MPN Diversity Recruiters
Atlanta, GA or Birmingham, AL
Our Fortune 200 Company client is seeking to DIRECTLY HIRE a Cybersecurity Exposure Management Analyst to join its Cybersecurity organization. This position can be based in either Atlanta, GA or Birmingham, AL.
CANDIDATE SUBMISSION REQUIREMENTS:
Please carefully read before applying. You can only be considered for referral to the hiring manager IF you meet ALL of the requirements below.
1) You must apply with a SINGLE document (in Word or PDF).
This single merged document must include each of the Hiring Manager's pre-screening questions shown BELOW and your detailed responses (at the TOP) followed by your usual resume/CV content.
2) You must be permanently authorized to work in the U.S. WITHOUT requiring any current or future sponsorship.
In a nutshell, you must be a U.S. citizen or current permanent resident (green) cardholder.
3) You must currently reside or self-relocate to be within commutable distance to Atlanta, GA or Birmingham, AL .
4) You must be reasonably qualified and comply with ALL of the above requirements to receive consideration for an interview referral to the Hiring Manager for this role.
In our Fortune 200 Company , our core objective is to ensure safe and reliable computing environment for the consumers of our services, both internally and externally. Our complex environment generates a constant stream of challenges which require continual innovation with an evolving set of technologies. Keeping the network safe and reliable ensures that our users stay connected with our applications, products and services. Our Fortune 200 Company is committed to supporting the professional development and growth of its employees and fosters an environment of diversity, equity, and inclusion.
Position Overview:
Fortune 200 Company is seeking a passionate and experienced Exposure Management Analyst to join our Cybersecurity organization . This is a technical, hands-on role that requires the ability to assess exposures, analyze risks, and advise strategies to mitigate exposure. This role will support day-to-day continuous threat and exposure management operations focused on identifying and escalating exposed risks. Work outputs will support implementation of security technologies and controls to improve defensive posture, implementation of processes in support of investigations, and development of detection capabilities.
Qualifications:
Bachelor’s degree in computer science, technology, engineering or security-related field or equivalent experience
Minimum 5 years IT or security experience
Demonstrated expertise in supporting vulnerability and patch management programs, enhancing application security, and conducting thorough analyses of potential exposures
Experience working with vulnerability scanning, attack surface management, and cloud security posture management tools
Understanding of OWASP common vulnerabilities and testing methodologies
Understanding of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, code injection, race conditions, covert channel, replay, return-oriented attacks)
Understanding and familiarity with different operating systems (e.g., Windows and LINUX/UNIX systems)
Knowledge of IT security / hardening best practices; including but not limited to operating systems, web applications, and network devices.
Experience building interactive dashboards and reports in PowerBI to visualize security metrics and exposure management data, including remediation progress, risk exposure, etc.
Proficient in Microsoft Excel, including advanced functions such as PivotTables, VLOOKUP, and data analysis tools to organize, summarize, and interpret complex datasets.
Experience using a SIEM to run search queries, perform log analysis, and build dashboards to monitor potential exposures
Ability to effectively organize tasks, manage multiple priorities/details, meet schedules, and deliver on commitments
Ability to thrive in a fast-paced environment, demonstrating adaptability and flexibility in response to changing priorities and emerging threats.
Experience driving discussions and consensus across a broad group of stakeholders and cross functional teams regarding patching, security recommendations, and mitigations strategies
Strong verbal and written communication skills, with the ability to work independently and collaboratively within a team. Proven experience interacting with both technical and non-technical stakeholders.
Job Responsibilities:
Support day-to-day operations of the exposure management program, including data review, report processing, and trend analysis. Track remediation of identified risks and mitigation strategies and escalate findings to key stakeholders.
Ability to analyze potential security risks and determine applicability to our environment
Execute emergency vulnerability workflows and procedures
Stay informed about publicly disclosed vulnerabilities (CVEs) and potential vulnerabilities (rumors, blogs, partial public analysis).
Map vulnerability assessment results to asset inventory and key stakeholders. Calculate prioritization based on risk assessment.
Identify and recommend appropriate compensating controls to manage and remediate vulnerability risk with the focus on reducing potential impacts
Support development of vulnerability metrics and remediation-related dashboards and reports
Understand enterprise policies and advise policies and technical standards with specific regard to vulnerability management, scanning procedures and secure configuration
Coordinate with key business partners to understand, prioritize, and coordinate vulnerability remediation activities
Collaborate with peers from across the organization and maintain excellent working relationships with key partners across Technology Organization functions and business partners
Understand business requirements and work with business partners to define appropriate solutions, meeting both security mandates and business needs
Demonstrates strong critical thinking and curiosity, essential for effectively analyzing and addressing security threats and vulnerabilities.
Demonstrate Fortune 200 Company values of Safety First, Unquestionable Trust, Superior Performance, and Total Commitment
Job Requirements :
Required to submit to a thorough background examination
Ability to understand business requirements and present appropriate solutions
Ability to work independently or within a team
Ability to effectively organize tasks, manage multiple priorities/details, meet schedules, and deliver on commitments
Solid verbal and written communication skills
Demonstrated critical, independent thinking; demonstrated ability to conceive and present creative solutions
Must pass NERC CIP & Insider Threat Protection background checks
One or more relevant industry certifications (i.e., GSEC, CISSP, CISA)
Occasional travel (up to 25% at times) to local and regional locations in pursuit of job duties and requirements
__________________________________________________________________
HIRING MANAGER'S PRE-SCREENING QUESTIONS (Responses Required for Interview Consideration):
Please answer ALL of the questions BELOW as accurately as possible. If you're determined to be reasonably qualified, you will be submitted to our client for a potential interview and direct hiring consideration for this great opportunity.
1) Please describe your experience working with cloud security posture management, vulnerability scanning, or attack surface management tools.
2) Please describe your experience performing analysis of potential security exposures.
3) Are you a US Citizen or Green Card Holder?
4) This position is subject to completing enhanced personnel screenings, which will be discussed in more detail if an interview is scheduled. Are you willing to participate in the program?
5) We provide a competitive compensation package to include a base salary, incentive pay (bonus), and comprehensive benefits which include a pension plan and matching 401(k) plan. Specifically, what are your base salary requirements? (Do not state negotiable or N/A; if need be, list a range)
__________________________________________________________________
How To Apply:
1) Please create and apply with a SINGLE (Word or PDF) merged document.
A single merged document is required for submission to the Hiring Manager for interview consideration.,
2) At the TOP of your document, copy and paste each pre-screening question and include your responses to the pre-screening questions .
You must fully and accurately respond to ALL of the pre-screening questions.
3) Include your standard resume content below your responses to the screening questions.
Your resume must clearly show your personal email address and direct phone number.
4) Click on the APPLY button or email support@mpndiversityrecruiters.com to send BOTH your responses to the prescreening questions and your resume to MPN Diversity Recruiters.
Document Creation Tips: The easiest way to create the required SINGLE document correctly is to open your existing resume file, insert a blank page at the top, copy and paste the screening questions from above into your document, add your responses to each question, and then save and email or upload the file.
Call 404-629-9323 if you have any questions.
Full Time
Our Fortune 200 Company client is seeking to DIRECTLY HIRE a Cybersecurity Exposure Management Analyst to join its Cybersecurity organization. This position can be based in either Atlanta, GA or Birmingham, AL.
CANDIDATE SUBMISSION REQUIREMENTS:
Please carefully read before applying. You can only be considered for referral to the hiring manager IF you meet ALL of the requirements below.
1) You must apply with a SINGLE document (in Word or PDF).
This single merged document must include each of the Hiring Manager's pre-screening questions shown BELOW and your detailed responses (at the TOP) followed by your usual resume/CV content.
2) You must be permanently authorized to work in the U.S. WITHOUT requiring any current or future sponsorship.
In a nutshell, you must be a U.S. citizen or current permanent resident (green) cardholder.
