The Director, Research Compliance (Research Data Security) is responsible for ensuring the confidentiality, integrity, and availability of sensitive research data. This role collaborates with researchers, IT teams, and regulatory bodies to develop, implement, and maintain data security policies and procedures, as well as to address any concerns related to data breaches or cyber-threats. The Director, Research Compliance also provides guidance and training to researchers on best practices for data handling and protections. Will provide subject matter expertise in sensitive and restricted research data sets, including related federal/government regulations, institutional policy and procedures, and best practices nationally. Will have overall responsibility for coordinating with College personnel and investigators in academic departments related to their research data needs. Will also work to develop and maintain Baylor's Research Data Security program. Works with the Offices of IT including IT Security, Research IT, Audit and Compliance Services, Research Integrity, and Research Assurances.
This is an onsite role in Houston, Texas.
This position is eligible for an annual performance-based bonus.Job Duties
- Serve as the Research Data Security Officer for the College.
- Develop and oversee a risk-based institutional research data security program overseeing sensitive, restricted and controlled data received, developed, shared or used in College research projects.
- Collaborate with researchers, IT teams, and other stakeholders to identify research data security risks, assess vulnerabilities, and recommend appropriate strategies to mitigate risks.
- Ensure researcher and institutional compliance with relevant data protection regulations (e.g., GDPR, HIPAA) and industry standards while aligning them with the specific requirements of research data.
- Develop, document, maintain, coordinate, and communicate policies, procedures and practices governing the usage, maintenance, and security of research data information systems within the College based on federal regulations and guidance and keeping up-to-date with the ever-changing regulatory landscape and technology advancements.
- Coordinate BCM's implementation of research data security policies and procedures, and represent sponsored research interests on research oversight committees.
- Stay updated on the latest trends, threats, and best practices in research data security, sharing knowledge with the research community and providing training sessions, workshops, and awareness campaigns on data security.
- Maintain an inventory of all research data assets, including data classification, access controls, and retention policies.
- Assist with the conduct regular risk assessments and vulnerability testing on research systems, networks, and databases to identify weaknesses and potential threats.
- Implement an effective research data security education, training, and awareness program to ensure compliance with government regulations and guidance.
- Provide guidance and support for data privacy impact assessments (DPIAs), data sharing agreements, and research protocol review processes to ensure compliance with ethical and legal requirements.
- Oversee the implementation and maintenance of security controls, such as encryption, firewalls, intrusion prevention systems, and secure data transfer protocols as required.
- Collaborate with researchers to ensure the secure handling, storage, and disposal of research data, including the use of secure data transfer methods and encryption mechanisms.
- Collaborate with internal auditing teams to ensure adherence to data security policies and procedures, and prepare reports on data security metrics and incidents for management and regulatory bodies. - Monitor and assist with investigating any suspected or actual data breaches or cyber incidents, coordinating with the IT security team and relevant authorities.
- Serve as a contact point for external auditors, researchers, and regulatory bodies during data security audits, inspections, or investigations.
- Bachelor's degree.
- Eleven years of directly related experience with four years of supervisory experience.
- Masters degree in Computer Science, Information Security, or a related field. Seven years of directly related experience with four years of supervisory experience will be considered with Master's degree.
- Professional certifications in information security, such as Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM).
- Proven experience in data security or related roles, preferably in a research or academic environment.
- In-depth knowledge of data protection regulations, such as GDPR, HIPAA, and FERPA, with a focus on their applicability to research data.
- Strong understanding of information security principles and best practices, as well as system and network infrastructure.
- Familiarity with research data management and data lifecycle concepts, including data sharing, anonymization, and de-identification techniques.
- Experience with vulnerability management, risk assessment, incident response, and security monitoring tools.
- Excellent communication and interpersonal skills to effectively collaborate with researchers, IT professionals, and regulatory bodies.
Baylor College of Medicine is an Equal Opportunity/Affirmative Action/Equal Access Employer.
CH; DI; SN