Full-time
CISO, Director Information Security - Penn State University - University Park, PA

JOB DESCRIPTION AND POSITION REQUIREMENTS: The Information Technology Services Office in the Applied Research Laboratory (ARL) at Penn State University is seeking a CISO/ Director of Cybersecurity to lead the Cybersecurity group in developing and executing strategies; manage operations; and collaborate internally and externally in ARL’s efforts to provide safe, secure, and compliant environments for research and business operations. ARL operates and maintains a complex and compliant (DFARS, NISPOM, RMF) security program encompassing all classifications of networks utilized for DoD contracts and subcontracts. Increasing enterprise complexity and compliance regulations require strong leadership of this vital capability; security is at the heart of ARL's mission. This strategic leadership role will continue building on the exiting cybersecurity and compliance programs and strengthen the partnerships within the lab, Defense Industrial Base, and sponsors. Responsibilities include: Responsible and accountable for the operational leadership of ARL’s information security program. Provide direction and leadership regarding all cybersecurity/compliance information technologies in classified and unclassified environments. Work with the CIO to oversee the continued development and operations of an enterprise-wide information security organization that is focused toward a common set of goals in information security.Partner and collaborate with the Facilities Security Officer (FSO) to reduce overlaps in functions and mitigate gaps between the two distinct functional scopes (traditional security and information security). Ensure availability and performance of liaison, facilitation, and subject matter expertise/guidance to program/project initiatives and sponsors. Work with the CIO to establish short, mid-term and long-range security and compliance goals, define security strategies, budgetary needs, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continuous program improvements. Stay abreast of information security issues and regulatory changes affecting our industry at the local and national level, participate in Defense Industrial Base (DIB) workgroups, University Affiliated Research Center (UARC) policy and practice discussions, and communicate to the organization on a regular basis about those topics. Provide expertise and leadership in University-related activities. As a senior leader within the Information Technology Services (ITS) organization, build and develop/coach a highly-effective cybersecurity team closely integrated with ITS leaders, teams, and processes.Consistently represent the professional, courteous, and helpful reputation of the ARL ITS group. Lead efforts to internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for ARL’s information and technology systems and practices. Policy, Compliance and Audit Work with the CIO and FSO to develop and implement an effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation (e.g., Risk Management Framework, NISPOM, NIST frameworks, Cybersecurity Maturity Metric Certification (CMMC), DFARS). Coordinate and track all information technology and information security related audits and Authority to Operate (ATO) efforts including scope/target of audits, timelines, auditing agencies, ATO management, and outcomes. Work with external oversight and internal resources to prepare for inspections/audits.Maintain productive and collaborative relationships with oversight entities (such as DCSA and PSU internal audit). Provide evaluation, strategy, and execution leadership for audit responses. This activity includes the establishment of meaningful metrics to be used in summarizing the assessments and tracking operational achievement. Direct the development, implementation, administration, and utilization of technical security standards as well as a suite of security services and tools to address and mitigate security risk. Lead efforts to internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for ARL’s information and technology systems and practices. Lead efforts to monitor and communicate network activity, intrusion protection feedback, and other security event information to ensure information security readiness and incident responsiveness Risk Management and Incident Response Keep abreast of security incidents and act as primary control point during significant information security incidents. Create/convene a Cybersecurity Incident Response Team (CIRT) as needed, or requested, in addressing and investigating security incidences that arise. Ensure information security issues and requirements are integrated into incident/breach response activities (including taking leadership on required notification actions). Develop, implement and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk. Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards, related laws and regulations and appropriate internal policies. This job will be filled as a level 3 or level 4, depending upon the successful candidate's competencies, education, and experience. Typically requires a Bachelor’s Degree or higher plus four years of related work experience or an equivalent combination of education and experience for a level 3. A Bachelor’s degree in science, technology, or management is highly desired. Required skills and experience include: Demonstrated ability to apply IT in solving security/compliance issues Experience in cyber security systems engineering and architecture design, development and implementation Proven experience in operating IT systems in accordance with federal government information security standards and regulations including Risk Management Framework and NIST Proven ability to develop and foster high-performance teams Demonstrated ability to develop metrics, perform critical analysis and develop executive decision support content Strength in determining, communicating, and delivering multiple competing priorities Skilled in developing relationships with peers and stakeholders and driving productive collaboration Maintains high degree of self and team performance and accountability. Level 3 DoD 8570 Approved Certification Required (such as CISSP, CISM, GCIH, GCED, CISA, CCNP Security, CASP+CE) Preferred skills and experience include: Minimum of 7 years of cybersecurity and compliance leadership in a research, production, military, and/or defense contractor environment Experience with a wide variety of security and information security processes and principles, such as:
o Enterprise security architecture
o Threat model development
o Vulnerability assessment
o Risk analysis Risk Management Framework (RMF) Industry and Government cybersecurity frameworks, (NIST, CIS, ISO, CSA) Experience in planning, organizing, and developing information technology policies, procedures, and practices Candidates for consideration must submit a cover letter of interest and a resume. You must be a U.S. Citizen to apply. Candidates selected will be subject to a government security investigation. Employment with the Applied Research Laboratory will require successful completion of a pre-employment drug screen. The Applied Research Laboratory (ARL) at Penn State University is committed to diversity, equity, and inclusion; we believe this is central to our success as a Department of Defense designated University Affiliated Research Center (UARC). We are at our best when we draw on the talents of all parts of society, and our greatest accomplishments are achieved when diverse perspectives are part of our workforce. CAMPUS SECURITY CRIME STATISTICS: Pursuant to the Jeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act and the Pennsylvania Act of 1988, Penn State publishes a combined Annual Security and Annual Fire Safety Report (ASR). The ASR includes crime statistics and institutional policies concerning campus security, such as those concerning alcohol and drug use, crime prevention, the reporting of crimes, sexual assault, and other matters. The ASR is available for review here . Employment with the University will require successful completion of background check(s) in accordance with University policies. EEO is the Law Penn State is an equal opportunity, affirmative action employer, and is committed to providing employment opportunities to all qualified applications without regards to race, color, religion, age, sex, sexual orientation, gender identify, national origin, disability or protected veteran status. If you are unable to use our online application process due to an impairment or disability, please contact 814-865-1473.
University Park, PA

Apply for this job  or Save to My Jobs

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.