Controlled Unclassified Information, Information Systems Security

Duties And Responsibilities

This position will support stakeholders by developing and providing a compliant IT framework, processes, procedures, and resources required to work with CUI, including working with IT staff, researchers, and key stakeholders to design compliant solutions in order to meet functional needs; and direct efforts for support and troubleshooting of CUI IT issues. This position will also work in required governmental systems of record to provide federal and state entities responses to compliance inquiries and to report compliance with established standards under NIST SP 800-171, the Cybersecurity Maturation Model Certification ( CMMC ) Program, and any newly established standards for information protection levied by research contracts or federal law. Duties will include, but are not limited to, tasks such as the following: Provide expertise and coordinate the development of University Research information security technical standards, guidelines, and procedures, based on a recognized framework of best practices and in support of Montana State University policies and regulations, such as Cybersecurity Maturity Model Certification ( CMMC ), NIST 800-171, and NIST 800-53. Contribute CUI cybersecurity knowledge and information to assist with risk analysis and risk management activities, and security and compliance reviews. Prepare and maintain system security plans (SSPs) and plans of action and milestones ( POA &M) for various CUI IT capabilities supporting research projects. In conjunction with the MSU Research Security Program, review research proposals with CUI elements and requirements, and develop contract-specific CUI Information Technology capabilities, as required. Develop and implement the management of compliant CUI IT systems to effectively manage processes around user onboarding, offboarding and maintaining appropriate permissions for access to CUI IT resources, working in conjunction with the Office of Research Security and UIT’s Research CIO and team. Develop processes for appropriate oversight and management of all CUI endpoints including inventory management, patching, auditing, inspecting, upgrading, troubleshooting and supporting necessary requirements for any endpoint accessing CUI information systems or otherwise processing CUI for any research contract. Develop and maintain processes to manage user access and configuration for IT Information Systems and Servers and manage CUI IT user accounts and ensure that users with access are properly trained and using the resource in accordance with Technology Control Plans. Develop or review Technology Control Plans and other required CUI documents in coordination with the MSU Research Security Program pertaining to Information Technology as needed. Develop streamlined processes and procedures involving stakeholders to expedite training, access, oversight, and support for internal and external customers. Conduct site-visits, inspections and audits at locations where MSU works with CUI to ensure IT security practices, procedures, policies, and guidance are being followed. Utilize the Supplier Performance Risk System ( SPRS ) and other government or 3rd party systems of record to develop and provide reports and perform necessary actions to achieve or maintain compliance standards. Actively remain current and knowledgeable on existing and newly emerging Federal Government standards, policies, regulations and laws pertaining to CUI Information Technology management and security control requirements. Secure industry-standard Information Assurance certifications appropriate to the position as required by management. Perform supervisory functions directly and indirectly with Research IT employees in various departments across MSU . Oversee and direct the deployment of CUI policies, guidance and procedures, and work with centers, institutes and departments to ensure consistent implementation of Research CIO’s guidance for CUI within Research contracts.

Physical Demands

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily with or without reasonable accommodations. The requirements listed above are representative of the knowledge, skill, and/or ability required.