Apply on Employer Site

University of Colorado Boulder · 7 hours ago

Controlled Unclassified Information Compliance Program Director

Boulder, CO

Full-time

Hybrid

Director/Executive

$100K/yr - $135K/yr

6+ years exp

The University of Colorado Boulder is seeking a Controlled Unclassified Information (CUI) Compliance Program Director to oversee the development, implementation, and management of the CUI Program. This role will be responsible for ensuring compliance with federal regulations and fostering collaboration across campus to protect sensitive information related to research.

Universities

No H1B

U.S. Citizen Only

Responsibilities

Build out an office to grow the CUI Program at CU Boulder to ensure that we remain compliant, and competitive in a constantly evolving environment

Serve as the main point of responsibility in CU Boulder’s compliance with 32 CFR 2002 and part 170, including, supervising compliance with CUI, and comprehensive implementation and remediation of processes

Develop implementation plans for new projects by working with campus partners and federal agencies to identify CUI categories and their associated safeguards, dissemination, and procedures

Advise campus leadership and CUI Compliance Steering Committee on all matters related to the CUI Program

Supervise the regulatory landscape and ensure campus compliance with relevant legal requirements

Be accountable for program efficacy and recommend substantive changes to operational methods as necessary

Represent the university at meetings and conferences related to CUI, including dealings with campus officials, external auditors, governmental entities, and legal counsel

Prepare resources and materials to ensure adequate communication and reporting to all senior leaders on campus

Support and ensure CMMC compliance in collaboration with partners across campus and work with campus partners to maintain CMMC

Serve as a liaison with university units to ensure awareness of and compliance with the requirements of 32 CFR 2002 for CUI

Collaborate with units across the campus that are integral to the CUI program, including the Office of Contracts and Grants (OCG), Office of Information Technology (OIT) Security and Research Computing, Electronic Research Administration (eRA), Office of Research Integrity and Compliance Office, Campus Controller’s Office, University Counsel, University Risk Management, and the campus community

Identify and develop CU Boulder policies, procedures, training, and tracking necessary to support a successful CUI program

Maintain accurate records of all sponsored projects that include CUI, including contract system security plans and related documentation

Apply expert knowledge of governing statutes, Executive Orders, regulations, and IT resources to establish CUI policies, plans, goals, and courses of action

Ensure that the operational and informational needs of the research enterprise are met and that all statutory, regulatory, and government-wide requirements are fulfilled

Develop and implement an internal oversight and assessment mechanism to promote consistent CUI practices by maintaining the list of active contracts and individuals on them that are handling CUI as well as track training (CUI, Preserve, DoD required, etc) based on project/contract involvement

Provide CUI training for campus leadership, faculty, staff, and students working with CUI on their obligations for the protection and safeguarding of CUI through presentations, briefings, or inspections

Serve as a point of contact for compliance audits and reviews for CUI

Stay abreast of current federal, state, and local guidelines and proactively strategize regarding the implementation of necessary requirements

Ability to learn multi-functional areas, bring thought partnership to the team

Assist with other duties as assigned

Qualification

CUI complianceRisk managementUS government security policiesProject managementCompliance program implementationPolicy developmentAnalytical skillsInterpersonal skillsCommunication skillsOrganizational skills

Required

Bachelor's degree or equivalent combination of education and experience may substitute

6 years of relevant experience in research administration, risk management, technology policy, legal compliance, information security, or related field that includes the following: Must have at least 2 years of supporting CUI programs, or other complex compliance programs (HIPAA, Financial, etc). Previous experience leading teams. Project Management Experience

Ability to obtain and maintain a DOE Q security clearance, Top Secret Clearance or equivalent

Due to the requirement to access export-controlled data and information, only U.S. citizens, lawful permanent residents (green cards), or other protected individuals (i.e., persons designated as an asylee, refugee, or a temporary resident under amnesty provisions) may apply

Extensive knowledge of US government security policies, regulations, and procedures to include the implementation and management of compliance processes, procedures, and standard methodologies

In-depth understanding of 32 CFR 2002 and federal agency implementation of 32 CFR 2002 for sponsored projects

Strong analytical and organizational skills, problem-solving capabilities, and experience implementing compliance programs

Creative thinking, proactive, self starter

Experience working in an organization with integrated, multi-functional work teams

Sophisticated written and verbal communication skills and the ability to communicate effectively to small and large audiences with varying experience and operational backgrounds

Phenomenal interpersonal skills and the ability to build professional relationships with a wide range of constituencies in a culturally and intellectually diverse organization

Demonstrated experience with risk assessment and management processes and standards

Demonstrated ability to identify problems, analyze courses of action and propose solutions

Ability to work independently and meet set timelines

Demonstrated ability to successfully handle sensitive discussions with discretion, strong personal ethics commitment and sound judgment

Able to convey goals and objectives clearly and in a compelling manner; listen effectively and clarify information as needed; produce clear status reports; communicate with tact and candidly

Strong organizational and leadership skills

Ability to develop and implement policies and training

Experience in monitoring compliance with legal and regulatory requirements

Ability to design and conduct comprehensive management studies addressing significant technical and legal issues

Capability to evaluate new or modified legislation and regulations related to CUI program requirements and explain their impact to campus leadership, faculty, staff, students, CUI Compliance Steering Committee, and other committees

Understanding of electronic information issues and their relationship with CUI program requirements

Skill in developing long-range plans and guidance for program implementation, focusing on eliminating deficiencies and improving operations/compliance while reducing long-term costs

Discretion and judgment in broadening or narrowing the scope of major studies and projects, such as identifying, marking, and sharing CUI

Preferred

Active DOE Q or TS security clearance or equivalent

Master's degree

Direct relevant experience in information security

At least 5 years of experience in management, training, and compliance of US Government-controlled information, demonstrating progressively increasing levels of responsibility and accountability

Office and Program Creation and Management experience

Experience evaluating security controls and mitigating measures, with a solid understanding of business practices and technology concepts

Demonstrated background in governance, risk, and compliance

Foundational knowledge of research administration processes

Experience working in higher education

Experience with direct management

Experience with Export Controlled Information (ECI), Classified Material Protection and Control (CMPC), or For Official Use Only (FOUO)