. If you apply when you’re newly hired, you won’t have to provide proof of good health or be subject to underwriting requirements. Eligible family members must always provide proof of good health and are subject to underwriting.
+ Wellness and Work-life Resources : Penn is committed to supporting our faculty and staff as they balance the competing demands of work and personal life. That’s why we offer a wide variety of programs and resources to help you care for your health, your family, and your work-life balance.
+ Professional and Personal Development: Penn provides an array of resources to help you advance yourself personally and professionally.
+ University Resources: As a member of the Penn community, you have access to a wide range of University resources as well as cultural and recreational activities. Take advantage of the University’s libraries and athletic facilities, or visit our arboretum and art galleries. There’s always something going on at Penn, whether it’s a new exhibit at the Penn Museum, the latest music or theater presentation at the Annenberg Center, or the Penn Relays at Franklin Field to name just a few examples. As a member of the Penn community, you’re right in the middle of the excitement—and you and your family can enjoy many of these activities for free.
+ Discounts and Special Services : From arts and entertainment to transportation and mortgages, you'll find great deals for University faculty and staff. Not only do Penn arts and cultural centers and museums offer free and discounted admission and memberships to faculty and staff. You can also enjoy substantial savings on other goods and services such as new cars from Ford and General Motors, cellular phone service plans, movie tickets, and admission to theme parks.
+ Flexible Work Hours: Flexible work options offer creative approaches for completing work while promoting balance between work and personal commitments. These approaches involve use of non-traditional work hours, locations, and/or job structures.
+ Penn Home Ownership Services: Penn offers a forgivable loan for eligible employees interested in buying a home or currently residing in West Philadelphia, which can be used for closing costs or home improvements.
+ Adoption Assistance: Penn will reimburse eligible employees on qualified expenses in connection with the legal adoption of an eligible child, such as travel or court fees, for up to two adoptions in your household.
To learn more, please visit: https://www.hr.upenn.edu/PennHR/benefits-pay
The University of Pennsylvania’s special character is reflected in the wide variety of backgrounds, experiences, and perspectives of the Penn community. We seek talented faculty and staff who will constitute a vibrant community and help create an educational and working environment that best supports the University’s commitment to excellence in teaching, research, and scholarship. The University of Pennsylvania is an equal opportunity employer. Candidates are considered for employment without regard to race, color, sex, sexual orientation, religion, creed, national origin (including shared ancestry or ethnic characteristics), citizenship status, age, disability, veteran status, or any class protected under applicable federal, state or local law.
About the Company
U