3) You must currently reside or self-relocate to be within commutable distance to Atlanta, GA or Birmingham, AL .
4) You must be reasonably qualified and comply with ALL of the above requirements to receive consideration for an interview referral to the Hiring Manager for this role.
In our Fortune 200 Company , our core objective is to ensure safe and reliable computing environment for the consumers of our services, both internally and externally. Our complex environment generates a constant stream of challenges which require continual innovation with an evolving set of technologies. Keeping the network safe and reliable ensures that our users stay connected with our applications, products and services. Our Fortune 200 Company is committed to supporting the professional development and growth of its employees and fosters an environment of diversity, equity, and inclusion.
Position Overview:
Fortune 200 Company is seeking a passionate and experienced Exposure Management Analyst to join our Cybersecurity organization . This is a technical, hands-on role that requires the ability to assess exposures, analyze risks, and advise strategies to mitigate exposure. This role will support day-to-day continuous threat and exposure management operations focused on identifying and escalating exposed risks. Work outputs will support implementation of security technologies and controls to improve defensive posture, implementation of processes in support of investigations, and development of detection capabilities.
Qualifications:
Bachelor’s degree in computer science, technology, engineering or security-related field or equivalent experience
Minimum 5 years IT or security experience
Demonstrated expertise in supporting vulnerability and patch management programs, enhancing application security, and conducting thorough analyses of potential exposures
Experience working with vulnerability scanning, attack surface management, and cloud security posture management tools
Understanding of OWASP common vulnerabilities and testing methodologies
Understanding of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, code injection, race conditions, covert channel, replay, return-oriented attacks)
Understanding and familiarity with different operating systems (e.g., Windows and LINUX/UNIX systems)
Knowledge of IT security / hardening best practices; including but not limited to operating systems, web applications, and network devices.
Experience building interactive dashboards and reports in PowerBI to visualize security metrics and exposure management data, including remediation progress, risk exposure, etc.
Proficient in Microsoft Excel, including advanced functions such as PivotTables, VLOOKUP, and data analysis tools to organize, summarize, and interpret complex datasets.
Experience using a SIEM to run search queries, perform log analysis, and build dashboards to monitor potential exposures
Ability to effectively organize tasks, manage multiple priorities/details, meet schedules, and deliver on commitments
Ability to thrive in a fast-paced environment, demonstrating adaptability and flexibility in response to changing priorities and emerging threats.
Experience driving discussions and consensus across a broad group of stakeholders and cross functional teams regarding patching, security recommendations, and mitigations strategies
Strong verbal and written communication skills, with the ability to work independently and collaboratively within a team. Proven experience interacting with both technical and non-technical stakeholders.
Job Responsibilities:
Support day-to-day operations of the exposure management program, including data review, report processing, and trend analysis. Track remediation of identified risks and mitigation strategies and escalate findings to key stakeholders.
Ability to analyze potential security risks and determine applicability to our environment
Execute emergency vulnerability workflows and procedures
Stay informed about publicly disclosed vulnerabilities (CVEs) and potential vulnerabilities (rumors, blogs, partial public analysis).
Map vulnerability assessment results to asset inventory and key stakeholders. Calculate prioritization based on risk assessment.
Identify and recommend appropriate compensating controls to manage and remediate vulnerability risk with the focus on reducing potential impacts
Support development of vulnerability metrics and remediation-related dashboards and reports
Understand enterprise policies and advise policies and technical standards with specific regard to vulnerability management, scanning procedures and secure configuration
Coordinate with key business partners to understand, prioritize, and coordinate vulnerability remediation activities
Collaborate with peers from across the organization and maintain excellent working relationships with key partners across Technology Organization functions and business partners
Understand business requirements and work with business partners to define appropriate solutions, meeting both security mandates and business needs
Demonstrates strong critical thinking and curiosity, essential for effectively analyzing and addressing security threats and vulnerabilities.
Demonstrate Fortune 200 Company values of Safety First, Unquestionable Trust, Superior Performance, and Total Commitment
Job Requirements :
Required to submit to a thorough background examination
Ability to understand business requirements and present appropriate solutions
Ability to work independently or within a team
Ability to effectively organize tasks, manage multiple priorities/details, meet schedules, and deliver on commitments
Solid verbal and written communication skills
Demonstrated critical, independent thinking; demonstrated ability to conceive and present creative solutions
Must pass NERC CIP & Insider Threat Protection background checks
One or more relevant industry certifications (i.e., GSEC, CISSP, CISA)
Occasional travel (up to 25% at times) to local and regional locations in pursuit of job duties and requirements
__________________________________________________________________
HIRING MANAGER'S PRE-SCREENING QUESTIONS (Responses Required for Interview Consideration):
Please answer ALL of the questions BELOW as accurately as possible. If you're determined to be reasonably qualified, you will be submitted to our client for a potential interview and direct hiring consideration for this great opportunity.
1) Please describe your experience working with cloud security posture management, vulnerability scanning, or attack surface management tools.
2) Please describe your experience performing analysis of potential security exposures.
3) Are you a US Citizen or Green Card Holder?
4) This position is subject to completing enhanced personnel screenings, which will be discussed in more detail if an interview is scheduled. Are you willing to participate in the program?
5) We provide a competitive compensation package to include a base salary, incentive pay (bonus), and comprehensive benefits which include a pension plan and matching 401(k) plan. Specifically, what are your base salary requirements? (Do not state negotiable or N/A; if need be, list a range)
__________________________________________________________________
How To Apply:
1) Please create and apply with a SINGLE (Word or PDF) merged document.
A single merged document is required for submission to the Hiring Manager for interview consideration.,
2) At the TOP of your document, copy and paste each pre-screening question and include your responses to the pre-screening questions .
You must fully and accurately respond to ALL of the pre-screening questions.
3) Include your standard resume content below your responses to the screening questions.
Your resume must clearly show your personal email address and direct phone number.
4) Click on the APPLY button or email support@mpndiversityrecruiters.com to send BOTH your responses to the prescreening questions and your resume to MPN Diversity Recruiters.
Document Creation Tips: The easiest way to create the required SINGLE document correctly is to open your existing resume file, insert a blank page at the top, copy and paste the screening questions from above into your document, add your responses to each question, and then save and email or upload the file.
Call 404-629-9323 if you have any questions.
Controlled Unclassified Information, Information Systems Security Manager
Montana State University
Position Information
Announcement Number: STAFF - VA - 26148
For questions regarding this position, please contact: John Williams john.williams25@montana.edu 406-994-7841
Classification Title: IT Professional
Working Title: Controlled Unclassified Information, Information Systems Security Manager
Brief Position Overview
The Controlled Unclassified Information (CUI) Information Systems Security Manager (ISSM) will be responsible for the management and oversight of all CUI IT capabilities for Research, including planning, programming, and developing compliant IT capabilities for MSU stakeholders and contractors providing services, to ensure compliance with all evolving Research and CUI protection requirements. The Controlled Unclassified Information ISSM at Montana State University will report to the Chief Information Security Officer (CISO) in University Information Technology, supporting work across all MSU Research units under Research and Economic Development.
Position Number: 4C1114
Department: UIT Info Security
Division: VP for Information Technology
Appointment Type: Professional
Contract Term: Fiscal Year
Semester:
If other, specify From date:
If other, specify End date:
FLSA: Exempt
Union Affiliation: Exempt from Collective Bargaining
FTE: 1.0 FTE
Benefits Eligible: Eligible
Salary: $120,000 annually, commensurate with experience, education, and qualifications.
Contract Type: LOA
If other, please specify:
Recruitment Type: Open
Position Details
General Statement
The CUI Information Systems Security Manager supports Montana State University’s IT mission by developing and accessing compliant IT capabilities for Research contracts containing Controlled Unclassified Information (CUI) IT requirements in accordance with Executive Order 13556, 32 CFR 2002, Federal Acquisition Regulations (FAR), Defense Federal Acquisition Regulation Supplements (DFARS), the Defense Counterintelligence and Security Agency (DCSA) or other government entities who execute research contracts with MSU.
