Senior Director of Research Information Security

Texas Tech University

$120K — $150K *
Technical Services
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree required; Master's preferred in cybersecurity/information assurance or related field.
  • 6+ years of progressively responsible management experience, with 5+ years in information security or GRC.
  • Experience implementing NIST SP 800-171/CMMC in complex environments, particularly in higher education.
  • Hands-on knowledge of M365 (GCC/GCC High), Azure/AWS security, and EDR systems.
  • Familiarity with export controls, privacy regulations, and Texas research-security mandates.

Responsibilities

  • Manage daily operations of a research center/institute or medium-sized department.
  • Own and execute TTU's research CUI/CMMC program, including governance and policy frameworks.
  • Conduct self-assessments and coordinate third-party assessments for compliance with CMMC standards.
  • Lead training initiatives for research staff and build resource materials for compliance guidance.
  • Define continuous monitoring and incident response procedures for CUI/CMMC-compliant environments.
  • Establish performance metrics and report findings to senior leadership.

Benefits

  • Participation in a collaborative work environment.
  • Access to ongoing training and professional development resources.
  • Contributions towards a defined retirement plan.
  • Opportunities for advancement within a respected research institution.
Full Job Description
Position Description

Manages and directs the day to day operations of a research center/institute or medium sized department. Plans, coordinates and supervises the operation and activities of the center/institute/department. Develops and implements policies and procedures, administers the budget, organizes tasks and sets priorities.

Major/Essential Functions

  • Own TTU's research CUI/CMMC program charter, roadmap, and annual plan; maintain a governance framework reusable for other regulated research environments; chair a cross-functional Research CUI/CMMC Working Group with OR&I, TTU IT, and Legal/Office of General Counsel: define and maintain CUI policies/standards (identification, marking, storage, transmission, sharing, decontrol) aligned to the CUI Registry and institutional policy.
  • Establish and maintain a Responsible Accountable Consulted Informed (RACI) model across ORS, OESC, departmental IT, lab managers, and central IT and a documented escalation path for decision-making and prioritization: define hold/release criteria for onboarding projects into CUI-scoped environments and recommend stop-work/temporary suspension actions through the jointly defined governance process when material noncompliance or unacceptable risk is identified.
  • Interpret/tailor controls; map award/contract terms to TTU standards and policies; approve SSPs; control implementation statements, network diagrams, and data-flow maps; maintain POA&Ms with risk-based prioritization.
  • Lead self-assessments against NIST 800-171A/CMMC; compute/maintain SPRS DoD Assessment scores with objective evidence; coordinate third-party assessments and customer/prime audits; track remediation to closure.
  • With ORS/Contracts, review solicitations/awards for CUI/CMMC clauses; advise on flowdowns and budgeted compliance costs in coordination with TTU IT.
  • Build role-based training (initial + annual) for PIs, research staff, departmental IT, and student workers (integrating state + federal requirements); publish quick-start guides, handling checklists, and PI onboarding materials; maintain a TTU research-security web hub & FAQs.
  • Define continuous monitoring requirements and evidence expectations for CUI/CMMC-scoped research environments consistent with CIO/CISO standards; partner with TTU IT Security and designated system owners to implement and operation monitoring capabilities; coordinate periodic access recertification.
  • Maintain/exercise a research-focused IR plan aligned to CIO/CISO incident response processes, including contractual timelines (including 72-hour reporting when required by contract); during incidents affecting CUI-scoped research, serve as the research program lead to coordinate scope, contractual obligations, and sponsor communications while TTU IT Security leads technical triage/forensics and containment; lead after-action reviews for research CUI incidents; ensure corrective actions are captured in Plan of Action and Milestones (POAMs) and tracked to closure.
  • Embed CUI/CMMC checkpoints into proposal 1 Just In Time (JIT) 1 award setup 1 onboarding 1 project changes 1 closeout 1 retention/decontrol; support Data Management Plans/Data Use Agreements, Trade Agreement Acts/Manufacturing License Agreements (with Export Control), visiting-researcher onboarding, facility access controls.
  • Define Key Performance Indicators and report quarterly to the Office of Research & Innovation and the CIO/CISO: control coverage; open POAMs by severity/age; assessment/SPRS score trend; training completion; incident Mean Time To Repair (MTTR); enclave uptime.


Preferred Qualifications

  • Master's degree in cybersecurity/information assurance or related field.
  • 5+ years in information security, GRC, or research IT; 3+ years directly implementing NIST SP 800-171/CMMC in higher-ed or similarly complex environments.
  • Hands-on with M365 (GCC/GCC High), Azure/AWS security, EDR, identity platforms, SIEM, vulnerability management.
  • Familiarity with Export Controls (ITAR/EAR/OFAC), privacy (FERPA/HIPAA), and Texas research-security mandates (Texas Education Code 51.956, Executive Order GA-48, HB 127).
  • Experience building secure research enclaves and migrating projects into compliant environments.
  • CMMC CCP/CCA; CISSP/CISM/CAP; CISA; ISO 27001 Lead Implementer/Auditor; Azure Security Engineer/AWS Security Specialty.


Required Qualifications

Bachelor's degree required; Six years progressively responsible management experience. Additional education beyond Bachelor's may substitute for experience on a year for year basis.

Must possess the ability to obtain and maintain a security clearance from the Department of Defense. This includes having U.S. citizenship and undergoing a background check and fingerprint clearance process by a separate agency.

This position is designated as involving access to critical infrastructure systems and/or research, as defined by Texas Executive Order GA-48. As such, candidates must successfully complete a comprehensive background check prior to employment. Employees are required to comply with all applicable state and federal regulations related to the protection of critical infrastructure. Ongoing employment is dependent upon maintaining eligibility for access and successfully passing periodic security and compliance reviews.

Safety Information

Adherence to robust safety practices and compliance with all applicable health and safety regulations are responsibilities of all TTU employees.

Pay Statement

Compensation is commensurate upon the qualifications of the individual selected and budgetary guidelines of the hiring department, as well as the institutional pay plan.

Knowledge, Skills, and Abilities

  • Demonstrated experience with SSPs/POAMs, control assessments, and audit readiness; strong knowledge of CUI marking/decontrol, DFARS cyber clauses, incident reporting, and sponsored-research operations.
  • Excellent communication skills; ability to brief executives and coach faculty/staff.

Similar Jobs

More Jobs at Texas Tech University

More Technical Services Jobs

Find similar Senior Director of Research Information Security jobs: