What We Do:
In Information Technology Services, our teams are responsible for defining, developing, supporting, and evolving the technology-related services needed by the SEI in the pursuit of its overarching mission. We provide the Institute with a current, reliable, and secure infrastructure.
Position Summary:
We are seeking a highly skilled and detail-oriented IT Compliance Specialist to join our team. The successful candidate will be responsible for ensuring that our organization adheres to all relevant IT compliance standards and regulations, with a focus on NIST 800-171 and Cybersecurity Maturity Model Certification (CMMC). This role requires a deep understanding of IT security frameworks, strong analytical skills, and the ability to collaborate effectively with cross-functional teams.
Requirements:
-
3+ years of experience in IT compliance, risk, or audit functions assessing findings and implementing remediation actions or equivalent combination of education and experience. Two (2) years project management and/or experience in a team environment.
-
Familiarity with multiple operating systems including Windows, Linux, and macOS.
-
Flexible to travel to other SEI offices in Pittsburgh and Washington, DC, sponsor sites, conferences, and offsite meetings on occasion.
-
You will be subject to a background investigation
-
Applicants for this position must be currently legally authorized to work for CMU in the United States. CMU will not sponsor or take over sponsorship of an employment visa for this opportunity.
Duties:
-
Compliance Assessments: You’ll measure the ongoing compliance of our IT systems to the relevant cybersecurity frameworks such as NIST 800-171 and CMMC, proactively identifying and addressing compliance gaps.
-
Organization and Record Keeping: You will document necessary compliance action items, verify evidence, and monitor activities to ensure all are closed on a timely basis. You’ll monitor activities to ensure all activities are closed on a timely basis. Ensure non-compliant findings have action items created and are tracked to completion with routine oversight.
-
Policy Development and Implementation: You will contribute to the development, implementation, and maintenance of IT compliance policies, procedures, and controls aligned with SEI, NIST 800-171, and CMMC requirements.
-
Stakeholder Collaboration: You’ll collaborate with internal stakeholders to identify compliance gaps, develop remediation plans, and provide guidance and support to IT and research teams on compliance-related matters.
-
External Coordination: You will coordinate with external auditors and regulatory agencies during compliance audits and assessments, ensuring smooth communication and compliance.
-
Metrics Monitoring: We’ll look to you to monitor and report on compliance metrics and key performance indicators to senior management, providing insights for decision-making and continuous improvement. Your reports and analysis will be key contributions.
-
Risk Management: You will participate in risk assessments and assist in the development of risk mitigation strategies to ensure the organization's compliance and security posture. You’ll take the lead maintaining the IT decision matrix and risk register.
-
Training Development: You will contribute to the development of training and awareness programs to foster a culture of compliance within the organization, ensuring all staff members are well-informed and compliant.
-
Subject Matter Expertise: You will serve as a subject matter expert on evolving regulation and IT compliance matters, providing guidance and support to colleagues as needed, and promoting best practices.
Knowledge, Skills, and Abilities:
-
Continuous Learning: You are eager to expand your knowledge and stay up-to-date with the latest regulatory changes and evolving needs of the SEI.
-
Analytical Thinking: You possess strong analytical and problem-solving skills, with keen attention to detail, to effectively identify compliance gaps and develop solutions.
-
Communication Proficiency: As part of a matrixed organization, you’ll work effectively, engaging with team members and stakeholders across the organization to troubleshoot issues, provide guidance, and contribute innovative ideas.
-
Positive Attitude: You approach tasks with enthusiasm and a positive attitude, contributing to a supportive work environment where teamwork and mutual respect are valued.
Preferred Qualifications:
-
Research-oriented: You have familiarity with working within a research organization.
-
Technical and Project Leadership: You have led technical projects and have experience collaborating across teams.
-
Credentialed: Certified Information Systems Auditor (CISA), Systems Security Certified Practitioner (SSCP), or CompTIA Security+.
Benefits
Our benefits philosophy encompasses three driving priorities: Choice, Control, and Well-being. Learn more at https://www.cmu.edu/jobs/benefits-at-a-glance/. You can join an institution and inspire innovations that change the world.
Joining the CMU team opens the door to an array of exceptional benefits available to eligible employees.
Those employees who are benefits eligible have the opportunity to experience the full spectrum of advantages from comprehensive medical, prescription, dental, and vision insurance to an enticing retirement savings program offering a generous employer contribution. You can also unlock your potential with tuition benefits and take well-deserved breaks with ample paid time off and observed holidays. Finally, rest easy knowing you are covered by life and accidental death and disability insurance.
Other perks include a free Pittsburgh Regional Transit bus pass, our Family Concierge Team to help navigate childcare needs, fitness center access, and so much more!
For a comprehensive overview of the benefits that may be awaiting you, explore our Benefits page.
At Carnegie Mellon, we value the whole package when extending offers of employment. Beyond just credentials, we consider the role and responsibilities, your invaluable work experience, and the knowledge gained through education and training. We acknowledge and appreciate your unique skills and the diverse perspective you bring. Your journey with us is about more than just a job; it’s about finding the perfect fit for your professional growth and personal aspirations.
Are you interested in an exciting opportunity with an exceptional organization?! Apply today!
Location
Arlington, VA, Pittsburgh, PA
Job Function
IT Project Management
Position Type
Staff – Regular
Full Time/Part time
Full time
Pay Basis
Salary
More Information:
-
Please visit “Why Carnegie Mellon” to learn more about becoming part of an institution inspiring innovations that change the world.
-
Click here to view a listing of employee benefits
-
Carnegie Mellon University is an Equal Opportunity Employer/Disability/Veteran.
-
Statement of Assurance
Top Skills
What We Do
Carnegie Mellon University founder Andrew Carnegie said: "My heart is in the work."
No statement better captures the passion and drive of our people to make a real difference.
At Carnegie Mellon, we're not afraid of the work.
Our educational environment creates problem solvers, drivers of innovation and pioneers in technology and the arts.
Employers in every field say our graduates are ready to hit the ground running the day they graduate.
So, join us. Whether you're looking for a career or an education. Or both.