What We Do:

In Information Technology Services, our teams are responsible for defining, developing, supporting, and evolving the technology-related services needed by the SEI in the pursuit of its overarching mission. We provide the Institute with a current, reliable, and secure infrastructure.

Position Summary:

We are seeking a highly skilled and detail-oriented IT Compliance Specialist to join our team. The successful candidate will be responsible for ensuring that our organization adheres to all relevant IT compliance standards and regulations, with a focus on NIST 800-171 and Cybersecurity Maturity Model Certification (CMMC). This role requires a deep understanding of IT security frameworks, strong analytical skills, and the ability to collaborate effectively with cross-functional teams.

Requirements:

• 3 years of experience in IT compliance, risk, or audit functions assessing findings and implementing remediation actions or equivalent combination of education and experience. Two (2) years project management and/or experience in a team environment.
• Familiarity with multiple operating systems including Windows, Linux, and macOS.
• Flexible to travel to other SEI offices in Pittsburgh and Washington, DC, sponsor sites, conferences, and offsite meetings on occasion.

Duties:

• Compliance Assessments: You’ll measure the ongoing compliance of our IT systems to the relevant cybersecurity frameworks such as NIST 800-171 and CMMC, proactively identifying and addressing compliance gaps.
• Organization and Record Keeping: You will document necessary compliance action items, verify evidence, and monitor activities to ensure all are closed on a timely basis. You’ll monitor activities to ensure all activities are closed on a timely basis. Ensure non-compliant findings have action items created and are tracked to completion with routine oversight.
• Policy Development and Implementation: You will contribute to the development, implementation, and maintenance of IT compliance policies, procedures, and controls aligned with SEI, NIST 800-171, and CMMC requirements.
• Stakeholder Collaboration: You’ll collaborate with internal stakeholders to identify compliance gaps, develop remediation plans, and provide guidance and support to IT and research teams on compliance-related matters.
• External Coordination: You will coordinate with external auditors and regulatory agencies during compliance audits and assessments, ensuring smooth communication and compliance.
• Metrics Monitoring: We’ll look to you to monitor and report on compliance metrics and key performance indicators to senior management, providing insights for decision-making and continuous improvement. Your reports and analysis will be key contributions.
• Risk Management: You will participate in risk assessments and assist in the development of risk mitigation strategies to ensure the organization's compliance and security posture. You’ll take the lead maintaining the IT decision matrix and risk register.
• Training Development: You will contribute to the development of training and awareness programs to foster a culture of compliance within the organization, ensuring all staff members are well-informed and compliant.
• Subject Matter Expertise: You will serve as a subject matter expert on evolving regulation and IT compliance matters, providing guidance and support to colleagues as needed, and promoting best practices.

Knowledge, Skills, and Abilities:

• Continuous Learning: You are eager to expand your knowledge and stay up-to-date with the latest regulatory changes and evolving needs of the SEI.
• Analytical Thinking: You possess strong analytical and problem-solving skills, with keen attention to detail, to effectively identify compliance gaps and develop solutions.
• Communication Proficiency: As part of a matrixed organization, you’ll work effectively, engaging with team members and stakeholders across the organization to troubleshoot issues, provide guidance, and contribute innovative ideas.
• Positive Attitude: You approach tasks with enthusiasm and a positive attitude, contributing to a supportive work environment where teamwork and mutual respect are valued.

Preferred Qualifications:

• Research-oriented: You have familiarity with working within a research organization.
• Technical and Project Leadership: You have led technical projects and have experience collaborating across teams.
• Credentialed: Certified Information Systems Auditor (CISA), Systems Security Certified Practitioner (SSCP), or CompTIA Security .

Benefits

Our benefits philosophy encompasses three driving priorities: Choice, Control, and Well-being. Learn more at https://www.cmu.edu/jobs/benefits-at-a-glance/. You can join an institution and inspire innovations that change the world.