The CUI Information Systems Security Manager will remain current with training and guidance provided by the National Archives and Records Administration (NARA) and the Information Security Oversight Office (ISOO) as well as all requirements levied by federal government entities associated with MSU research contracts.
Duties and Responsibilities
This position will support stakeholders by developing and providing a compliant IT framework, processes, procedures, and resources required to work with CUI, including working with IT staff, researchers, and key stakeholders to design compliant solutions in order to meet functional needs; and direct efforts for support and troubleshooting of CUI IT issues.
This position will also work in required governmental systems of record to provide federal and state entities responses to compliance inquiries and to report compliance with established standards under NIST SP 800-171, the Cybersecurity Maturation Model Certification (CMMC) Program, and any newly established standards for information protection levied by research contracts or federal law.
Duties will include, but are not limited to, tasks such as the following: • Provide expertise and coordinate the development of University Research information security technical standards, guidelines, and procedures, based on a recognized framework of best practices and in support of Montana State University policies and regulations, such as Cybersecurity Maturity Model Certification (CMMC), NIST 800-171, and NIST 800-53. • Contribute CUI cybersecurity knowledge and information to assist with risk analysis and risk management activities, and security and compliance reviews. • Prepare and maintain system security plans (SSPs) and plans of action and milestones (POA&M) for various CUI IT capabilities supporting research projects. • In conjunction with the MSU Research Security Program, review research proposals with CUI elements and requirements, and develop contract-specific CUI Information Technology capabilities, as required. • Develop and implement the management of compliant CUI IT systems to effectively manage processes around user onboarding, offboarding and maintaining appropriate permissions for access to CUI IT resources, working in conjunction with the Office of Research Security and UIT’s Research CIO and team. • Develop processes for appropriate oversight and management of all CUI endpoints including inventory management, patching, auditing, inspecting, upgrading, troubleshooting and supporting necessary requirements for any endpoint accessing CUI information systems or otherwise processing CUI for any research contract. • Develop and maintain processes to manage user access and configuration for IT Information Systems and Servers and manage CUI IT user accounts and ensure that users with access are properly trained and using the resource in accordance with Technology Control Plans. • Develop or review Technology Control Plans and other required CUI documents in coordination with the MSU Research Security Program pertaining to Information Technology as needed. • Develop streamlined processes and procedures involving stakeholders to expedite training, access, oversight, and support for internal and external customers. • Conduct site-visits, inspections and audits at locations where MSU works with CUI to ensure IT security practices, procedures, policies, and guidance are being followed. • Utilize the Supplier Performance Risk System (SPRS) and other government or 3rd party systems of record to develop and provide reports and perform necessary actions to achieve or maintain compliance standards. • Actively remain current and knowledgeable on existing and newly emerging Federal Government standards, policies, regulations and laws pertaining to CUI Information Technology management and security control requirements. Secure industry-standard Information Assurance certifications appropriate to the position as required by management. • Perform supervisory functions directly and indirectly with Research IT employees in various departments across MSU. Oversee and direct the deployment of CUI policies, guidance and procedures, and work with centers, institutes and departments to ensure consistent implementation of Research CIO’s guidance for CUI within Research contracts.
Required Qualifications – Experience, Education, Knowledge & Skills
1. Demonstrated progressively responsible experience working with IT-focused management of information security programs. 2. Demonstrated experience working with Controlled Unclassified Information (CUI) pursuant to requirements in 32 CFR 2002. 3. Demonstrated knowledge and experience working with various security and regulatory compliance standards, such as the Cybersecurity Maturity Model Certification (CMMC); NIST SP 800-171 and NIST SP 800-53. 4. Demonstrated experience using written and verbal communication skills to present technical information and technical solutions. 5. Bachelor’s Degree in Information Systems, Computer Science, Computer Engineering or related, or an equivalent combination of education and experience.
Preferred Qualifications – Experience, Education, Knowledge & Skills
1. Master’s Degree in Information Technology or directly relevant discipline. 2. Experience working with US government security policies, regulations, and procedures to include implementation and management of compliance processes, procedures, and best practices. 3. Prior experience working in University Research environments with federal information protection requirements. 4. Demonstrated familiarity with any of the following key elements: Federal Acquisition Regulations (FAR), Defense Federal Acquisition Regulation Supplements (DFARS), the Information Security Oversight Office (ISOO) and/or the Defense Counterintelligence and Security Agency (DCSA) 5. If not already held, this position prefers the applicant to be capable of obtaining industry-standard Information Assurance certifications appropriate to this position such as Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) or similar within 6 months of established requirement. 6. Current or previous US government security clearance
The Successful Candidate Will
• Provide proactive leadership and subject matter expertise to identify federal processes and procedures and responsively provide solutions for CUI requirements supporting Controlled Research. • Be results-focused and an active problem solver, able to successfully operate nearly autonomously in a complex, fast-paced environment. • Possess and utilize excellent written, public speaking, and other communication skills to effectively develop and deliver CUI content for a variety of stakeholders. • Appropriately handle sensitive information and circumstances, including during high-stress incidents. • Collaborate effectively with law enforcement, technical staff, and executive personnel at the university and within the Federal Government. • Continuously strive to improve existing programs to enhance information security, expedite support, establish cost-saving measures, and streamline CUI program processes.
Position Special Requirements/Additional Information
This position is contingent upon continuation of funding.
Remote or Hybrid work schedule may be considered.
The successful candidate must be able to comply with the federally mandated requirements of U.S. export control laws, which may require proof that candidate is a U.S. person. Per 22 CFR §120.62, U.S. person means a person who is a lawful permanent resident as defined by 8 U.S.C. 1101(a)(20) or who is a protected individual as defined by 8 U.S.C. 1324b(a)(3).
This position may require the ability to obtain a Security Clearance and/or meet other government-defined restrictions appropriate for work level and access.
Other security-related requirements will include receiving favorable background checks by state and federal agencies pursuant to federal law and regulations.
This job description should not be construed as an exhaustive statement of duties, responsibilities, or requirements, but a general description of the job. Nothing contained herein restricts Montana State University’s rights to assign or reassign duties and responsibilities to this job at any time.
Physical Demands
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily with or without reasonable accommodations. The requirements listed above are representative of the knowledge, skill, and/or ability required.
This position has supervisory duties?: Yes
Posting Detail Information
Number of Vacancies: 1
Desired Start Date: Upon completion of a successful search
Position End Date (if temporary):
Open Date:
Close Date:
Applications will be: Screening of applications will begin on October 27, 2025; however, applications will continue to be accepted until an adequate applicant pool has been established.
Special Instructions
EEO Statement
Montana State University is an equal opportunity employer. MSU does not discriminate against any applicant on the basis of race, color, religion, creed, political ideas, sex, sexual orientation, gender identity or expression, age, marital status, national origin, physical or mental disability, or any other protected class status in violation of any applicable law.
In compliance with the Montana Veteran’s Employment Preference Act, MSU provides preference in employment to veterans, disabled veterans, and certain eligible relatives of veterans. To claim veteran’s preference, please complete the veteran’s preference information located in the Demographics section of your profile.
Applicant Documents
Required Documents
1. Resume 2. Cover Letter
To apply, visit https://apptrkr.com/6614868
Full Time
Controlled Unclassified Information, Information Systems Security Manager
Montana State University
Position Information
Announcement Number: STAFF - VA - 26148
For questions regarding this position, please contact: John Williams john.williams25@montana.edu 406-994-7841
Classification Title: IT Professional
Working Title: Controlled Unclassified Information, Information Systems Security Manager
Brief Position Overview
The Controlled Unclassified Information (CUI) Information Systems Security Manager (ISSM) will be responsible for the management and oversight of all CUI IT capabilities for Research, including planning, programming, and developing compliant IT capabilities for MSU stakeholders and contractors providing services, to ensure compliance with all evolving Research and CUI protection requirements. The Controlled Unclassified Information ISSM at Montana State University will report to the Chief Information Security Officer (CISO) in University Information Technology, supporting work across all MSU Research units under Research and Economic Development.
