General Summary of Position:
The UMass Lowell (UML) Submillimeter Wave Technology Laboratory (STL) is seeking a Compliance Specialist. This position plays a key role in ensuring compliance with cybersecurity standards as well as other DoD, State, and University compliance requirements. This position also serves as the Information Systems Security Manager (ISSM) for the Submillimeter-Wave Technology Laboratory (STL), a prime contractor in the Defense Industrial Base (DIB).
Essential Job Duties:
1. Management, documentation, and monitoring of an accredited Defense Counterintelligence and Security Agency (DCSA) Information System in accordance with templates from NIST 800-53 and the current DCSA Assessment and Authorization Process Manual (DAAPM). The candidate will ensure the DoD Enterprise Mission Assurance Support Service (eMASS) is updated as needed to ensure that eMASS documentation reflects the current state of a single Multi-User Stand Alone (MUSA) system as quarterly updates to DoD security guidance mandates. The candidate will be the designated Information Systems Security Manager (ISSM) of-record and will prep and oversee the annual Information System DCSA onsite inspections.
2. DFARS and CMMC compliance management of an existing 100 node internet-isolated, on-premises LAN and data center, running hardened Cisco and Windows architectures. Inventory, management, and oversite of several onsite National Security Agency (NSA) Cryptographic Communications Security (COMSEC) cryptographic assets. The candidate will act as the primary of two COMSEC Administrators of-record with the NSA COMSEC Central Office of Record.
3. Tracking and documentation of STL’s university and government owned equipment as required per FAR 52-245. This requires interfacing with DoD contacts, STL’s DoD sponsor, and university contacts to ensure compliance and timely completion of annual asset audits and associated reports.
4. The position works to manage, maintain, document, and constantly improve STL’s perimeter security posture and related documentation in close collaboration with STL’s Facility Security Officer (FSO) and STL’s Director.
5. The Compliance Specialist also maintains, manages, and documents STL’s swipe-card system that allows access to STL, as well as STL’s alarm and any other facility access-monitoring systems. The Compliance Specialist provides biweekly reporting of denied access swipes to STL’s FSO. The Compliance Specialist also investigates weekly university network security reports and provides a monthly network summary report to STL’s Facility Security Officer (FSO). Assist STL’s FSO with visit requests and reporting requirements on government websites (NBIS & DISS).
Promote the University’s commitment to customer service by:
• Build effective partnerships with co-workers throughout the University by freely sharing appropriate information and providing assistance when needed.
• Ensuring optimum service to all internal and external partners in response to all requests for service and information.
• Maintaining an environment that is welcoming to persons of all backgrounds, nationalities, and roles.
Other Job Duties:
1. Support STL’s Chemical Hygiene Officer (CHO), STL’s Director, and University Environmental Health and Safety (EHS) team contacts in maintaining compliance with university safety and safety-specific training requirements.
2. Interface with UML EHS contacts during, and following, safety inspections.
3. The above duties are related to STL’s anticipated efforts. In order to meet specific sponsor requests, other compliance related activities may be assigned by STL’s Director.
4. This program requires strict adherence to STL’s Security Policies, Safety Procedures, Technology Control Plan, and other security/safety related policies established by STL’s FSO, COR, and Director.
Working Conditions:
Occasional travel (approximately 2 weeks per year) may be required. Must be comfortable with use of hand tools, working on ladders, under desks, etc. for IT related installations and troubleshooting.
Minimum Qualifications (Required):
Education and Experience:
- Bachelors Degree in Information Technology (IT Computer Science, Information Technology, Cybersecurity, Information Assurance, or a related field, with 3+ years of experience managing cybersecurity in a regulated environment, with at least 1 year supporting DoD-related projects or classified research; OR HS diploma/GED equivalent with 5+ years of experience managing cybersecurity in a regulated environment, with at least 2 years supporting DoD-related projects or classified research.
- Security certification such as CISSP, CISM, CISA, or Security+.
- Experience with project management or audit management in a cybersecurity context. Previous experience working within a DoD cleared facility is desired.
- Proven ability to document policies, procedures and control narratives for cybersecurity compliance goals.
- Exceptional organizational skills and attention to detail with compliance documentation and deadlines.
- The candidate must be able to obtain a Department of Defense security clearance within 6 months from the date of hire and maintain the clearance while employed at STL.
Preferred Skills:
- NSA COMSEC administration experience. Previous ISSO, ISSM, or FSO experience. Familiarity with the NIST SP 800 series of security guidance publications. Experience with common hardware and software used for IT security and compliance.
- There will be a strong emphasis on standard and enhanced DoD cybersecurity compliance practices and implementation. Basic experience with common Linux distributions and dedicated hardware firewall technologies is desirable.
Given the nature and responsibilities of the position, only current U.S. Citizens will be considered for this position.
Special Instructions to Applicants:
Only current UML Employees within the Grants & Contracts (MTA/GRACE) bargaining unit will be considered during the first 10 business days of the posting. All other candidates will be considered after that period.
This is a Grants & Contracts (MTA/GRACE) bargaining unit position, Grade P18.
Review of applications will begin immediately and continue until the position is filled; however, the posting may close when an adequate number of qualified applications is received.
This position is contingent upon funding.
Please include a resume, cover letter and writing sample to include compliance documentation/reports with your application. Names and contact information of three references will be required during the application process.
