Security Compliance Officer

In this role, you will lead the overall NIST readiness eort to support the research community, with a particular focus on compliance with NIH requirements, Cybersecurity Maturity Model Certification (CMMC), and NIST SP 800-171 standards. Your leadership will be crucial in enhancing the universitys ability to meet these regulatory frameworks and ensure robust information security practices.

Your primary responsibilities will include executing a comprehensive strategy to prepare the university for an increasing number of security audits and evolving regulatory requirements, emphasizing compliance with CMMC, NIH, and NIST SP 800-171. You will take the lead in developing frameworks that not only meet current cybersecurity standards but also anticipate emerging challenges in the landscape of research-related security. You will closely collaborate with Stanford Research Computing and local Stanford IT groups to implement and refine security controls that align with regulatory requirements. Your guidance will be vital in assisting the research community as they navigate the complexities of compliance with these critical standards.

Additionally, you will coordinate eorts across various departments to establish and maintain a robust compliance framework. This involves assessing the university's existing security posture, identifying gaps that may hinder compliance with NIH, CMMC, and NIST SP 800-171, and implementing best practices and guidelines to strengthen cybersecurity measures in preparation for audits.

This involves identifying and analyzing the university's existing security posture and determining gaps that may hinder compliance. You will implement best practices and guidelines to enhance cybersecurity measures and aid in the preparation for audits. Additionally, you will work closely with legal, IT, and administrative stakeholders to develop and maintain policies, procedures, and training programs that promote a culture of security awareness and accountability.

Typical Activities

• Lead the development and execution of a comprehensive strategy of NIST readiness to prepare the university for security audits and regulatory requirements, with a specific emphasis on compliance with NIH, Cybersecurity Maturity Model Certification (CMMC) and NIST SP 800-171 standards.
• Develop a risk assessment framework and create a process to conduct comprehensive risk assessments, identifying potential security threats and implementing eective mitigation strategies to minimize risks to the organizations assets and data.
• Collaborate with the third-party for the development of System Security Plans (SSPs) that outline the security controls in place for the university's information systems and ensure they align with regulatory requirements.
• Ensure that the actions pertaining to cybersecurity listed in the Plan of Actions and Milestones (POA&M) are executed eectively to meet compliance with industry regulations, best practices, and the university's risk management framework, including NIH, NIST, ISO 27001, HIPAA, and PCI DSS.
• Develop, maintain, and enforce information security policies, procedures, and standards in line with industry regulations, best practices, and the organization's risk management program.
• Ensure compliance with security policies, regulations, and standards, such as NIST, ISO 27001, HIPAA, and PCI DSS, and provide regular updates to stakeholders on changes in requirements.
• Update security controls regularly and provide support to stakeholders on security controls, including internal assessments, regulations, protecting Personally Identifiable Information (PII) data, and Payment Card Industry Data Security Standards (PCI DSS).
• Collaborate with cross-functional teams, including IT, Finance, Human Resources, and Legal, to integrate information security into the organization's overall risk management program.
• Maintain detailed documentation and records of security incidents, risk assessments, and audit findings to support ongoing compliance eorts.
• Coordinate with the Internal Audit team to facilitate security audits, and work collaboratively with the ISO Cloud Security team to conduct vulnerability assessments, identifying weaknesses in the university's security infrastructure and formulating action plans to address those vulnerabilities.
• Perform any other related duties assigned to support the organization's information security program.

Minimum Education & Experience Required

• Youre a well-rounded, critical thinker with a bachelors degree (or equivalent experience).
• A minimum of seven years of experience in information security, risk management, or compliance.

Qualications

• Proven experience in information security, risk management, and compliance with a focus on establishing robust security frameworks.
• In-depth understanding of industry standards and regulations, particularly NIST & HIPAA.
• Strong analytical and critical thinking skills, with a demonstrated ability to identify, assess, and mitigate complex security risks eectively.
• Significant experience in leading security audits, risk assessments, and vulnerability assessments to ensure compliance and enhance security measures.
• Comprehensive knowledge of security technologies, including encryption methods, firewalls, intrusion detection systems, and Security Information and Event Management (SIEM) solutions.
• Multiple years of experience in a leadership role within a cybersecurity, information security, or compliance-related team, demonstrating the ability to guide and mentor junior sta while driving compliance initiatives.
• Exceptional capability to convey complex technical concepts in accessible language to diverse audiences, ensuring eective communication with stakeholders at all levels of technical expertise.
• Strong commitment to professional development and staying current with the latest security threats, technologies, and evolving industry regulations to inform compliance strategies.

Bonus Points & Plusses

• Knowledge of ISO 27001 and PCI DSS.
• CISSP or other professional cybersecurity certifications.
• Prior work in a highly-regulated industry or higher education.