POSITION SUMMARY:Duke University's IT Security Office (ITSO) is responsible for the overall coordination, implementation, and assessment of information security at Duke University.The ITSO Research Support Security Specialist will work alongside several other Duke entities such as Research Computing ( ), the Office of Research & Innovation ( ), contracting offices, and Duke researchers across campus to advance computational and data intensive research. Duke researchers are experts in their fields, and may, or may not be computing and security experts as well. We want to meet researchers “where they are” to advance their research goals with a positive and helpful attitude.We are looking for an IT Research Security Specialist to help researchers, IT staff, and research support staff understand, implement, and adhere to security best practices and regulatory requirements. This position will work closely with others across campus and participate as a member of virtual teams designed to bring a holistic approach to Duke's research needs.This role primarily focuses on cyber risk in the research fields across Duke University. It will require excellent oral and writing skills, analytical skills, a collaborative and results-oriented attitude, and the curiosity required to stay up to date within a fast-paced field and environment. Prior expertise in security and regulated research or related experience in risk and/or regulatory compliance are desirable, but not a hard requirement.Responsibilities:Consult with Duke Office for Research & Innovation, Duke Office of Information Technology, and other departments on security requirements for research and other regulated institutional data. This position will focus on, but not be limited to, working with sensitive/regulated data or other complex data management requirements.Maintain and improve security and privacy posture of research computing services through consultation and collaborative support with OIT operational support teams.Conduct data security reviews for projects handling a variety of data classifications. As a member of the IT Security office, you will provide security expertise and guidance on compliance needs during these reviews.In collaboration with organizational stakeholders, update and maintain security plans for the university, OIT, and research services where required by regulation or agreement. Identify gaps and coordinate efforts across teams to implement enhancements or updates to policies, processes, and procedures.Maintain close ties with Duke partner organizations to: increase the institutional capabilities in research data security and data management, uphold the University's security policies, and ensure the evolution of capabilities in response to changing security risk and threat landscape.Participate in incident/audit response activities related to research projects as well as other cybersecurity related events.Help to guide cybersecurity efforts involving Duke's Protected Network for Research and other secure computing enclaves. This includes drafting and managing System Security Plans, Plans of Action and Milestones, and other Duke policy documents.Work with and participate in the higher education community efforts focused on regulated research. This includes staying up to date on the changing compliance landscape.Qualifications:Education / Background - Bachelor's degree in a related field is preferred with 5 years combined education / experience in a related field required. Certifications such as SANS, CISSP, CISA, CISM, etc are also preferred.Professional skillsAbility to work with minimal oversight while investigating a problem and scoping out possible solutions as well as knowing when it's time to bring problems back to the team for help or a second opinion.Ability to clearly communicate security topics with stakeholders elsewhere at Duke (may be non-technical, non-security persons) to IT and IT Security staff.Ability to work with a wide variety of stakeholders and respectfully share knowledge and skills.Flexibility and adaptability for changing priorities and requirements.An ideal candidate will have experience and/or interest in the following areas:Experience in Research/Higher Education is highly desired.Familiarity with cybersecurity in an academic research environment.Experience implementing and documenting requirements based on security control frameworks (I.e., NIST 800-53/800-171, NIST CSF, ISO, CIS, DFARS 7012/7020, CMMC) and maintaining data security practices, such as secure storage, data access control, secure data transfer.Experience working directly with sensitive/controlled data research requirements.Experience working with third party assessors for evaluation of secured environments.Working Conditions:Occasionally required to work outside of normal business hours for planned activities, and rarely, may be contacted during off hours.Currently the position may work remotely or at our Durham, NC location. In the future, the role may transition to a hybrid requirement with some days required on site.Duke is an Affirmative Action/Equal Opportunity Employer committed to providing employment opportunity without regard to an individual's age, color, disability, gender, gender expression, gender identity, genetic information, national origin, race, religion, sex, sexual orientation, or veteran status.Duke aspires to create a community built on collaboration, innovation, creativity, and belonging. Our collective success depends on the robust exchange of ideas-an exchange that is best when the rich diversity of our perspectives, backgrounds, and experiences flourishes. To achieve this exchange, it is essential that all members of the community feel secure and welcome, that the contributions of all individuals are respected, and that all voices are heard. All members of our community have a responsibility to uphold these values.Essential Physical Job Functions: Certain jobs at Duke University and Duke University Health System may include essential job functions that require specific physical and/or mental abilities. Additional information and provision for requests for reasonable accommodation will be provided by each hiring department.
