Research Data Security Manager

Over the last several years, federal research data security regulations affecting the University’s research enterprise have become more rigorous. While Princeton maintains a commitment to fundamental research, the University has a growing DoD and federal contract portfolio, and anticipates greater work with Controlled Unclassified Information (CUI) in the future. Additionally, Princeton’s research with regulated data of all types and with a range of federal, nonfederal, and international partners is growing, including with hospitals and medical centers.

The Research Data Security Manager (RDSM) reports to the Associate Director (AD), Export Control and Compliance, in the Office of Research and Project Administration (ORPA).  The RDS Manager will provide subject matter expertise in sensitive and restricted research data sets, including related federal/government regulations, institutional policy and procedures, and best practices nationally among major research universities to ORPA and other offices in the Dean for Research organization as well as across the University.  The position will have overall responsibility for coordinating with University personnel to develop and maintain Princeton University’s Research Data Security program, including the Offices of Information Security, Information Technology, Research Computing, Research Integrity and Assurance, the Library, Audit and Compliance and academic departments. 

A remote work arrangement may be considered for candidates with the appropriate background and experience.

The position will be responsible for developing, maintaining, communicating, and ensuring  a coordinated approach to University-wide policies and procedures regarding sensitive and restricted research data sets, including requirements stemming from private sector funding/agreements, and including requirements associated with Federal Contract Information (FCI), Controlled Unclassified Information (CUI), Protected Health Information (PHI), Health Insurance Portability and Accountability Act of 1996 (HIPAA), Family Educational Rights and Privacy Act (FERPA), Personally Identifiable Information (PII), General Data Protection Regulation (GDPR), Cybersecurity Maturity Model Certification (CMMC) and NSPM-33, among others.  The position will assist senior administrators, faculty, staff, and students with interpretation of regulations, policies and contractual obligations related to research data security and will develop and manage a program to ensure compliance.  The position will also partner with sponsors and collaborators, including government agencies, to advocate for the University’s interests where appropriate, clarify requirements, make interpretations, document decisions and ensure compliance. 

• Develop and oversee a risk-based institutional research data security program overseeing sensitive, restricted and controlled data received, developed, shared or used in University research projects
• Overall responsibility for ensuring the University’s compliance with CMMC, including preparation and maintenance of SSPs to accurately reflect the installation and security provisions of unclassified research information systems.
• Inventory and document existing University systems that may contain FCI, CUI, and other secure data, and ensure controls are in place to appropriately safeguard the data
• Coordinate the University’s implementation of research data security policies and procedures, and represent sponsored research interests on the Research Data Security Governance Committee.
• This position will develop, document, maintain, coordinate, and communicate policies, procedures and practices governing the usage, maintenance, and security of research data information systems within the University based on NIST SP 800-171 controls and FAR 52.204-21.
• Partner with other key departments in the development and maintenance of Plan of Action and Milestones (POA&M) used to identify information system weaknesses, mitigating actions, resources and timelines for corrective actions.
• Partner with the Information Security Office to identify vulnerabilities and correct deficiencies as part of a continuous monitoring program.
• Ensure audit records are collected and analyzed in accordance with SSPs.
• Assist with the design of secure networks and determine best processes based on requirements.
• Manage the development of project-specific information and security controls in collaboration with the PI, ORPA, Export Controls, Research Computing, Research Integrity and Assurance, Information Security, Global Safety and Security, and other campus partners.
• Manage an assessment program to review compliance objectives, support the risk management program, and remain current with relevant regulations, perform periodic control reviews, and document compliance within secure computing environments. 
• Review appropriate agreements for concerns related to research data security and work with University offices and faculty to mitigate and resolve any identified risk or compliance issues.
• Consult with Principal Investigators (PIs) in pre-award or post-award review of research data security matters. Advise PIs on how to comply with basic and derived security recruitments as part of a research project’s System Security Plan (SSP). 
• Implementation of an effective research data security education, training, and awareness program to ensure compliance with government regulations.
• Work with budget office to identify costs for the research data security program, both in current and future state, and determine which costs, if any, may be recovered.

Required Qualifications

• Bachelor’s degree and 4+ years of relevant experience.
• Experience developing, maintain and overseeing an information systems security program and policies within a complex organization.
• Strong skills in organizing and setting priorities and accomplishing tasks by identifying risk-based solutions to time-sensitive problems.
• Demonstrated familiarity with CMMC guidelines
• Working knowledge of information system technology and cybersecurity principles to include vulnerability scanning, network security principles, authentication and authorization , and incident response.
• Experience in the application of Risk Management Frameworks as described in the National Institute of Standards and Technology (NIST) Special Publications (SP) 800-37, SP 800-171 and SP 800-53.
• Demonstrated ability to develop training materials and to provide individual training as appropriate

Preferred Qualifications

• Master’s degree in Information Technology, Computer Science, or a related field.
• Certified Information Privacy Professional (CIPP), Certified Information Systems Security Professional (CISSP), or other relevant professional certification.
• Experience designing and managing a research data security program based on the US government’s NIST standards and frameworks.

Princeton University is an Equal Opportunity/Affirmative Action Employer and all qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity or expression, national origin, disability status, protected veteran status, or any other characteristic protected by law. KNOW YOUR RIGHTS