Associate Director, Research Security
Not Disclosed•Full-TimeOn-site
location_onRace Street Meetinghouse, 1501, Cherry Street, Logan Square, Center City, Philadelphia, Philadelphia County, Pennsylvania, 19103, United States
About the University of Pennsylvania
The University of Pennsylvania, the largest private employer in Philadelphia, is a world-renowned leader in education, research, and innovation. As a historic Ivy League school consistently ranked among the top 10 universities in the U.S., Penn features 12 highly-regarded schools that provide opportunities for undergraduate, graduate, and continuing education. The university is distinguished by its interdisciplinary approach to scholarship and learning.
Penn has been recognized nationally as one of America's Best Large Employers by Forbes. The campus offers a unique working environment within the vibrant city of Philadelphia, situated on a beautiful urban setting with easy access to educational, cultural, and recreational activities. From historical landmarks to lively cultural offerings, Philadelphia provides the perfect atmosphere for work and play.
About the Role
As a preeminent research institution, the University of Pennsylvania is committed to providing the necessary policies, infrastructure, and support to its research community for the management of regulated research data. Federal requirements related to research security have increased significantly in recent years, necessitating robust Research Security Programs that address cybersecurity and stringent contractual obligations regarding data storage and sharing.
The Associate Director of Research Security serves as a key member of the Research Security Program management team. This role is designed to ensure Penn's compliance with critical frameworks such as the Cybersecurity Maturity Model Certification (CMMC), NIST SP 800-171 controls, and FAR 52.204-21. The position acts as a central resource for assessing readiness regarding NSPM-33 and evaluating data security requirements in sponsored project agreements.
Day-to-day, you will coordinate institution-wide initiatives to mitigate research security data risks. You will convene research IT professionals from across campus—including the Offices of the Vice Provost for Research, Information Security and Computing, the Libraries, and Audit Compliance—to ensure an integrated and comprehensive approach to security. This role requires navigating a complex, decentralized higher education environment, building knowledge of compliance across departments, and serving as a subject matter expert for contract negotiators and stakeholders.
Hiring Process
Candidates selected for this position will undergo a background check after a conditional job offer is made. Consideration of the background check will be tailored to the specific requirements of the job.
Equal Opportunity Statement
The University of Pennsylvania is an equal opportunity employer. Candidates are considered for employment without regard to race, color, sex, sexual orientation, religion, creed, national origin, citizenship status, age, disability, veteran status, or any class protected under applicable federal, state, or local law. Penn is committed to fostering a diverse and inclusive community where all individuals can thrive.
Work location
Work model: On-site
Race Street Meetinghouse, 1501, Cherry Street, Logan Square, Center City, Philadelphia, Philadelphia County, Pennsylvania, 19103, United States
Philadelphia, Pennsylvania
Key Responsibilities
- check_circleDevelop and oversee a risk-based institutional research data security program
- check_circlePartner with stakeholders to maintain Plan of Action and Milestones for system weaknesses
- check_circleManage development of project-specific security controls in collaboration with campus partners
- check_circlePlan, design, enforce, and audit security policies to safeguard University information systems
- check_circleInvestigate security incidents and perform computer forensics studies
- check_circleCoach and direct junior staff members
- check_circleProvide subject matter expertise on research data cybersecurity compliance and risk assessment
- check_circleInventory and document University systems housing research data and their security capabilities
Requirements
- verifiedBachelor's degree and 4+ years of relevant experience
- verifiedMasters degree in Information Technology, Computer Science, or related field preferred
- verifiedExperience developing, maintaining, and overseeing an information systems security program
- verifiedFamiliarity with CMMC guidelines
- verifiedWorking knowledge of vulnerability scanning, network security, authentication, authorization, and incident response
- verifiedExperience applying NIST SP 800-37, SP 800-171, and SP 800-53
- verifiedExperience developing training materials
- verifiedExperience with contract review for data security requirements
Nice to Have
Masters degree in Information Technology, Computer Science, or a related field.
Benefits & Perks
check_circleComprehensive medical, prescription, behavioral health, dental, vision, and life insurancecheck_circleFlexible spending accounts for eligible health care and dependent care expensescheck_circleTuition assistance for employees, spouses, and dependent children at Penn and other institutionscheck_circleGenerous retirement plans including Basic, Matching, and Supplemental options via TIAA and Vanguardcheck_circleSubstantial time away from work for vacations, personal affairs, and illness recoverycheck_circleLong-term care insurance through Genworth Financial with no underwriting for new hirescheck_circleWellness and work-life balance programs and resourcescheck_circleAccess to university libraries, athletic facilities, arboretum, art galleries, and cultural activities
