Title: Research Information Security Compliance Program Manager
Agency: VP DIGITAL TRANSFORMATION & TECHNOLOGY
Location: Norfolk, VA
FLSA: Exempt
Hiring Range:
Full Time or Part Time: Full Time
Job Description:
The chief objective of the Research Information Security Compliance Program Manager is to oversee and coordinate research IT compliance across the university and manage a research security program. This position ensures that all research IT environments—including those handling Controlled Unclassified Information (CUI), compliance with CMMC, SIPRNet/Classified Cloud/MUSA, HIPAA, and NIH data—meet federal, sponsor, and institutional standards. The Program Manager leads efforts to manage regulatory requirements such as NSPM-33, the CHIPS and Science Act, and NIH data security plans, working collaboratively with research, compliance, and IT teams to maintain a secure and compliant research IT landscape. Activities are aligned with university security policies and will also inform the broader University Information Security Office Governance, Risk, and Compliance (GRC) program and risk register. Minimum Qualifications:
Considerable knowledge of IT compliance or research IT program management, preferably in higher education or regulated research environments.Demonstrated expertise with federal and sponsor research compliance frameworks, including but not limited to NSPM-33, CHIPS and Science Act, CMMC (Levels 1 & 2), NIST SP 800-171/53, HIPAA, and NIH data security requirements.Strong understanding of CUI, classified/unclassified hybrid environments, and the management of regulated data within research IT systems.Proven ability to collaborate effectively across departments, including research administration, IT, compliance, legal, and academic units.Experience reviewing and managing Data Use Agreements (DUAs), Data Security Plans (DSPs), and related documentation.Familiarity with SIPRNet, classified cloud, MUSA, and requirements for secure operation and compliance.Excellent organizational, communication, and documentation skills, with a focus on regulatory evidence, risk tracking, and compliance reporting.Ability to manage multiple projects and competing priorities in a complex, regulated environment.Additional Considerations: