Job Description:
FUNCTION AND SCOPE
The Cybersecurity Manager is responsible for leading the evaluation, implementation, and ongoing operation of the organization's information security program to ensure that information assets and associated systems, applications, infrastructure, and processes are adequately protected.
Reporting to the Chief Information Security Officer (CISO), this role is accountable for managing cybersecurity risk across the organization, overseeing security operations and governance processes, and ensuring compliance with applicable legal, regulatory, contractual, and sponsor requirements.
This position requires a strategic, hands-on leader with strong technical breadth, proven leadership ability, and deep experience operating in regulated, research, or government-funded environments. The Cybersecurity Manager works cross-functionally with ITS, Compliance, Legal, Sponsored Programs, Data Governance, Human Resources, campuses, system partners, and external agencies to implement and sustain effective security practices aligned with organizational risk tolerance and business objectives.
A key responsibility of this role is partnering with leadership and stakeholders to define acceptable risk levels, translate risk into business terms, and ensure that security controls and investments are aligned to institutional priorities.
KEY RESPONSIBILITIES Lead and operate the organization's cybersecurity risk management program, including risk identification, assessment, treatment, and reporting. Oversee third-party and vendor security risk management, including security reviews of cloud services, applications, AI tools, and external service providers. Direct vulnerability and threat management programs, including network, firewall, endpoint, identity, and application security, and ensure timely remediation of findings. Lead and coordinate cybersecurity incident response activities, including tabletop exercises, investigations, and coordination with internal teams and external partners. Maintain and govern information security policies, standards, and procedures, ensuring regular review and alignment with regulatory and sponsor requirements. Prepare and present cybersecurity risk, posture, and readiness reports to executive leadership, audit committees, and external stakeholders. Coordinate and support cybersecurity audits, sponsor reviews, and compliance assessments (e.g., CMMC, DFARS, FAR, NIST). Collaborate with Data Governance, Legal, I&E, HR, and Sponsored Programs to ensure alignment between cybersecurity, privacy, and regulatory obligations. Assist in cybersecurity budget planning, cost justification, and procurement of security tools and services. Support the design and operation of secure research environments, including cloud-based enclaves and segmented networks supporting CUI/FCI and regulated research. Provide leadership, direction, and prioritization across multiple concurrent security initiatives and operational demands. LEADERSHIP PROFILE
Acts with integrity and sound judgment - Handles sensitive and confidential matters with discretion and professionalism. Leads through influence and service - Builds trust, bridges organizational boundaries, and aligns business and technical stakeholders. Understands the business - Brings a pragmatic, risk-based approach to security that enables research and operations while protecting the organization and its assets. Communicates effectively - Can translate cybersecurity risk and technical concepts to executives, business leaders, and both technical and non-technical staff. Operates under pressure - Remains calm, decisive, and effective during incidents, audits, and high-stakes situations. Thinks strategically and executes tactically - Balances long-term program maturity with day-to-day operational execution. Drives outcomes - Brings strong project, financial, and resource management skills and can lead complex initiatives to completion. Shapes decisions - Influences outcomes in complex or ambiguous environments using data, judgment, and collaboration. Develops people - Invests in mentoring and coaching staff, builds skills and confidence in junior team members, and actively contributes to the organization's long-term cybersecurity capabilities.
Requirements:
EDUCATION & EXPERIENCE
Required:
Minimum of five (5) years of experience in information security, including at least three (3) years in a leadership or supervisory role. Bachelor's degree in information security, information technology, business, or a related field, or equivalent combination of education, experience, and certifications. Strong working knowledge of cybersecurity governance and frameworks, including:
NIST CSF NIST SP 800-53, 800-171, 800-172 CMMC 2.0
Experience supporting regulated or research environments involving CUI/FCI, FAR, DFARS, export-controlled research, and/or NIH/DoD/DoW/DOE requirements. Professional certification such as CISSP, CISM, CISA, or similar.
Additional Information:
Compensation for this position: The compensation for this role is between $112,835 -$144,491 . The pay will depend on a variety of factors that may include but are not limited to experience, education, training, certifications, and internal equity.
As an Equal Opportunity / Affirmative Action Employer, The Research Foundation for SUNY will not discriminate in its employment practices due to an applicant's race, color, creed, religion, sex, pregnancy-related conditions, reproductive health decisions, childbirth or related medical conditions, sexual orientation, gender identity or expression, transgender status, age, national origin or ancestry, marital status, familial status, citizenship, physical and mental disability, prior arrest or conviction record, genetic characteristics/genetic information, predisposition or carrier status, domestic violence victim status, military status or service, veteran status, or any other characteristics protected under federal, state or local law.
The Company will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant.
Review of applications will begin immediately and continue until the position is filled.
The Research Foundation for the State University of New York is not an agency or instrumentality of the State of New York. Employees of the Research Foundation for the State University of New York are not state employees, do not participate in any state retirement system, and do not receive state fringe benefits. The Research Foundation for the State University of New York operates under a contract with The State University of New York and receives no directly appropriated state funding.
Application Instructions:
Applicants interested in applying MUST submit the following documents:
1. Resume/Cv 2. Cover Letter
After submitting your resume/CV, the subsequent pages enable you to upload your cover letter and additional documents.
Returning Applicants - Login to your RF SUNY Careers Account to review your application.
