Research Cybersecurity Compliance Lead

Utah State University seeks a Research Cybersecurity Compliance Lead to guide the development and long-term management of a secure research computing environment that complies with federal cybersecurity and export control requirements including CMMC NIST 800-171 ITAR EAR OFAC and other applicable regulations.

The Lead will work alongside the universitys selected vendor to stand up a compliant turn-key environment gaining deep understanding of its architecture and controls from the beginning. Over time this role will take on increasing responsibility for managing and improving the environment as more of the work shifts in-house.

The position requires both technical and compliance expertise. The Lead will draw on experience in cybersecurity operations systems administration and cloud platforms such as Microsoft Entra ID/M365 combined with knowledge of identity and access addition the role will oversee compliance alignment risk management and assessment readiness ensuring that research projects meet regulatory obligations and security standards.

The Lead will manage relationships with external vendors serve as the primary liaison during C3PAO and other compliance assessments and work closely with the Office of Research and other partners across campus to ensure researchers can securely conduct projects involving sensitive data while the institution maintains accountability for compliance.

• Vendor collaboration and transition: Partner with the universitys selected vendor to stand up a compliant secure research environment. Learn the environments architecture configuration and controls from the beginning with the goal of gradually assuming more responsibility for day-to-day management and long-term sustainability.
• Program leadership: Serve as the lead point of contact for USUs research cybersecurity compliance program ensuring that the secure environment supports requirements such as CMMC NIST 800-171 ITAR EAR OFAC and related regulations.
• Policy and procedure development: Translate cybersecurity and export control requirements into practical research-wide policies procedures and standards that can be consistently followed by researchers and IT staff.
• Research collaboration: Work closely with the Office of Research and individual researchers to develop project-specific compliance plans including Technology Control Plans (TCPs) and provide guidance for securely handling Controlled Unclassified Information (CUI) and other regulated data.
• Assessment readiness: Act as the primary liaison during third-party assessments including C3PAO evaluations ensuring that required documentation and evidence meet CMMC criteria for sufficiency and adequacy and are maintained in an audit-ready state.
• Risk and vulnerability management: Conduct or coordinate internal risk assessments track vulnerabilities and ensure remediation within the research environment.
• Documentation stewardship: Maintain essential records including the System Security Plan (SSP) Plans of Action and Milestones (POA&Ms) incident response procedures and other compliance documentation.
• Continuous improvement: Regularly evaluate the effectiveness of controls policies and processes providing reports and recommendations to university leadership.
• Training and outreach: Provide guidance and education to researchers and staff on compliance obligations secure workflows and the use of the secure research environment.

Minimum Qualifications:

• Bachelors degree in information technology computer science cybersecurity engineering or a closely related field. Equivalent professional experience may be considered in lieu of a degree.
• At least 5 years of professional experience in cybersecurity systems administration or IT infrastructure management with demonstrated responsibility for secure system design and operations.
• Hands-on experience administering both Linux and Windows environments including implementation of security baselines and compliance controls.
• Experience with cloud services and identity platforms such as Microsoft Entra ID M365 and Azure particularly in identity and access management.
• Working knowledge of federal cybersecurity and export control requirements including NIST 800-171 CMMC ITAR and EAR.
• Strong ability to translate regulatory requirements into technical and procedural controls that can be understood and followed by researchers and non-technical staff.
• Ability to obtain the Certified CMMC Professional (CCP) credential within six months of employment.
• US Citizenship required in order to comply with ITAR and EAR regulations.

Preferred Qualifications:

• Advanced degree in information security computer science engineering or a related field.
• More than 7 years of professional experience in cybersecurity operations secure systems administration or IT infrastructure management with at least 3 years in a compliance or research security context.
• Demonstrated experience with federal security and compliance frameworks such as NIST SP 800-171 CMMC NIST 800-53 FedRAMP and export control requirements (ITAR EAR OFAC). See also involvement in preparing for or supporting CMMC or other third-party compliance assessments with familiarity in evaluating evidence for sufficiency adequacy and audit readiness under the CMMC Assessment Process (CAP).
• Professional certifications such as CISSP CISM CCSP or CompTIA Security in addition to or in pursuit of Certified CMMC Professional (CCP) or Certified CMMC Assessor (CCA).
• Strong understanding of identity and access management concepts and their application in environments such as Microsoft Entra ID M365 and Azure.
• Excellent written and verbal communication skills with the ability to explain complex compliance and technical requirements to both technical and non-technical stakeholders.

