Title:

Director of IT Risk, Compliance and Governance

Department:

Infrastructure & Security

Reports To:

Executive Director for Information Security & Chief Information Security Officer

Position Type:

Staff

Position Summary:

NJIT is seeking a highly experienced and motivated Director of IT Risk, Compliance and Governance to lead and oversee the institution's IT compliance program. The Director will be responsible for ensuring that all IT activities and NJIT owned systems comply with applicable laws, regulations, and institutional policies. This role is crucial in maintaining the confidentiality, integrity, and availability of our information systems and supporting our mission as a leading research institution. Additionally, the Director will oversee research compliance as it relates to Controlled Unclassified Information (CUI), NIST SP 800-171 and Cybersecurity Maturity Model Certification (CMMC) requirements set by the Department of Defense (DoD), as well as applicable state and federal regulations and directives.

Essential Functions:

• Design, implement, and manage a comprehensive compliance program that align with relevant federal, state, and local regulations, as well as institutional policies.

• Oversee and coordinate internal and external audits and assessments related to IT compliance.

• Collaborate with various departments, including Legal, Internal Audit, Risk Management, and IT, to ensure a cohesive approach to compliance.

• Develop and maintain IT compliance policies, procedures, and documentation to ensure compliance with CUI handling and protection standards.

• Conduct regular risk assessments to identify potential compliance risks and develop corrective action plans.

• Support incident response activities for compliance-related incidents.

• Provide leadership and guidance on data protection, privacy laws, and cybersecurity regulations.

• Organize and oversee training programs to educate staff, faculty, and students on IT compliance requirements and best practices.

• Monitor changes in regulations and standards, assess their impact on the institution, and adjust the compliance program accordingly.

• Prepare and present reports on the status of IT compliance activities to senior management and relevant committees.

• Foster a culture of compliance and continuous improvement within the IT department and across the institution.

• Oversee research compliance as it relates to NIST SP 800-171 and CMMC program requirements by the DoD and other state and federal regulations or directives.

• Ensure that research projects involving CUI comply with relevant cybersecurity standards and requirements.

• Collaborate with research departments to implement and monitor IT compliance with NIST SP 800-171 and CMMC requirements.

• Stay informed about DoD regulations and updates to NIST SP 800-171 and CMMC frameworks to ensure ongoing compliance.

• Supervise and lead a team; providing guidance, mentorship, and fostering a culture of accountability and continuous improvement in IT compliance and governance practices.

Prerequisite Qualifications:

• Bachelor’s degree in Information Technology, Computer Science, Business Administration, or a related field. A Master’s degree and relevant certifications (e.g., CISA, CISM, CRISC, CISSP, CCSP) is preferred.

• Minimum of 10-15 years of experience in IT compliance, IT audit, IT Security, or a related field, with at least 3-5 years in a leadership role.

• Ability to obtain security clearance as necessary.

• In-depth knowledge of IT compliance frameworks, regulations, and standards (e.g., GDPR, FERPA, NIST, ISO 27001).

• Proven experience in managing and conducting IT audits and risk assessments.

• Strong understanding of information security principles, data protection, and privacy laws.

• Experience with CUI, NIST SP 800-171 and CMMC requirements and their application in research settings.

• Excellent leadership, communication, and interpersonal skills, including proven ability to prepare and present clear and concise reports to senior management and relevant stakeholders. Ability to work effectively in a collaborative, interdisciplinary environment.

• Strong analytical and problem-solving abilities.

• High level of integrity, professionalism, and attention to detail.

• At the university's discretion, the education and experience prerequisites may be exempted where the candidate can demonstrate to the satisfaction of the university, an equivalent combination of education and experience specifically preparing the candidate for success in the position.

Bargaining Unit:

Non-Aligned

Range/Band:

7

FLSA:

Exempt

Full-Time