FUNCTION AND SCOPE
The Cybersecurity Manager is responsible for leading the evaluation, implementation, and ongoing operation of the organization's information security program to ensure that information assets and associated systems, applications, infrastructure, and processes are adequately protected.
Reporting to the Chief Information Security Officer (CISO), this role is accountable for managing cybersecurity risk across the organization, overseeing security operations and governance processes, and ensuring compliance with applicable legal, regulatory, contractual, and sponsor requirements.
This position requires a strategic, hands-on leader with strong technical breadth, proven leadership ability, and deep experience operating in regulated, research, or government-funded environments. The Cybersecurity Manager works cross-functionally with ITS, Compliance, Legal, Sponsored Programs, Data Governance, Human Resources, campuses, system partners, and external agencies to implement and sustain effective security practices aligned with organizational risk tolerance and business objectives.
A key responsibility of this role is partnering with leadership and stakeholders to define acceptable risk levels, translate risk into business terms, and ensure that security controls and investments are aligned to institutional priorities.
KEY RESPONSIBILITIES Lead and operate the organization's cybersecurity risk management program, including risk identification, assessment, treatment, and reporting. Oversee third-party and vendor security risk management, including security reviews of cloud services, applications, AI tools, and external service providers. Direct vulnerability and threat management programs, including network, firewall, endpoint, identity, and application security, and ensure timely remediation of findings. Lead and coordinate cybersecurity incident response activities, including tabletop exercises, investigations, and coordination with internal teams and external partners. Maintain and govern information security policies, standards, and procedures, ensuring regular review and alignment with regulatory and sponsor requirements. Prepare and present cybersecurity risk, posture, and readiness reports to executive leadership, audit committees, and external stakeholders. Coordinate and support cybersecurity audits, sponsor reviews, and compliance assessments (e.g., CMMC, DFARS, FAR, NIST). Collaborate with Data Governance, Legal, I&E, HR, and Sponsored Programs to ensure alignment between cybersecurity, privacy, and regulatory obligations. Assist in cybersecurity budget planning, cost justification, and procurement of security tools and services. Support the design and operation of secure research environments, including cloud-based enclaves and segmented networks supporting CUI/FCI and regulated research. Provide leadership, direction, and prioritization across multiple concurrent security initiatives and operational demands. LEADERSHIP PROFILE
Acts with integrity and sound judgment - Handles sensitive and confidential matters with discretion and professionalism. Leads through influence and service - Builds trust, bridges organizational boundaries, and aligns business and technical stakeholders. Understands the business - Brings a pragmatic, risk-based approach to security that enables research and operations while protecting the organization and its assets. Communicates effectively - Can translate cybersecurity risk and technical concepts to executives, business leaders, and both technical and non-technical staff. Operates under pressure - Remains calm, decisive, and effective during incidents, audits, and high-stakes situations. Thinks strategically and executes tactically - Balances long-term program maturity with day-to-day operational execution. Drives outcomes - Brings strong project, financial, and resource management skills and can lead complex initiatives to completion. Shapes decisions - Influences outcomes in complex or ambiguous environments using data, judgment, and collaboration. Develops people - Invests in mentoring and coaching staff, builds skills and confidence in junior team members, and actively contributes to the organization's long-term cybersecurity capabilities.
Requirements:
EDUCATION & EXPERIENCE
Required:
Minimum of five (5) years of experience in information security, including at least three (3) years in a leadership or supervisory role. Bachelor's degree in information security, information technology, business, or a related field, or equivalent combination of education, experience, and certifications. Strong working knowledge of cybersecurity governance and frameworks, including:
NIST CSF NIST SP 800-53, 800-171, 800-172 CMMC 2.0
Experience supporting regulated or research environments involving CUI/FCI, FAR, DFARS, export-controlled research, and/or NIH/DoD/DoW/DOE requirements. Professional certification such as CISSP, CISM, CISA, or similar.
Additional Information:
Compensation for this position: The compensation for this role is between $112,835 -$144,491 . The pay will depend on a variety of factors that may include but are not limited to experience, education, training, certifications, and internal equity.
As an Equal Opportunity / Affirmative Action Employer, The Research Foundation for SUNY will not discriminate in its employment practices due to an applicant's race, color, creed, religion, sex, pregnancy-related conditions, reproductive health decisions, childbirth or related medical conditions, sexual orientation, gender identity or expression, transgender status, age, national origin or ancestry, marital status, familial status, citizenship, physical and mental disability, prior arrest or conviction record, genetic characteristics/genetic information, predisposition or carrier status, domestic violence victim status, military status or service, veteran status, or any other characteristics protected under federal, state or local law.
The Company will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant.
Review of applications will begin immediately and continue until the position is filled.
The Research Foundation for the State University of New York is not an agency or instrumentality of the State of New York. Employees of the Research Foundation for the State University of New York are not state employees, do not participate in any state retirement system, and do not receive state fringe benefits. The Research Foundation for the State University of New York operates under a contract with The State University of New York and receives no directly appropriated state funding.
Application Instructions:
Applicants interested in applying MUST submit the following documents:
1. Resume/Cv 2. Cover Letter
After submitting your resume/CV, the subsequent pages enable you to upload your cover letter and additional documents.
Returning Applicants - Login to your RF SUNY Careers Account to review your application.