Description
FOR USE BY IT AND HSIS ONLY: The University of Alabama at Birmingham UAB seeks an INFORMATION SECURITY ENGINEER III-EN to plan, design, enforce and audit security policies and procedures which safeguard the integrity of and access to enterprise systems, files, and data elements. To recognize and identify potential areas where existing data security policies and procedures require change, or where ones need to be developed, especially regarding future business expansion. To provide management with risk assessments and security briefings to advise them of critical issues that may affect customers, or corporate security objectives. To evaluate and recommend security products, services and/or procedures to enhance productivity and effectiveness. This position will commit to fostering an environment of heightened security following Information Technology Security Policies and participating in security training, such as Health Insurance Portability & Accountability Act (HIPAA) and Family Education Rights and Privacy Act (FERPA), on an annual basis.
RESPONSIBILITIES:
This position is responsible for supporting research in maintaining institutional compliance with Controlled Unclassified Information (CUI) regulations, including NIST SP 800-171, CMMC, and other federal mandates. This position involves collaborating with partners on the Cloud-based environment for CUI, and working closely with researchers to ensure security controls align with federal standards.
1. Develop and implement strategies for the security control requirements ensuring adherence to all applicable regulations and policies.
2. Stay updated on relevant regulations and policies related to research compliance and regulatory affairs.
3. Provide guidance and support to researchers, faculty, and staff on IT compliance practices.
4. Monitor the effectiveness of the research compliance program and make recommendations for improvement.
5. Act as a point of contact for security controls and IT compliance-related inquiries or concerns for research projects.
6. Performs other duties as assigned.
(Annual Salary: $94,375 - $153,355)

Qualifications
Bachelor's degree in Information Systems, Computer Science, Cybersecurity, or similar or a related field and five (5) years of related experience required. Work experience may substitute for education requirement. Certified Information Systems Security Professional (CISSP) certification preferred. IT Experience specifically related to cybersecurity is necessary.
Preferred Skills: Strong knowledge of NIST SP 800-171, CMMC, and federal CUI handling regulations. Experience with writing system Security Plans, POAMs, Incident Response Plans Experience working with cloud security solutions. Excellent written and verbal communication skills, with the ability to work across multidisciplinary teams. Experience with GovCloud or other secure cloud-based research platforms. Prior experience in higher education research security a big plus. Certification or credentials related to Cybersecurity (CISSP, CISM, CISA, CCP) a plus.