University Corporation for Atmospheric Research (UCAR)
Senior Lead, Cybersecurity Policy & Compliance
University Corporation for Atmospheric Research (UCAR), Boulder, Colorado, United States, 80301
Job Summary
Reporting to the Chief Information Officer and serving on the IT Senior Leadership Team, the Senior Lead for Cybersecurity Policy and Compliance will serve as the organization’s leading subject‑matter expert on cybersecurity. The successful candidate will develop, implement, manage, and evolve the organization’s cybersecurity policies, standards, guidelines, and procedures, ensuring compliance with federal, state, and industry regulations while maintaining actionable guidance for all staff. Position Details
Location:
Boulder, Colorado Employment Type:
Full‑time, Regular Salary Range:
$137,229 – $171,537* Application Deadline:
11:59 PM MT on Sunday, November 9, 2025 Applicants should submit a PDF resume and cover letter that addresses: (1) experience working with executive leadership, and (2) experience in environments with distributed authority. All applicants will undergo a mandatory pre‑employment background check. Key Responsibilities
Policy & Standard Development:
Lead the creation and continuous improvement of cybersecurity policies, standards, baselines, and guidelines aligned with CMMC, NIST CSF, FISMA, Trusted CI, ISO 27001, ISO 27701, GDPR, CCPA, HIPAA, PCI SS‑D. Compliance Management:
Oversee compliance, conduct assessments, develop remediation plans, and serve as primary point of contact for audits. Incident Response:
Serve as the point person for all cybersecurity incident responses, coordinating the Cybersecurity Operations group during incidents. Program Governance:
Contribute to the strategic development of the compliance program, develop KPIs, and foster a culture of security awareness. Risk Management:
Collaborate with risk management teams to ensure policies align with the organization’s risk appetite. Stakeholder Engagement:
Collaborate with legal, audit, business units, and senior leadership to present findings and recommendations. Team Leadership:
Direct a small team of cybersecurity specialists and mentor the Cybersecurity Operations team. Qualifications
Bachelor’s degree in Cybersecurity, IT, Computer Science, or related field (Master’s preferred). Minimum of 8 years of progressive experience in cybersecurity with a focus on policy, compliance, and governance. Extensive experience with NIST CSF, ISO 27001, COBIT, CIS Controls, GDPR, CCPA, HIPAA, PCI SS‑D, SOX, CMMC, and other frameworks. 4+ years of Security Compliance or Audit experience; experience with FedRAMP or DoD Third‑Party Assessment Organizations. Proficiency with NIST 800‑53, NIST 800‑171, and CMMC. Demonstrated ability to lead internal and external audits. Knowledge, Skills & Abilities
Strong problem‑solving and independent initiative. Adapts to evolving regulatory environments. Excellent communication skills with the ability to convey complex cybersecurity concepts to both technical and non‑technical audiences. Preferred Certifications
CISSP (highly preferred) – CISM – CRISC – CISA – relevant regulatory certifications (e.g., HIPAA Security Specialist, PCI SS‑D QSA). Benefits Overview
Competitive medical, dental, vision, retirement, and life insurance. Tuition assistance and professional development support. 10% retirement contribution, fully vested day one. Minimum 20 days personal time off, 10 paid holidays, 12 weeks paid parental leave. EcoPass for local transit. EEO Statement
Equal Opportunity Employer
#J-18808-Ljbffr
Reporting to the Chief Information Officer and serving on the IT Senior Leadership Team, the Senior Lead for Cybersecurity Policy and Compliance will serve as the organization’s leading subject‑matter expert on cybersecurity. The successful candidate will develop, implement, manage, and evolve the organization’s cybersecurity policies, standards, guidelines, and procedures, ensuring compliance with federal, state, and industry regulations while maintaining actionable guidance for all staff. Position Details
Location:
Boulder, Colorado Employment Type:
Full‑time, Regular Salary Range:
$137,229 – $171,537* Application Deadline:
11:59 PM MT on Sunday, November 9, 2025 Applicants should submit a PDF resume and cover letter that addresses: (1) experience working with executive leadership, and (2) experience in environments with distributed authority. All applicants will undergo a mandatory pre‑employment background check. Key Responsibilities
Policy & Standard Development:
Lead the creation and continuous improvement of cybersecurity policies, standards, baselines, and guidelines aligned with CMMC, NIST CSF, FISMA, Trusted CI, ISO 27001, ISO 27701, GDPR, CCPA, HIPAA, PCI SS‑D. Compliance Management:
Oversee compliance, conduct assessments, develop remediation plans, and serve as primary point of contact for audits. Incident Response:
Serve as the point person for all cybersecurity incident responses, coordinating the Cybersecurity Operations group during incidents. Program Governance:
Contribute to the strategic development of the compliance program, develop KPIs, and foster a culture of security awareness. Risk Management:
Collaborate with risk management teams to ensure policies align with the organization’s risk appetite. Stakeholder Engagement:
Collaborate with legal, audit, business units, and senior leadership to present findings and recommendations. Team Leadership:
Direct a small team of cybersecurity specialists and mentor the Cybersecurity Operations team. Qualifications
Bachelor’s degree in Cybersecurity, IT, Computer Science, or related field (Master’s preferred). Minimum of 8 years of progressive experience in cybersecurity with a focus on policy, compliance, and governance. Extensive experience with NIST CSF, ISO 27001, COBIT, CIS Controls, GDPR, CCPA, HIPAA, PCI SS‑D, SOX, CMMC, and other frameworks. 4+ years of Security Compliance or Audit experience; experience with FedRAMP or DoD Third‑Party Assessment Organizations. Proficiency with NIST 800‑53, NIST 800‑171, and CMMC. Demonstrated ability to lead internal and external audits. Knowledge, Skills & Abilities
Strong problem‑solving and independent initiative. Adapts to evolving regulatory environments. Excellent communication skills with the ability to convey complex cybersecurity concepts to both technical and non‑technical audiences. Preferred Certifications
CISSP (highly preferred) – CISM – CRISC – CISA – relevant regulatory certifications (e.g., HIPAA Security Specialist, PCI SS‑D QSA). Benefits Overview
Competitive medical, dental, vision, retirement, and life insurance. Tuition assistance and professional development support. 10% retirement contribution, fully vested day one. Minimum 20 days personal time off, 10 paid holidays, 12 weeks paid parental leave. EcoPass for local transit. EEO Statement
Equal Opportunity Employer
#J-18808-Ljbffr