Position Number: 4C1114
Department: UIT Info Security
Division: VP for Information Technology
Appointment Type: Professional
Contract Term: Fiscal Year
Semester:
If other, specify From date:
If other, specify End date:
FLSA: Exempt
Union Affiliation: Exempt from Collective Bargaining
FTE: 1.0 FTE
Benefits Eligible: Eligible
Salary: $120,000 annually, commensurate with experience, education, and qualifications.
Contract Type: LOA
If other, please specify:
Recruitment Type: Open
Position Details
General Statement
The CUI Information Systems Security Manager supports Montana State University’s IT mission by developing and accessing compliant IT capabilities for Research contracts containing Controlled Unclassified Information (CUI) IT requirements in accordance with Executive Order 13556, 32 CFR 2002, Federal Acquisition Regulations (FAR), Defense Federal Acquisition Regulation Supplements (DFARS), the Defense Counterintelligence and Security Agency (DCSA) or other government entities who execute research contracts with MSU.
The CUI Information Systems Security Manager will remain current with training and guidance provided by the National Archives and Records Administration (NARA) and the Information Security Oversight Office (ISOO) as well as all requirements levied by federal government entities associated with MSU research contracts.
Duties and Responsibilities
This position will support stakeholders by developing and providing a compliant IT framework, processes, procedures, and resources required to work with CUI, including working with IT staff, researchers, and key stakeholders to design compliant solutions in order to meet functional needs; and direct efforts for support and troubleshooting of CUI IT issues.
This position will also work in required governmental systems of record to provide federal and state entities responses to compliance inquiries and to report compliance with established standards under NIST SP 800-171, the Cybersecurity Maturation Model Certification (CMMC) Program, and any newly established standards for information protection levied by research contracts or federal law.
Duties will include, but are not limited to, tasks such as the following: • Provide expertise and coordinate the development of University Research information security technical standards, guidelines, and procedures, based on a recognized framework of best practices and in support of Montana State University policies and regulations, such as Cybersecurity Maturity Model Certification (CMMC), NIST 800-171, and NIST 800-53. • Contribute CUI cybersecurity knowledge and information to assist with risk analysis and risk management activities, and security and compliance reviews. • Prepare and maintain system security plans (SSPs) and plans of action and milestones (POA&M) for various CUI IT capabilities supporting research projects. • In conjunction with the MSU Research Security Program, review research proposals with CUI elements and requirements, and develop contract-specific CUI Information Technology capabilities, as required. • Develop and implement the management of compliant CUI IT systems to effectively manage processes around user onboarding, offboarding and maintaining appropriate permissions for access to CUI IT resources, working in conjunction with the Office of Research Security and UIT’s Research CIO and team. • Develop processes for appropriate oversight and management of all CUI endpoints including inventory management, patching, auditing, inspecting, upgrading, troubleshooting and supporting necessary requirements for any endpoint accessing CUI information systems or otherwise processing CUI for any research contract. • Develop and maintain processes to manage user access and configuration for IT Information Systems and Servers and manage CUI IT user accounts and ensure that users with access are properly trained and using the resource in accordance with Technology Control Plans. • Develop or review Technology Control Plans and other required CUI documents in coordination with the MSU Research Security Program pertaining to Information Technology as needed. • Develop streamlined processes and procedures involving stakeholders to expedite training, access, oversight, and support for internal and external customers. • Conduct site-visits, inspections and audits at locations where MSU works with CUI to ensure IT security practices, procedures, policies, and guidance are being followed. • Utilize the Supplier Performance Risk System (SPRS) and other government or 3rd party systems of record to develop and provide reports and perform necessary actions to achieve or maintain compliance standards. • Actively remain current and knowledgeable on existing and newly emerging Federal Government standards, policies, regulations and laws pertaining to CUI Information Technology management and security control requirements. Secure industry-standard Information Assurance certifications appropriate to the position as required by management. • Perform supervisory functions directly and indirectly with Research IT employees in various departments across MSU. Oversee and direct the deployment of CUI policies, guidance and procedures, and work with centers, institutes and departments to ensure consistent implementation of Research CIO’s guidance for CUI within Research contracts.
Required Qualifications – Experience, Education, Knowledge & Skills
1. Demonstrated progressively responsible experience working with IT-focused management of information security programs. 2. Demonstrated experience working with Controlled Unclassified Information (CUI) pursuant to requirements in 32 CFR 2002. 3. Demonstrated knowledge and experience working with various security and regulatory compliance standards, such as the Cybersecurity Maturity Model Certification (CMMC); NIST SP 800-171 and NIST SP 800-53. 4. Demonstrated experience using written and verbal communication skills to present technical information and technical solutions. 5. Bachelor’s Degree in Information Systems, Computer Science, Computer Engineering or related, or an equivalent combination of education and experience.
Preferred Qualifications – Experience, Education, Knowledge & Skills
1. Master’s Degree in Information Technology or directly relevant discipline. 2. Experience working with US government security policies, regulations, and procedures to include implementation and management of compliance processes, procedures, and best practices. 3. Prior experience working in University Research environments with federal information protection requirements. 4. Demonstrated familiarity with any of the following key elements: Federal Acquisition Regulations (FAR), Defense Federal Acquisition Regulation Supplements (DFARS), the Information Security Oversight Office (ISOO) and/or the Defense Counterintelligence and Security Agency (DCSA) 5. If not already held, this position prefers the applicant to be capable of obtaining industry-standard Information Assurance certifications appropriate to this position such as Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) or similar within 6 months of established requirement. 6. Current or previous US government security clearance
The Successful Candidate Will
• Provide proactive leadership and subject matter expertise to identify federal processes and procedures and responsively provide solutions for CUI requirements supporting Controlled Research. • Be results-focused and an active problem solver, able to successfully operate nearly autonomously in a complex, fast-paced environment. • Possess and utilize excellent written, public speaking, and other communication skills to effectively develop and deliver CUI content for a variety of stakeholders. • Appropriately handle sensitive information and circumstances, including during high-stress incidents. • Collaborate effectively with law enforcement, technical staff, and executive personnel at the university and within the Federal Government. • Continuously strive to improve existing programs to enhance information security, expedite support, establish cost-saving measures, and streamline CUI program processes.
Position Special Requirements/Additional Information
This position is contingent upon continuation of funding.
Remote or Hybrid work schedule may be considered.
The successful candidate must be able to comply with the federally mandated requirements of U.S. export control laws, which may require proof that candidate is a U.S. person. Per 22 CFR §120.62, U.S. person means a person who is a lawful permanent resident as defined by 8 U.S.C. 1101(a)(20) or who is a protected individual as defined by 8 U.S.C. 1324b(a)(3).
This position may require the ability to obtain a Security Clearance and/or meet other government-defined restrictions appropriate for work level and access.
Other security-related requirements will include receiving favorable background checks by state and federal agencies pursuant to federal law and regulations.
This job description should not be construed as an exhaustive statement of duties, responsibilities, or requirements, but a general description of the job. Nothing contained herein restricts Montana State University’s rights to assign or reassign duties and responsibilities to this job at any time.
Physical Demands
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily with or without reasonable accommodations. The requirements listed above are representative of the knowledge, skill, and/or ability required.
This position has supervisory duties?: Yes
Posting Detail Information
Number of Vacancies: 1
Desired Start Date: Upon completion of a successful search
Position End Date (if temporary):
Open Date:
Close Date:
Applications will be: Screening of applications will begin on October 27, 2025; however, applications will continue to be accepted until an adequate applicant pool has been established.
