Job Details

Cyber Security Control Assessor

Cyber Security Control Assessor
Required Qualifications: (as evidenced by an attached resume)
Bachelor's degree. In lieu of the Bachelor's degree, seven [7] years of related full time IT experience, or a combination of higher education and experience totaling seven [7] full-time years may be considered. Three [3] years of full-time experience in information technology. Familiarity with a variety of information security frameworks and compliance standards. Experience collaborating with an information/cyber security group or experience working on information/cyber security initiatives Knowledge of network, system, and infrastructure terminology and technology. Experience with analyzing problems and designing solutions. Experience creating processes and documenting procedures.

Preferred Qualifications:
Advanced Degree. Additional years of experience supporting, installing, or designing IT systems. An active cyber security certification. Experience assessing security controls and/or assessing compliance with security standards/frameworks. Experience with NIST security frameworks (e.g. 800-171, 800-53, 800-30, 800-39) and FIPS security frameworks (199 and 200).

Brief Description of Duties:
This position will conduct independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system. The incumbent will perform security reviews, identify gaps in security architecture/controls, and develop security risk management plans as appropriate, with a special focus on research data and infrastructure. They will take the lead in cyber security control assessment and information security standard compliance (e.g. NIST 800-171, data use agreements, contract requirements), support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs), and participate in the research security working group as an extension of the enterprise-wide information security program. The incumbent will also develop policies and procedures to establish and support compliance, and document risk mitigations as appropriate. This position will work closely with the University Research Compliance Office and the CRIO in support of research priorities. Further, the incumbent will also take the lead in documenting and assessing security controls in non-research-related areas. They will work with service owners to prepare system security plans. In addition, this position will work within all other aspects of the information security program and practice at SBU such as security operations, incident response, education and awareness and identity management. The incumbent should be able to communicate with others effectively, successfully work independently as well as part of a team with a collaborative approach to problem solving and will have experience in building positive relationships. The incumbent should possess a willingness to learn and grow professionally and technically.

Essential Duties:

Cyber Security Control Assessment: Conducts comprehensive reviews of technical and administrative controls implemented throughout the University. Coordinates and leads evaluations of an IT system or individual components to determine compliance with published standards, internal and external. Serves as internal expert on NIST 800-171 and other relevant security controls/standards. Runs vulnerability assessments and seeks other evidence to establish evidence of security controls implemented and to confirm their effectiveness. Assists with reviewing vendors and their security practices/controls.

Cyber Security Compliance: Works with distributed research and IT community to achieve security compliance in accordance with standards as prescribed by the granting/contracting agency. Meets with researchers and IT staff to explore and meet compliance requirements. Coordinates, plans, and tracks the implementation of compliance and security controls. Researches, tunes and updates security controls as requirements and capabilities change. Develops policies and procedures relevant to information security and research compliance. Serves on appropriate review and governance committees. Develops and manages system security plans and assists researchers in developing said plans, assessments, milestones and plans of action. Guides implementation of compliance programs such as CMMC and other relevant and security controls, standards and contractual requirements. Reviews data use agreements, security plans and research contracts to identify action items and requirements.

Documentation: Documents all security control and compliance efforts in a professional and consistent manner. Prepares and gathers documentation and other evidence required to demonstrate compliance and in response to internal and external audits. Reports metrics to demonstrate program effectiveness.

Information Security Program: As a member of the information security team, participate in operational meetings and efforts as required. Properly educates stakeholders and service owners on their responsibilities in relation to cybersecurity control and compliance efforts. Serves as framework and security standard subject matter expert. Assists with incident response and associated corrective actions and contractual/regulatory obligations.

Non-Essential: Other duties or projects as assigned as appropriate to rank and department mission.

Special Notes:
The Research Foundation of SUNY is a private educational corporation. Employment is subject to the Research Foundation policies and procedures, sponsor guidelines and the availability of funding. FLSA Exempt position, not eligible for the overtime provisions of the FLSA. Minimum salary threshold must be met to maintain FLSA exemption.

This position will remain posted until filled. An initial review of all applicants will occur, the posting will close once a finalist is identified.

Due to U.S. Export Control laws and regulations, the candidate hired will need to be a U.S. citizen, lawful permanent resident, or other "protected individual" (as defined by 8 U.S.C. Sec. 1324b(a)(3).

Resume/CV and cover letter should be included with the online application.A

Stony Brook University is committed to excellence in diversity and the creation of an inclusive learning, and working environment. All qualified applicants will receive consideration for employment without regard to race, color, national origin, religion, sex, pregnancy, familial status, sexual orientation, gender identity or expression, age, disability, genetic information, veteran status and all other protected classes under federal or state laws.

If you need a disability-related accommodation, please call the university Office of Equity and Access (OEA) at or visit OEA.

In accordance with the Title II Crime Awareness and Security Act a copy of our crime statistics can be viewed here.

Visit our WHY WORK HERE page to learn about the total rewards we offer.
Job Number: 2204155Official Job Title: Programmer/Analyst SpecialistJob Field: Information TechnologyPrimary Location: US-NY-Stony BrookDepartment/Hiring Area: Division of Information TechnologySchedule: Full-time Shift :Day Shift Shift Hours: 8:30-5:00 Posting Start Date: Mar 9, 2023Posting End Date: Apr 10, 2023, 3:59:00 AMSalary:115,000 - 135,000Appointment Type: RegularSalary Grade:E4 SBU Area:The Research Foundation for The State University of New York at Stony Brook

To apply, visit https://stonybrooku.taleo.net/careersection/2/jobdetail.ftl?job=2204155&tz=GMT%2B00%3A00&tzname=UTC





jeid-927a9a5514439748948dbce4dfd973df