"Alerted.org

Position Details

Position Information

Announcement Number STAFF - VA - 25365

For questions regarding this position, please contact:

John Williams

[email protected]

406-994-7841

Classification Title IT Professional

Working Title Controlled Unclassified Information, Information Systems Security Manager

Brief Position Overview

The Controlled Unclassified Information ( CUI ) Information Systems Security Manager ( ISSM ) will be responsible for the management and oversight of all CUI IT capabilities for Research, including planning, programming, and developing compliant IT capabilities for MSU stakeholders and contractors providing services, to ensure compliance with all evolving Research and CUI protection requirements. The Controlled Unclassified Information ISSM at Montana State University will report to the Chief Information Security Officer ( CISO ) in University Information Technology, supporting work across all MSU Research units under Research and Economic Development.

Position Number 4C1114

Department UIT Info Security

Division VP for Information Technology

Appointment Type Professional

Contract Term Fiscal Year

Semester

If other, specify From date

If other, specify End date

FLSA Exempt

Union Affiliation Exempt from Collective Bargaining

FTE 1.0 FTE

Benefits Eligible Eligible

Salary $120,000 annually, commensurate with experience, education, and qualifications

Contract Type LOA

If other, please specify

Recruitment Type Open

Position Details

General Statement

The CUI Information Systems Security Manager supports Montana State University’s IT mission by developing and accessing compliant IT capabilities for Research contracts containing Controlled Unclassified Information ( CUI ) IT requirements in accordance with Executive Order 13556, 32 CFR 2002, Federal Acquisition Regulations ( FAR ), Defense Federal Acquisition Regulation Supplements ( DFARS ), the Defense Counterintelligence and Security Agency ( DCSA ) or other government entities who execute research contracts with MSU .

The CUI Information Systems Security Manager will remain current with training and guidance provided by the National Archives and Records Administration ( NARA ) and the Information Security Oversight Office ( ISOO ) as well as all requirements levied by federal government entities associated with MSU research contracts.

Duties and Responsibilities

This position will support stakeholders by developing and providing a compliant IT framework, processes, procedures, and resources required to work with CUI , including working with IT staff, researchers, and key stakeholders to design compliant solutions in order to meet functional needs; and direct efforts for support and troubleshooting of CUI IT issues.

This position will also work in required governmental systems of record to provide federal and state entities responses to compliance inquiries and to report compliance with established standards under NIST SP 800-171, the Cybersecurity Maturation Model Certification ( CMMC ) Program, and any newly established standards for information protection levied by research contracts or federal law.

Duties will include, but are not limited to, tasks such as the following:

+ Provide expertise and coordinate the development of University Research information security technical standards, guidelines, and procedures, based on a recognized framework of best practices and in support of Montana State University policies and regulations, such as Cybersecurity Maturity Model Certification ( CMMC ), NIST 800-171, and NIST 800-53.

+ Contribute CUI cybersecurity knowledge and information to assist with risk analysis and risk management activities, and security and compliance reviews.

+ Prepare and maintain system security plans (SSPs) and plans of action and milestones ( POA &M) for various CUI IT capabilities supporting research projects.

+ In conjunction with the MSU Research Security Program, review research proposals with CUI elements and requirements, and develop contract-specific CUI Information Technology capabilities, as required.

+ Develop and implement the management of compliant CUI IT systems to effectively manage processes around user onboarding, offboarding and maintaining appropriate permissions for access to CUI IT resources, working in conjunction with the Office of Research Security and UIT’s Research CIO and team.

+ Develop processes for appropriate oversight and management of all CUI endpoints including inventory management, patching, auditing, inspecting, upgrading, troubleshooting and supporting necessary requirements for any endpoint accessing CUI information systems or otherwise processing CUI for any research contract.

+ Develop and maintain processes to manage user access and configuration for IT Information Systems and Servers and manage CUI IT user accounts and ensure that users with access are properly trained and using the resource in accordance with Technology Control Plans.

+ Develop or review Technology Control Plans and other required CUI documents in coordination with the MSU Research Security Program pertaining to Information Technology as needed.

+ Develop streamlined processes and procedures involving stakeholders to expedite training, access, oversight, and support for internal and external customers.

+ Conduct site-visits, inspections and audits at locations where MSU works with CUI to ensure IT security practices, procedures, policies, and guidance are being followed.

+ Utilize the Supplier Performance Risk System ( SPRS ) and other government or 3rd party systems of record to develop and provide reports and perform necessary actions to achieve or maintain compliance standards.