Special Instructions
EEO Statement
Montana State University is an equal opportunity employer. MSU does not discriminate against any applicant on the basis of race, color, religion, creed, political ideas, sex, sexual orientation, gender identity or expression, age, marital status, national origin, physical or mental disability, or any other protected class status in violation of any applicable law.
In compliance with the Montana Veteran’s Employment Preference Act, MSU provides preference in employment to veterans, disabled veterans, and certain eligible relatives of veterans. To claim veteran’s preference, please complete the veteran’s preference information located in the Demographics section of your profile.
Applicant Documents
Required Documents
1. Resume 2. Cover Letter
To apply, visit https://apptrkr.com/6614868
MPN Diversity Recruiters
Atlanta, GA or Birmingham, AL
Our Fortune 200 Company client is seeking to DIRECTLY HIRE a talented Cloud Identity Security Analyst to join its Cybersecurity organization. This position can be based in either Atlanta, GA or Birmingham, AL.
CANDIDATE SUBMISSION REQUIREMENTS: (Please carefully read before applying)
You must apply with a SINGLE merged document that includes BOTH your detailed responses to the Hiring Manager's pre-screening questions (shown BELOW) and your current resume content .
You must presently be permanently authorized (i.e., U.S. citizen or permanent resident cardholder) to work in the U.S. WITHOUT requiring any current or future sponsorship.
You must currently reside or self-relocate to be within commutable distance to Atlanta, GA or Birmingham, AL .
You must be reasonably qualified and comply with ALL of the above requirements to receive consideration for an interview referral to the Hiring Manager for this role.
POSITION SUMMARY
The Cybersecurity organization is seeking a Cloud Identity Security Analyst to assist in the application integration, security hardening, and tenant management duties of the cloud identity team.
The successful candidate will have responsibility for maintaining and advising the direction of Southern Company’s cloud-based identity providers (IDPs). Primarily, this role will focus on Microsoft Entra ID and Oracle Identity Cloud Service (IDCS). Effort will be directed towards integration with cloud-based apps, hardening and risk reduction, coordination with on-premises identity, as well as connectivity with other cloud-based IDPs. Qualified candidates need to be able to interact with services vendors, align strategy and execution to increase IAM maturity, anticipate future requirements for complex environments, keep up with current security trends, be focused on results, and be a self-starter.
This role will directly support the company’s efforts to mitigate real and potential cyber threats to the company’s facilities, personnel, technology, operations, and brand – including critical electric and gas utility infrastructure and its privately owned telecommunications network.
Fortune 200 Company is headquartered in Atlanta and we bring energy to homes and businesses across the country. We’ve made our name as a leading producer of clean, safe, reliable and affordable energy, and we approach each day as a vital step in building the future of energy. We’re always looking ahead, and our innovations in the industry – from new nuclear to deployment of electric transportation and renewables – to help brighten the lives and businesses of millions of customers nationwide. Our team is critical to building the future of energy with secure, resilient, and sustainable cyber solutions.
Defend. Protect. Enable.
Job Responsibilities:
Architecture, integration, lifecycle, and future planning for Microsoft Entra ID and Oracle IDCS identity providers.
Creation and lifecycle of cloud-native identities such as Service Principals and App Registrations.
Integration of applications using cloud-native identity protocols such as SAML, Oauth, or OpenID.
Implementation of new security feature sets to address modern risks such as FIDO/Passkeys.
Triage and escalation of cloud identity issues – with the technology and with individual business partners.
Build automations where possible to facilitate repeat work or reporting within the cloud environments.
Mentoring others in the area of IAM, cloud identity, and modern authentication principles and best practices.
Serve as a trusted advisor to our stakeholders, by designing security solutions, for improved security and business enablement.
Maintain various controls to meet regulatory requirements, including but not limited to Sarbanes-Oxley (SOX), FERC and NERC.
Monitor, forecast, and prepare for new regulatory requirements or cloud technology changes.
Aid in the development of standards and polices for the IAM program.
Enhance processes to facilitate improved operational efficiencies, risk mitigation, and customer interactions.
Lead and deliver cloud identity projects in scope, on time, and within budget.
Provide expertise to assist in the development of Southern Company’s security architecture – identify areas of opportunity, research alternatives, and recommend solutions.
Requirements and qualifications:
Required :
Experience managing cloud-native identity providers, specifically Microsoft Entra ID and Oracle IDCS.
Experience with cloud application integrations using SAML or OpenID.
Experience with OAuth IDs (Service Principals), their configuration, lifecycle, and long-term risk management.
An understanding of cloud role-based access controls and their unique differences from on-prem.
Ability to leverage user dynamic risk, progressive authentication, self-service.
Knowledge of modern authentication methods e.g. FIDO, Biometrics, Passwordless.
Knowledge of cloud entitlement management and best practices.
Must pass NERC CIP & Insider Threat Protection background checks.
Desired :
Technical knowledge with the following concepts: On-premises SSO, Active Directory, Privileged Account Management, PKI
A solid understanding of IAM related protocols and standards such as: SAML, OAuth/OIDC, SCIM, FIDO, RADIUS, LDAPS, Kerberos.
Strong verbal communication, and presentation skills.
Competency in APIs (Rest, Graph) and/or JavaScript/Python/JSON/SQL.
Experience prioritizing and executing with minimal direction or oversight.
Industry certifications such as: CISSP, CCSP, CISA, GIAC, OSCP, CRISC, CCNP, etc.
Experience with information security frameworks such as: COBIT, NIST, OWASP, etc.
Familiarity with nation state, sophisticated criminal, and supply chain threats.
__________________________________________________________________
HIRING MANAGER'S PRE-SCREENING QUESTIONS (Responses Required for Interview Consideration):
Please answer ALL of the questions BELOW as accurately as possible. If you're determined to be reasonably qualified, you will be submitted to our client for a potential interview and direct hiring consideration for this great opportunity.
1) Describe your previous technology background with specific focus on any identity roles.
2) What is one of the most critical risks in identity today – and how would you solve it in short order?
3) What are two ways that cloud identities are vastly different from managing on-prem identities?
4) Other than AI, what are some of the most important technology trends right now?
5) Are you a US Citizen or current Green Card Holder?
6) What are your base salary requirements. A range is fine.
__________________________________________________________________
How To Apply:
1) Please create and apply with a SINGLE (Word or PDF) merged document.
A single merged document is required for submission to the Hiring Manager for interview consideration.,
2) At the TOP of your document, copy and paste each pre-screening question and include your responses to the pre-screening questions .
You must fully and accurately respond to ALL of the pre-screening questions.
3) Include your standard resume content below your responses to the screening questions.
Your resume must clearly show your personal email address and direct phone number.
4) Click on the APPLY button or email support@mpndiversityrecruiters.com to send BOTH your responses to the prescreening questions and your resume to MPN Diversity Recruiters.
Document Creation Tips: The easiest way to create the required SINGLE document correctly is to open your existing resume file, insert a blank page at the top, copy and paste the screening questions from above into your document, add your responses to each question, and then save and email or upload the file.
Call 404-629-9323 if you have any questions.
Full Time
Our Fortune 200 Company client is seeking to DIRECTLY HIRE a talented Cloud Identity Security Analyst to join its Cybersecurity organization. This position can be based in either Atlanta, GA or Birmingham, AL.
CANDIDATE SUBMISSION REQUIREMENTS: (Please carefully read before applying)
You must apply with a SINGLE merged document that includes BOTH your detailed responses to the Hiring Manager's pre-screening questions (shown BELOW) and your current resume content .
You must presently be permanently authorized (i.e., U.S. citizen or permanent resident cardholder) to work in the U.S. WITHOUT requiring any current or future sponsorship.
You must currently reside or self-relocate to be within commutable distance to Atlanta, GA or Birmingham, AL .
You must be reasonably qualified and comply with ALL of the above requirements to receive consideration for an interview referral to the Hiring Manager for this role.
POSITION SUMMARY
The Cybersecurity organization is seeking a Cloud Identity Security Analyst to assist in the application integration, security hardening, and tenant management duties of the cloud identity team.
The successful candidate will have responsibility for maintaining and advising the direction of Southern Company’s cloud-based identity providers (IDPs). Primarily, this role will focus on Microsoft Entra ID and Oracle Identity Cloud Service (IDCS). Effort will be directed towards integration with cloud-based apps, hardening and risk reduction, coordination with on-premises identity, as well as connectivity with other cloud-based IDPs. Qualified candidates need to be able to interact with services vendors, align strategy and execution to increase IAM maturity, anticipate future requirements for complex environments, keep up with current security trends, be focused on results, and be a self-starter.
This role will directly support the company’s efforts to mitigate real and potential cyber threats to the company’s facilities, personnel, technology, operations, and brand – including critical electric and gas utility infrastructure and its privately owned telecommunications network.
Fortune 200 Company is headquartered in Atlanta and we bring energy to homes and businesses across the country. We’ve made our name as a leading producer of clean, safe, reliable and affordable energy, and we approach each day as a vital step in building the future of energy. We’re always looking ahead, and our innovations in the industry – from new nuclear to deployment of electric transportation and renewables – to help brighten the lives and businesses of millions of customers nationwide. Our team is critical to building the future of energy with secure, resilient, and sustainable cyber solutions.
Defend. Protect. Enable.
Job Responsibilities:
Architecture, integration, lifecycle, and future planning for Microsoft Entra ID and Oracle IDCS identity providers.
Creation and lifecycle of cloud-native identities such as Service Principals and App Registrations.
Integration of applications using cloud-native identity protocols such as SAML, Oauth, or OpenID.
Implementation of new security feature sets to address modern risks such as FIDO/Passkeys.
Triage and escalation of cloud identity issues – with the technology and with individual business partners.
Build automations where possible to facilitate repeat work or reporting within the cloud environments.
Mentoring others in the area of IAM, cloud identity, and modern authentication principles and best practices.
Serve as a trusted advisor to our stakeholders, by designing security solutions, for improved security and business enablement.
Maintain various controls to meet regulatory requirements, including but not limited to Sarbanes-Oxley (SOX), FERC and NERC.
Monitor, forecast, and prepare for new regulatory requirements or cloud technology changes.
Aid in the development of standards and polices for the IAM program.
Enhance processes to facilitate improved operational efficiencies, risk mitigation, and customer interactions.
Lead and deliver cloud identity projects in scope, on time, and within budget.
Provide expertise to assist in the development of Southern Company’s security architecture – identify areas of opportunity, research alternatives, and recommend solutions.
Requirements and qualifications:
Required :
Experience managing cloud-native identity providers, specifically Microsoft Entra ID and Oracle IDCS.
Experience with cloud application integrations using SAML or OpenID.
Experience with OAuth IDs (Service Principals), their configuration, lifecycle, and long-term risk management.
An understanding of cloud role-based access controls and their unique differences from on-prem.
Ability to leverage user dynamic risk, progressive authentication, self-service.
Knowledge of modern authentication methods e.g. FIDO, Biometrics, Passwordless.
Knowledge of cloud entitlement management and best practices.
Must pass NERC CIP & Insider Threat Protection background checks.
Desired :
Technical knowledge with the following concepts: On-premises SSO, Active Directory, Privileged Account Management, PKI
A solid understanding of IAM related protocols and standards such as: SAML, OAuth/OIDC, SCIM, FIDO, RADIUS, LDAPS, Kerberos.
Strong verbal communication, and presentation skills.
Competency in APIs (Rest, Graph) and/or JavaScript/Python/JSON/SQL.
Experience prioritizing and executing with minimal direction or oversight.
Industry certifications such as: CISSP, CCSP, CISA, GIAC, OSCP, CRISC, CCNP, etc.
Experience with information security frameworks such as: COBIT, NIST, OWASP, etc.
Familiarity with nation state, sophisticated criminal, and supply chain threats.
__________________________________________________________________
HIRING MANAGER'S PRE-SCREENING QUESTIONS (Responses Required for Interview Consideration):
Please answer ALL of the questions BELOW as accurately as possible. If you're determined to be reasonably qualified, you will be submitted to our client for a potential interview and direct hiring consideration for this great opportunity.
1) Describe your previous technology background with specific focus on any identity roles.
2) What is one of the most critical risks in identity today – and how would you solve it in short order?
3) What are two ways that cloud identities are vastly different from managing on-prem identities?
4) Other than AI, what are some of the most important technology trends right now?
5) Are you a US Citizen or current Green Card Holder?
6) What are your base salary requirements. A range is fine.
__________________________________________________________________
How To Apply:
1) Please create and apply with a SINGLE (Word or PDF) merged document.
A single merged document is required for submission to the Hiring Manager for interview consideration.,
2) At the TOP of your document, copy and paste each pre-screening question and include your responses to the pre-screening questions .
You must fully and accurately respond to ALL of the pre-screening questions.
3) Include your standard resume content below your responses to the screening questions.
Your resume must clearly show your personal email address and direct phone number.
4) Click on the APPLY button or email support@mpndiversityrecruiters.com to send BOTH your responses to the prescreening questions and your resume to MPN Diversity Recruiters.
Document Creation Tips: The easiest way to create the required SINGLE document correctly is to open your existing resume file, insert a blank page at the top, copy and paste the screening questions from above into your document, add your responses to each question, and then save and email or upload the file.
Call 404-629-9323 if you have any questions.
Controlled Unclassified Information, Information Systems Security Manager
Montana State University
Position Information
Announcement Number: STAFF - VA - 25365
For questions regarding this position, please contact:
John Williams john.williams25@montana.edu 406-994-7841
Classification Title: IT Professional
Working Title: Controlled Unclassified Information, Information Systems Security Manager
Brief Position Overview
The Controlled Unclassified Information (CUI) Information Systems Security Manager (ISSM) will be responsible for the management and oversight of all CUI IT capabilities for Research, including planning, programming, and developing compliant IT capabilities for MSU stakeholders and contractors providing services, to ensure compliance with all evolving Research and CUI protection requirements. The Controlled Unclassified Information ISSM at Montana State University will report to the Chief Information Security Officer (CISO) in University Information Technology, supporting work across all MSU Research units under Research and Economic Development.
Position Number: 4C1114
Department: UIT Info Security
Division: VP for Information Technology
Appointment Type: Professional
Contract Term: Fiscal Year
Semester:
If other, specify From date:
If other, specify End date:
FLSA: Exempt
Union Affiliation: Exempt from Collective Bargaining
FTE: 1.0 FTE
Benefits Eligible: Eligible
Salary: $120,000 annually, commensurate with experience, education, and qualifications
Contract Type: LOA
If other, please specify:
Recruitment Type: Open
Position Details
General Statement
The CUI Information Systems Security Manager supports Montana State University’s IT mission by developing and accessing compliant IT capabilities for Research contracts containing Controlled Unclassified Information (CUI) IT requirements in accordance with Executive Order 13556, 32 CFR 2002, Federal Acquisition Regulations (FAR), Defense Federal Acquisition Regulation Supplements (DFARS), the Defense Counterintelligence and Security Agency (DCSA) or other government entities who execute research contracts with MSU.
The CUI Information Systems Security Manager will remain current with training and guidance provided by the National Archives and Records Administration (NARA) and the Information Security Oversight Office (ISOO) as well as all requirements levied by federal government entities associated with MSU research contracts.
Duties and Responsibilities
This position will support stakeholders by developing and providing a compliant IT framework, processes, procedures, and resources required to work with CUI, including working with IT staff, researchers, and key stakeholders to design compliant solutions in order to meet functional needs; and direct efforts for support and troubleshooting of CUI IT issues.
