Cybersecurity Manager

FUNCTION AND SCOPE

The Cybersecurity Manager is responsible for leading the evaluation, implementation, and ongoing operation of the organization's information security program to ensure that information assets and associated systems, applications, infrastructure, and processes are adequately protected.

Reporting to the Chief Information Security Officer (CISO), this role is accountable for managing cybersecurity risk across the organization, overseeing security operations and governance processes, and ensuring compliance with applicable legal, regulatory, contractual, and sponsor requirements.

This position requires a strategic, hands-on leader with strong technical breadth, proven leadership ability, and deep experience operating in regulated, research, or government-funded environments. The Cybersecurity Manager works cross-functionally with ITS, Compliance, Legal, Sponsored Programs, Data Governance, Human Resources, campuses, system partners, and external agencies to implement and sustain effective security practices aligned with organizational risk tolerance and business objectives.

A key responsibility of this role is partnering with leadership and stakeholders to define acceptable risk levels, translate risk into business terms, and ensure that security controls and investments are aligned to institutional priorities.

KEY RESPONSIBILITIES

• Lead and operate the organization's cybersecurity risk management program, including risk identification, assessment, treatment, and reporting.
• Oversee third-party and vendor security risk management, including security reviews of cloud services, applications, AI tools, and external service providers.
• Direct vulnerability and threat management programs, including network, firewall, endpoint, identity, and application security, and ensure timely remediation of findings.
• Lead and coordinate cybersecurity incident response activities, including tabletop exercises, investigations, and coordination with internal teams and external partners.
• Maintain and govern information security policies, standards, and procedures, ensuring regular review and alignment with regulatory and sponsor requirements.
• Prepare and present cybersecurity risk, posture, and readiness reports to executive leadership, audit committees, and external stakeholders.
• Coordinate and support cybersecurity audits, sponsor reviews, and compliance assessments (e.g., CMMC, DFARS, FAR, NIST).
• Collaborate with Data Governance, Legal, I&E, HR, and Sponsored Programs to ensure alignment between cybersecurity, privacy, and regulatory obligations.
• Assist in cybersecurity budget planning, cost justification, and procurement of security tools and services.
• Support the design and operation of secure research environments, including cloud-based enclaves and segmented networks supporting CUI/FCI and regulated research.
• Provide leadership, direction, and prioritization across multiple concurrent security initiatives and operational demands.

LEADERSHIP PROFILE

• Acts with integrity and sound judgment - Handles sensitive and confidential matters with discretion and professionalism.
• Leads through influence and service - Builds trust, bridges organizational boundaries, and aligns business and technical stakeholders.
• Understands the business - Brings a pragmatic, risk-based approach to security that enables research and operations while protecting the organization and its assets.
• Communicates effectively - Can translate cybersecurity risk and technical concepts to executives, business leaders, and both technical and non-technical staff.
• Operates under pressure - Remains calm, decisive, and effective during incidents, audits, and high-stakes situations.
• Thinks strategically and executes tactically - Balances long-term program maturity with day-to-day operational execution.
• Drives outcomes - Brings strong project, financial, and resource management skills and can lead complex initiatives to completion.
• Shapes decisions - Influences outcomes in complex or ambiguous environments using data, judgment, and collaboration.
• Develops people - Invests in mentoring and coaching staff, builds skills and confidence in junior team members, and actively contributes to the organization's long-term cybersecurity capabilities.

Requirements:

EDUCATION & EXPERIENCE

Required:

Minimum of five (5) years of experience in information security, including at least three (3) years in a leadership or supervisory role.
Bachelor's degree in information security, information technology, business, or a related field, or equivalent combination of education, experience, and certifications.
Strong working knowledge of cybersecurity governance and frameworks, including:

NIST CSF
NIST SP 800-53, 800-171, 800-172
CMMC 2.0

Experience supporting regulated or research environments involving CUI/FCI, FAR, DFARS, export-controlled research, and/or NIH/DoD/DoW/DOE requirements.
Professional certification such as CISSP, CISM, CISA, or similar.

Additional Information:

Compensation for this position: The compensation for this role is between $112,835 -$144,491 . The pay will depend on a variety of factors that may include but are not limited to experience, education, training, certifications, and internal equity.

Application Instructions:

Applicants interested in applying MUST submit the following documents:

1. Resume/Cv
2. Cover Letter

After submitting your resume/CV, the subsequent pages enable you to upload your cover letter and additional documents.