+ Actively remain current and knowledgeable on existing and newly emerging Federal Government standards, policies, regulations and laws pertaining to CUI Information Technology management and security control requirements. Secure industry-standard Information Assurance certifications appropriate to the position as required by management.

+ Perform supervisory functions directly and indirectly with Research IT employees in various departments across MSU . Oversee and direct the deployment of CUI policies, guidance and procedures, and work with centers, institutes and departments to ensure consistent implementation of Research CIO’s guidance for CUI within Research contracts.

Required Qualifications – Experience, Education, Knowledge & Skills

+ Demonstrated progressively responsible experience working with IT-focused management of information security programs.

+ Demonstrated experience working with Controlled Unclassified Information ( CUI ) pursuant to requirements in 32 CFR 2002.

+ Demonstrated knowledge and experience working with various security and regulatory compliance standards, such as the Cybersecurity Maturity Model Certification ( CMMC ); NIST SP 800-171 and NIST SP 800-53.

+ Demonstrated experience using written and verbal communication skills to present technical information and technical solutions.

+ Bachelor’s Degree in Information Systems, Computer Science, Computer Engineering or related, or an equivalent combination of education and experience.

Preferred Qualifications – Experience, Education, Knowledge & Skills

+ Master’s Degree in Information Technology or directly relevant discipline.

+ Experience working with US government security policies, regulations, and procedures to include implementation and management of compliance processes, procedures, and best practices.

+ Prior experience working in University Research environments with federal information protection requirements.

+ Demonstrated familiarity with any of the following key elements: Federal Acquisition Regulations ( FAR ), Defense Federal Acquisition Regulation Supplements ( DFARS ), the Information Security Oversight Office ( ISOO ) and/or the Defense Counterintelligence and Security Agency ( DCSA )

+ If not already held, this position prefers the applicant to be capable of obtaining industry-standard Information Assurance certifications appropriate to this position such as Certified Information Security Manager ( CISM ), Certified Information Systems Security Professional ( CISSP ), Certified Information Systems Auditor ( CISA ) or similar within 6 months of established requirement.

+ Current or previous US government security clearance

The Successful Candidate Will

+ Provide proactive leadership and subject matter expertise to identify federal processes and procedures and responsively provide solutions for CUI requirements supporting Controlled Research.

+ Be results-focused and an active problem solver, able to successfully operate nearly autonomously in a complex, fast-paced environment.

+ Possess and utilize excellent written, public speaking, and other communication skills to effectively develop and deliver CUI content for a variety of stakeholders.

+ Appropriately handle sensitive information and circumstances, including during high-stress incidents.

+ Collaborate effectively with law enforcement, technical staff, and executive personnel at the university and within the Federal Government.

+ Continuously strive to improve existing programs to enhance information security, expedite support, establish cost-saving measures, and streamline CUI program processes.

Position Special Requirements/Additional Information

This position is located in Bozeman, MT, and is contingent upon continuation of funding.

The successful candidate must be able to comply with the federally mandated requirements of U.S. export control laws, which may require proof that candidate is a U.S. person. Per 22 CFR §120.62, U.S. person means a person who is a lawful permanent resident as defined by 8 U.S.C. 1101(a)(20) or who is a protected individual as defined by 8 U.S.C. 1324b(a)(3).

This position may require the ability to obtain a Security Clearance and/or meet other government-defined restrictions appropriate for work level and access.

Other security-related requirements will include receiving favorable background checks by state and federal agencies pursuant to federal law and regulations.

This job description should not be construed as an exhaustive statement of duties, responsibilities, or requirements, but a general description of the job. Nothing contained herein restricts Montana State University’s rights to assign or reassign duties and responsibilities to this job at any time.

Physical Demands

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily with or without reasonable accommodations. The requirements listed above are representative of the knowledge, skill, and/or ability required.

This position has supervisory duties? Yes

Posting Detail Information

Number of Vacancies

Desired Start Date

Position End Date (if temporary)

Open Date

Close Date

Applications will be:

Screening of applications will begin on May 19, 2025; however, applications will continue to be accepted until an adequate applicant pool has been established.

Special Instructions

EEO Statement

Montana State University is an equal opportunity employer. MSU does not discriminate against any applicant on the basis of race, color, religion, creed, political ideas, sex, sexual orientation, gender identity or expression, age, marital status, national origin, physical or mental disability, or any other protected class status in violation of any applicable law.

In compliance with the Montana Veteran’s Employment Preference Act, MSU provides preference in employment to veterans, disabled veterans, and certain eligible relatives of veterans. To claim veteran’s preference, please complete the veteran’s preference information located in the Demographics section of your profile.