This position will also work in required governmental systems of record to provide federal and state entities responses to compliance inquiries and to report compliance with established standards under NIST SP 800-171, the Cybersecurity Maturation Model Certification (CMMC) Program, and any newly established standards for information protection levied by research contracts or federal law.
Duties will include, but are not limited to, tasks such as the following: • Provide expertise and coordinate the development of University Research information security technical standards, guidelines, and procedures, based on a recognized framework of best practices and in support of Montana State University policies and regulations, such as Cybersecurity Maturity Model Certification (CMMC), NIST 800-171, and NIST 800-53. • Contribute CUI cybersecurity knowledge and information to assist with risk analysis and risk management activities, and security and compliance reviews. • Prepare and maintain system security plans (SSPs) and plans of action and milestones (POA&M) for various CUI IT capabilities supporting research projects. • In conjunction with the MSU Research Security Program, review research proposals with CUI elements and requirements, and develop contract-specific CUI Information Technology capabilities, as required. • Develop and implement the management of compliant CUI IT systems to effectively manage processes around user onboarding, offboarding and maintaining appropriate permissions for access to CUI IT resources, working in conjunction with the Office of Research Security and UIT’s Research CIO and team. • Develop processes for appropriate oversight and management of all CUI endpoints including inventory management, patching, auditing, inspecting, upgrading, troubleshooting and supporting necessary requirements for any endpoint accessing CUI information systems or otherwise processing CUI for any research contract. • Develop and maintain processes to manage user access and configuration for IT Information Systems and Servers and manage CUI IT user accounts and ensure that users with access are properly trained and using the resource in accordance with Technology Control Plans. • Develop or review Technology Control Plans and other required CUI documents in coordination with the MSU Research Security Program pertaining to Information Technology as needed. • Develop streamlined processes and procedures involving stakeholders to expedite training, access, oversight, and support for internal and external customers. • Conduct site-visits, inspections and audits at locations where MSU works with CUI to ensure IT security practices, procedures, policies, and guidance are being followed. • Utilize the Supplier Performance Risk System (SPRS) and other government or 3rd party systems of record to develop and provide reports and perform necessary actions to achieve or maintain compliance standards. • Actively remain current and knowledgeable on existing and newly emerging Federal Government standards, policies, regulations and laws pertaining to CUI Information Technology management and security control requirements. Secure industry-standard Information Assurance certifications appropriate to the position as required by management. • Perform supervisory functions directly and indirectly with Research IT employees in various departments across MSU. Oversee and direct the deployment of CUI policies, guidance and procedures, and work with centers, institutes and departments to ensure consistent implementation of Research CIO’s guidance for CUI within Research contracts.
Required Qualifications – Experience, Education, Knowledge & Skills
1. Demonstrated progressively responsible experience working with IT-focused management of information security programs. 2. Demonstrated experience working with Controlled Unclassified Information (CUI) pursuant to requirements in 32 CFR 2002. 3. Demonstrated knowledge and experience working with various security and regulatory compliance standards, such as the Cybersecurity Maturity Model Certification (CMMC); NIST SP 800-171 and NIST SP 800-53. 4. Demonstrated experience using written and verbal communication skills to present technical information and technical solutions. 5. Bachelor’s Degree in Information Systems, Computer Science, Computer Engineering or related, or an equivalent combination of education and experience.
Preferred Qualifications – Experience, Education, Knowledge & Skills
1. Master’s Degree in Information Technology or directly relevant discipline. 2. Experience working with US government security policies, regulations, and procedures to include implementation and management of compliance processes, procedures, and best practices. 3. Prior experience working in University Research environments with federal information protection requirements. 4. Demonstrated familiarity with any of the following key elements: Federal Acquisition Regulations (FAR), Defense Federal Acquisition Regulation Supplements (DFARS), the Information Security Oversight Office (ISOO) and/or the Defense Counterintelligence and Security Agency (DCSA) 5. If not already held, this position prefers the applicant to be capable of obtaining industry-standard Information Assurance certifications appropriate to this position such as Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) or similar within 6 months of established requirement. 6. Current or previous US government security clearance
The Successful Candidate Will
• Provide proactive leadership and subject matter expertise to identify federal processes and procedures and responsively provide solutions for CUI requirements supporting Controlled Research. • Be results-focused and an active problem solver, able to successfully operate nearly autonomously in a complex, fast-paced environment. • Possess and utilize excellent written, public speaking, and other communication skills to effectively develop and deliver CUI content for a variety of stakeholders. • Appropriately handle sensitive information and circumstances, including during high-stress incidents. • Collaborate effectively with law enforcement, technical staff, and executive personnel at the university and within the Federal Government. • Continuously strive to improve existing programs to enhance information security, expedite support, establish cost-saving measures, and streamline CUI program processes.
Position Special Requirements/Additional Information
This position is located in Bozeman, MT, and is contingent upon continuation of funding.
The successful candidate must be able to comply with the federally mandated requirements of U.S. export control laws, which may require proof that candidate is a U.S. person. Per 22 CFR §120.62, U.S. person means a person who is a lawful permanent resident as defined by 8 U.S.C. 1101(a)(20) or who is a protected individual as defined by 8 U.S.C. 1324b(a)(3).
This position may require the ability to obtain a Security Clearance and/or meet other government-defined restrictions appropriate for work level and access.
Other security-related requirements will include receiving favorable background checks by state and federal agencies pursuant to federal law and regulations.
This job description should not be construed as an exhaustive statement of duties, responsibilities, or requirements, but a general description of the job. Nothing contained herein restricts Montana State University’s rights to assign or reassign duties and responsibilities to this job at any time.
Physical Demands
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily with or without reasonable accommodations. The requirements listed above are representative of the knowledge, skill, and/or ability required.
This position has supervisory duties?: Yes
Posting Detail Information
Number of Vacancies: 1
Desired Start Date: Upon completion of a successful search
Position End Date (if temporary):
Open Date:
Close Date:
Applications will be:
Screening of applications will begin on June 2, 2025; however, applications will continue to be accepted until an adequate applicant pool has been established.
Special Instructions:
EEO Statement
Montana State University is an equal opportunity employer. MSU does not discriminate against any applicant on the basis of race, color, religion, creed, political ideas, sex, sexual orientation, gender identity or expression, age, marital status, national origin, physical or mental disability, or any other protected class status in violation of any applicable law.
In compliance with the Montana Veteran’s Employment Preference Act, MSU provides preference in employment to veterans, disabled veterans, and certain eligible relatives of veterans. To claim veteran’s preference, please complete the veteran’s preference information located in the Demographics section of your profile.
Applicant Documents
Required Documents
1. Resume 2. Cover Letter
To apply, visit https://apptrkr.com/6218431
Full Time
Controlled Unclassified Information, Information Systems Security Manager
Montana State University
Position Information
Announcement Number: STAFF - VA - 25365
For questions regarding this position, please contact:
John Williams john.williams25@montana.edu 406-994-7841
Classification Title: IT Professional
Working Title: Controlled Unclassified Information, Information Systems Security Manager
Brief Position Overview
The Controlled Unclassified Information (CUI) Information Systems Security Manager (ISSM) will be responsible for the management and oversight of all CUI IT capabilities for Research, including planning, programming, and developing compliant IT capabilities for MSU stakeholders and contractors providing services, to ensure compliance with all evolving Research and CUI protection requirements. The Controlled Unclassified Information ISSM at Montana State University will report to the Chief Information Security Officer (CISO) in University Information Technology, supporting work across all MSU Research units under Research and Economic Development.