Knowledge Skills and Abilities:

• Strong knowledge of cybersecurity operations including incident response vulnerability management system hardening and secure configuration practices across Linux Windows and cloud environments.
• Familiarity with identity and access management (IAM) concepts technologies and best practices with emphasis on Microsoft Entra ID M365 and Azure Active Directory.
• Understanding of federal security frameworks and export control regulations including NIST SP 800-171 CMMC NIST 800-53 ITAR EAR and OFAC.
• Ability to analyze compliance requirements evaluate evidence for sufficiency and adequacy under the CMMC Assessment Process (CAP) and design controls that address identified gaps.
• Skill in developing documenting and maintaining policies procedures and security plans such as System Security Plans (SSPs) and Plans of Action and Milestones (POA&Ms).
• Capacity to lead projects that cross organizational boundaries balancing vendor management research needs and IT operational priorities.
• Strong communication and interpersonal skills with the ability to clearly explain complex technical and compliance concepts to researchers administrators and leadership.
• Analytical and problem-solving ability to address emerging risks regulatory changes and evolving research requirements.
• Commitment to continuous learning and professional development in cybersecurity compliance and research security.

Along with the online application please attach:

1. Resume to be uploaded at the beginning of your application in the Candidate Profile under Resume/CV

2. Cover letter to be typed/pasted at the end of your application (iForm)

**Document size may not exceed 10 MB.**

Employees work indoors and are protected from weather and/or contaminants but not necessarily occasional temperature changes. The employee is regularly required to sit and often uses repetitive hand motions.

Founded in 1888 Utah State University is Utahs premier land-grant public service university. As an R1 research institution Utah State is dedicated to advancing knowledge and serving the public good through innovative research and scholarly activities that are grounded in reciprocal engagement with local regional and global communities. USU prepares students to be active civically engaged leaders who are prepared to address critical societal challenges. Dedicated to providing a high-quality and affordable education USU remains a leader in research discovery and public impact.

USU enrolls over 29800 students both online and in person atlocations throughout the state.Utah States 30 locations include a main campus in Logan Utah residential campuses in Price and Blanding and six additional statewide campuses along with education centers serving every county. USU educates students from all 50 states and more than 80 countries. For over 100 years USU Extension has served and engaged Utahns serving every county in the state.

Competing at the NCAA Division I level USU is a proud member of the Mountain West Conference and will join the Pac-12 Conference beginning in the 2026-2027 season.The Aggies long-standing tradition of athletic and academic excellence is exemplified by recent Mountain West regular-season and tournament championships in womens volleyball three consecutive Mountain West tournament titles in womens soccer conference championships and a first-ever conference championship for gymnastics reflecting USUs commitment to perseverance and achievement.

Utah State is dedicated to fostering a community where all individuals feel respected valued and supported and where diversity of thought and culture are cultivated. We seek to recruit hire and retain people from all walks of life who willchampion excellence in education research discovery outreach and believe that promoting a strong sense of community and belonging empowers and engages all members of USU to thrive and be recognized our commitment to employees when they namedUtah State the best employer in Utahin 2023.Learn moreabout USU.

The university provides aDual Career Assistance Programto support careers for partners who are also seeking is committed to providing access and a reasonable accommodation for individuals with disabilities. To request a reasonable accommodation for a disability contact the universitys ADA Coordinator in the Office of Human Resources at or.

*updated 12/2025

In its programs and activities including in admissions and employment Utah State University does not discriminate or tolerate discrimination including harassment based on race color religion sex national origin age genetic information sexual orientation gender identity disability status as a protected veteran or any other status protected by University policy Title IX or any other federal state or local law.

Utah State University is an equal opportunity employer and does not discriminate or tolerate discrimination including harassment in employment including in hiring promotion transfer or termination based on race color religion sex national origin age genetic information sexual orientation gender identity disability status as a protected veteran or any other status protected by University policy or any other federal state or local law.

Utah State University does not discriminate in its housing offerings and will treat all persons fairly and equally without regard to race color religion sex familial status disability national origin source of income sexual orientation or gender identity. Additionally the University endeavors to provide reasonable accommodations when necessary and to ensure equal access to qualified persons with disabilities.

In all circumstances Utah State University follows state and federal laws related to sex-segregated spaces.

The following individuals have been designated to handle inquiries regarding the application of Title IX and its implementing regulations and/or USUs non-discrimination policies:

For further information regarding non-discrimination please visit or contact:

U.S. Department of Education

Denver Regional Office

U.S. Department of Education

Office of Assistant Secretary for Civil Rights

*updated 10/2025