Director of Cybersecurity

APPLICATION INSTRUCTIONS:

• CURRENT PENN STATE EMPLOYEE (faculty, staff, technical service, or student), please login to Workday to complete the internal application process . Please do not apply here, apply internally through Workday.

• CURRENT PENN STATE STUDENT (not employed previously at the university) and seeking employment with Penn State, please login to Workday to complete the student application process. Please do not apply here, apply internally through Workday.

• If you are NOT a current employee or student, please click “Apply” and complete the application process for external applicants .

JOB DESCRIPTION AND POSITION REQUIREMENTS:

We are searching for a Director of Cybersecurity to lead our cybersecurity group at the Applied Research Laboratory (ARL) at Penn State University.  You will develop and execute strategies, manage operations, and collaborate internally/externally to provide safe, secure, and compliant environments for research and business operations at ARL.  ARL operates and maintains a complex and compliant (DFARS, NISPOM, Risk Management Framework (RMF)) security program encompassing multiple classifications of networks utilized for DoD contracts and subcontracts.  Increasing enterprise complexity and compliance regulations require strong leadership of this vital capability; security is at the heart of ARL’s mission. This leadership role will continue building on the existing cybersecurity and compliance programs and strengthen the partnerships within the Lab, Defense Industrial Base, and sponsors.

Overall responsibilities include:

• Operational leadership of ARL’s information security program

• Provide direction and leadership regarding cybersecurity/compliance information technologies in collateral classified and unclassified environments

• Partner with the Chief Information Officer (CIO) to oversee the continued development and operations of an information security organization that is focused toward a common set of goals in information security; establish short, mid-term, and long-range security and compliance goals; define security strategies, budgetary needs, metrics, reporting mechanisms and program services; and create a roadmap for continuous program improvements

• Partner and collaborate with the Facilities Security Officer (FSO) to reduce overlaps in functions and mitigate gaps between the two distinct functional scopes (traditional security and information security)

• Keep abreast of information security issues and regulatory changes affecting our industry at the local and national level, participate in Defense Industrial Base (DIB) workgroups, University Affiliated Research Center (UARC) policy and practice discussions, and communicate to the organization on a regular basis

• Build and develop/mentor a highly-effective cybersecurity team closely integrated with ITS leaders, teams, and processes

• Lead efforts to internally assess, evaluate, and make recommendations to management regarding the adequacy of the security controls for ARL’s information and technology systems and practices

Policy, Compliance and Audit Areas

• Work with the CIO and FSO to develop and implement an effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation (e.g., RMF, NISPOM, NIST frameworks, CMMC, DFARS)
• Coordinate and track all information technology and information security related audits and Authority to Operate (ATO) efforts including scope/target of audits, timelines, auditing agencies, ATO management, and outcomes; work with external oversight and internal resources to prepare for inspections/audits; maintain productive and collaborative relationships with oversight entities (such as DCSA and PSU internal audit); provide evaluation, strategy, and execution leadership for audit responses
• Direct the development, implementation, administration, and utilization of technical security standards as well as a suite of security services and tools to address and mitigate security risk
• Lead efforts to internally assess, evaluate, and make recommendations to management regarding the adequacy of the security controls for ARL’s information and technology systems and practices
• Lead efforts to monitor and communicate network activity, intrusion protection feedback, and other security event information to ensure information security readiness and incident responsiveness

Risk Management and Incident Response Areas

• Keep abreast of security incidents and act as primary control point during significant information security incidents; convene a Cybersecurity Incident Response Team (CIRT) as needed or requested, addressing and investigating security incidences

• Ensure information security issues and requirements are integrated into incident/breach response activities (to include leadership on required notification actions)

• Develop, implement, and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk

• Provide leadership, direction, and guidance in assessing and evaluating information security risks and monitor compliance with security standards, related laws, and regulations and appropriate internal policies

This job will be filled as a level 3 or low-level 4, depending upon the successful candidate’s competencies, education, and experience. Typically requires a Bachelor’s Degree or higher plus four years of related work experience or an equivalent combination of education and experience for a level 3.  Additional experience and/or education are required for higher level positions. 

Required skills and experience include:

• Demonstrated ability applying IT in solving security/compliance issues

• Experience in cyber security systems engineering and architecture design, development, and implementation

• Proven experience in operating IT systems in accordance with federal government information security standards and regulations, including RMF and NIST

• Level 3 DoD 8570 Approved Certification (such as CISSP, CISM, GCIH, GCED, CISA, CCNP Security, CASP+CE)

• Demonstrated ability to develop metrics, perform critical analysis, and develop executive decision support content

• Strength in determining, communicating, and delivering multiple competing priorities

• Proven success in developing relationships with customers, peers, and stakeholders, driving productive collaboration

• Ability to express yourself and your ideas for clear comprehension to others and/or an audience

Preferred skills and experience areas include:

• Successful cybersecurity and compliance leadership in a research, production, military, and/or defense contractor environment

• A wide variety of security and information security processes and principles, such as:
      o    Enterprise security architecture
      o    Threat model development
      o    Vulnerability assessment
      o    Risk analysis 

• RMF

• Cybersecurity Maturity Model Certification (CMMC) awareness

• Industry and Government cybersecurity frameworks, (NIST, CIS, ISO, CSA)

• Planning, organizing, and developing information technology policies, procedures, and practices

• Proven ability to develop and foster high-performance teams

• Current eligibility for access to classified information at the Secret level or higher and may be subject to a government background investigation to upgrade clearance eligibility, if required

Your working location can be hybrid (on-site/work from home), with your on-site office located in State College, PA.  This position will require periodic travel to remote locations in support of site visits, FFRDC/UARC events, and industry engagement.

Candidates for consideration must submit a cover letter of interest and a resume.

ARL at Penn State is an integral part of one of the leading research universities in the nation and serves as a University center of excellence in defense science, systems, and technologies with a focus in naval missions and related areas.

You will be subject to a government security investigation, and you must be a U.S. citizen to apply. Employment with the ARL will require successful completion of a pre-employment drug screen. 

ARL is committed to diversity, equity, and inclusion; we believe this is central to our success as a Department of Defense designated University Affiliated Research Center (UARC).  We are at our best when we draw on the talents of all parts of society, and our greatest accomplishments are achieved when diverse perspectives are part of our workforce.

FOR FURTHER INFORMATION on ARL, visit our web site at www.arl.psu.edu .

CAMPUS SECURITY CRIME STATISTICS:

Pursuant to the Jeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act and the Pennsylvania Act of 1988, Penn State publishes a combined Annual Security and Annual Fire Safety Report (ASR). The ASR includes crime statistics and institutional policies concerning campus security, such as those concerning alcohol and drug use, crime prevention, the reporting of crimes, sexual assault, and other matters. The ASR is available for review here .

Employment with the University will require successful completion of background check(s) in accordance with University policies. 

EEO IS THE LAW

Penn State is an equal opportunity, affirmative action employer, and is committed to providing employment opportunities to all qualified applicants without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability or protected veteran status. If you are unable to use our online application process due to an impairment or disability, please contact 814-865-1473.

Federal Contractors Labor Law Poster

PA State Labor Law Poster

Affirmative Action

Penn State Policies

Copyright Information

Hotlines

University Park, PA