Position Number: 4C1114
Department: UIT Info Security
Division: VP for Information Technology
Appointment Type: Professional
Contract Term: Fiscal Year
Semester:
If other, specify From date:
If other, specify End date:
FLSA: Exempt
Union Affiliation: Exempt from Collective Bargaining
FTE: 1.0 FTE
Benefits Eligible: Eligible
Salary: $120,000 annually, commensurate with experience, education, and qualifications
Contract Type: LOA
If other, please specify:
Recruitment Type: Open
Position Details
General Statement
The CUI Information Systems Security Manager supports Montana State University’s IT mission by developing and accessing compliant IT capabilities for Research contracts containing Controlled Unclassified Information (CUI) IT requirements in accordance with Executive Order 13556, 32 CFR 2002, Federal Acquisition Regulations (FAR), Defense Federal Acquisition Regulation Supplements (DFARS), the Defense Counterintelligence and Security Agency (DCSA) or other government entities who execute research contracts with MSU.
The CUI Information Systems Security Manager will remain current with training and guidance provided by the National Archives and Records Administration (NARA) and the Information Security Oversight Office (ISOO) as well as all requirements levied by federal government entities associated with MSU research contracts.
Duties and Responsibilities
This position will support stakeholders by developing and providing a compliant IT framework, processes, procedures, and resources required to work with CUI, including working with IT staff, researchers, and key stakeholders to design compliant solutions in order to meet functional needs; and direct efforts for support and troubleshooting of CUI IT issues.
This position will also work in required governmental systems of record to provide federal and state entities responses to compliance inquiries and to report compliance with established standards under NIST SP 800-171, the Cybersecurity Maturation Model Certification (CMMC) Program, and any newly established standards for information protection levied by research contracts or federal law.
Duties will include, but are not limited to, tasks such as the following: • Provide expertise and coordinate the development of University Research information security technical standards, guidelines, and procedures, based on a recognized framework of best practices and in support of Montana State University policies and regulations, such as Cybersecurity Maturity Model Certification (CMMC), NIST 800-171, and NIST 800-53. • Contribute CUI cybersecurity knowledge and information to assist with risk analysis and risk management activities, and security and compliance reviews. • Prepare and maintain system security plans (SSPs) and plans of action and milestones (POA&M) for various CUI IT capabilities supporting research projects. • In conjunction with the MSU Research Security Program, review research proposals with CUI elements and requirements, and develop contract-specific CUI Information Technology capabilities, as required. • Develop and implement the management of compliant CUI IT systems to effectively manage processes around user onboarding, offboarding and maintaining appropriate permissions for access to CUI IT resources, working in conjunction with the Office of Research Security and UIT’s Research CIO and team. • Develop processes for appropriate oversight and management of all CUI endpoints including inventory management, patching, auditing, inspecting, upgrading, troubleshooting and supporting necessary requirements for any endpoint accessing CUI information systems or otherwise processing CUI for any research contract. • Develop and maintain processes to manage user access and configuration for IT Information Systems and Servers and manage CUI IT user accounts and ensure that users with access are properly trained and using the resource in accordance with Technology Control Plans. • Develop or review Technology Control Plans and other required CUI documents in coordination with the MSU Research Security Program pertaining to Information Technology as needed. • Develop streamlined processes and procedures involving stakeholders to expedite training, access, oversight, and support for internal and external customers. • Conduct site-visits, inspections and audits at locations where MSU works with CUI to ensure IT security practices, procedures, policies, and guidance are being followed. • Utilize the Supplier Performance Risk System (SPRS) and other government or 3rd party systems of record to develop and provide reports and perform necessary actions to achieve or maintain compliance standards. • Actively remain current and knowledgeable on existing and newly emerging Federal Government standards, policies, regulations and laws pertaining to CUI Information Technology management and security control requirements. Secure industry-standard Information Assurance certifications appropriate to the position as required by management. • Perform supervisory functions directly and indirectly with Research IT employees in various departments across MSU. Oversee and direct the deployment of CUI policies, guidance and procedures, and work with centers, institutes and departments to ensure consistent implementation of Research CIO’s guidance for CUI within Research contracts.
Required Qualifications – Experience, Education, Knowledge & Skills
1. Demonstrated progressively responsible experience working with IT-focused management of information security programs. 2. Demonstrated experience working with Controlled Unclassified Information (CUI) pursuant to requirements in 32 CFR 2002. 3. Demonstrated knowledge and experience working with various security and regulatory compliance standards, such as the Cybersecurity Maturity Model Certification (CMMC); NIST SP 800-171 and NIST SP 800-53. 4. Demonstrated experience using written and verbal communication skills to present technical information and technical solutions. 5. Bachelor’s Degree in Information Systems, Computer Science, Computer Engineering or related, or an equivalent combination of education and experience.
Preferred Qualifications – Experience, Education, Knowledge & Skills
1. Master’s Degree in Information Technology or directly relevant discipline. 2. Experience working with US government security policies, regulations, and procedures to include implementation and management of compliance processes, procedures, and best practices. 3. Prior experience working in University Research environments with federal information protection requirements. 4. Demonstrated familiarity with any of the following key elements: Federal Acquisition Regulations (FAR), Defense Federal Acquisition Regulation Supplements (DFARS), the Information Security Oversight Office (ISOO) and/or the Defense Counterintelligence and Security Agency (DCSA) 5. If not already held, this position prefers the applicant to be capable of obtaining industry-standard Information Assurance certifications appropriate to this position such as Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) or similar within 6 months of established requirement. 6. Current or previous US government security clearance
The Successful Candidate Will
• Provide proactive leadership and subject matter expertise to identify federal processes and procedures and responsively provide solutions for CUI requirements supporting Controlled Research. • Be results-focused and an active problem solver, able to successfully operate nearly autonomously in a complex, fast-paced environment. • Possess and utilize excellent written, public speaking, and other communication skills to effectively develop and deliver CUI content for a variety of stakeholders. • Appropriately handle sensitive information and circumstances, including during high-stress incidents. • Collaborate effectively with law enforcement, technical staff, and executive personnel at the university and within the Federal Government. • Continuously strive to improve existing programs to enhance information security, expedite support, establish cost-saving measures, and streamline CUI program processes.
Position Special Requirements/Additional Information
This position is located in Bozeman, MT, and is contingent upon continuation of funding.
The successful candidate must be able to comply with the federally mandated requirements of U.S. export control laws, which may require proof that candidate is a U.S. person. Per 22 CFR §120.62, U.S. person means a person who is a lawful permanent resident as defined by 8 U.S.C. 1101(a)(20) or who is a protected individual as defined by 8 U.S.C. 1324b(a)(3).
This position may require the ability to obtain a Security Clearance and/or meet other government-defined restrictions appropriate for work level and access.
Other security-related requirements will include receiving favorable background checks by state and federal agencies pursuant to federal law and regulations.
This job description should not be construed as an exhaustive statement of duties, responsibilities, or requirements, but a general description of the job. Nothing contained herein restricts Montana State University’s rights to assign or reassign duties and responsibilities to this job at any time.
Physical Demands
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily with or without reasonable accommodations. The requirements listed above are representative of the knowledge, skill, and/or ability required.
This position has supervisory duties?: Yes
Posting Detail Information
Number of Vacancies: 1
Desired Start Date: Upon completion of a successful search
Position End Date (if temporary):
Open Date:
Close Date:
Applications will be:
Screening of applications will begin on June 2, 2025; however, applications will continue to be accepted until an adequate applicant pool has been established.
Special Instructions:
EEO Statement
Montana State University is an equal opportunity employer. MSU does not discriminate against any applicant on the basis of race, color, religion, creed, political ideas, sex, sexual orientation, gender identity or expression, age, marital status, national origin, physical or mental disability, or any other protected class status in violation of any applicable law.
In compliance with the Montana Veteran’s Employment Preference Act, MSU provides preference in employment to veterans, disabled veterans, and certain eligible relatives of veterans. To claim veteran’s preference, please complete the veteran’s preference information located in the Demographics section of your profile.
Applicant Documents
Required Documents
1. Resume 2. Cover Letter
To apply, visit https://apptrkr.com/6218431
