Additional Info

Collaborate on the development of Technical Control Plans (TCPs). Create research System Security Plans (SSP). Participate in the development of regulatory compliance guidance and architectures, including technical design discussions.  Analyze, document, and recommend IT process design improvements for research regulatory compliance.

Analyze and document regulatory requirements, identify gaps in systems and processes, and suggest proactive solutions to mitigate concerns.  Participate in advising staff and leadership on regulatory compliance requirements. Participate in self-assessment and third-party assessments related to regulatory compliance and/or risk. Create reports and documentation to support research environment compliance requirements.

Participate in implementing, maintaining, and coordinating incident response plans, procedures, and responses involving research data or research IT assets.

Participates in the promotion of the information security program and researcher awareness of information security issues.  Bring awareness to campus technical staff on regulatory controls and timelines. Escalate compliance issues to campus leadership. Assists with the development and implementation of training programs and communications to create awareness of and knowledgeable about security policies and procedures.

Other Duties as Assigned

Working knowledge of regulatory and compliance terms and standards.  Understanding of information security framework, risk management framework and compliance practices. Demonstrated ability to communicate effectively with Faculty/Staff and Students with a wide range of computing backgrounds.  High degree of accuracy and attention to detail. Under the direction of and in partnership with the NU Security team, implement and maintain security strategies, policies, and standards to protect University assets. Strong verbal and written communication skills. Employee is on-call - - this responsibility may require the necessity to work outside of regular business hours.

Demonstrated understanding of information technology, particularly focused in Governance, Risk, and Compliance.  General working knowledge of secure network technologies, client and server operating systems and security tools, such as vulnerability scanners, intrusion prevention systems, firewalls, VPNs and data loss prevention.  Develop training programs regarding research data requirements.

This position regularly displays independent thinking and complex problem-solving skills. Must be able to assess computer hardware, software, and systems for security risks or violations and work with ITS and campus staff and technology vendors to recommend solutions. Participate in awareness and training program development for all stakeholders. Must be able to assess the status of complex multi-location projects as well as identify and implement appropriate corrective measures to resolve issues as they arise. Must have a strong customer service orientation and the ability to project that attitude to customers in remote locations.

Employee must ensure that University information technology resources are patched and secured.  A failure to keep these systems secure could allow University data to be compromised and/or exposed to the outside world.  Data loss or exposure could cause financial loss or damage the university’s reputation.

Work directly with NU research faculty to ensure Research Data Plans, Technical Control Plans, and System Security Plans meet compliance requirements and ensure ITS can support those needs.  Daily interaction with Faculty, Staff, Students and Co-workers to disseminate information.  Some contact with off-campus vendors.

Limited supervision received

No

Office

Operation of standard office equipment