Information System Security Principal

Direct message the job poster from KAUST (King Abdullah University of Science and Technology)

Driving global talent acquisition excellence @ KAUST About the Role The Information System Security Principal (ISSP) is responsible for ensuring the overall security and compliance of the organization’s supercomputer environment. The ISSP provides leadership and assurance by owning and executing the System Security Plan (SSP), coordinating implementation of required controls, overseeing risk and incident management, and serving as the key liaison between technical teams, cybersecurity, export control, legal, and governance committees. This role requires a senior-level professional with deep expertise in security architecture, Zero Trust principles, and governance frameworks, able to influence cross-functional teams without direct authority. The ISSP does not have direct reports but serves as the system-level security authority, leading by influence and collaborating across IT, cybersecurity, operations, legal, and compliance teams. The role provides executive-level visibility into risks and ensures that the supercomputer remains secure, compliant, and aligned with mission and research objectives to maintain the system's authorization to operate certificate.

Responsibilities

Lead the continuous development updates, ownership, and maintenance of the System Security Plan (SSP) for the supercomputing environment, ensuring it accurately reflects the system’s architecture, controls, and operating context.

Coordinate with IT infrastructure, cybersecurity, HPC administrators, and research program teams to ensure all required security controls in the SSP are implemented, validated, and continuously monitored.

Translate regulatory, compliance, and security requirements into clear control ownership assignments across technical and non-technical teams.

Track, validate, and report on evidence of control implementation provided by system owners, administrators, and support teams.

Manage and maintain Plan of Action and Milestones (POA&Ms), ensuring that gaps identified during audits, assessments, or incidents are remediated on time.

Facilitate regular reviews and updates of the SSP to reflect changes in system design, architecture, users, or regulatory requirements.

Act as the single point of accountability for ensuring the SSP remains audit-ready, accurate, and aligned with the operational reality of the supercomputer.

Drive SSP execution across teams by coordinating activities such as vulnerability management, access control enforcement, logging / monitoring, and patch management, ensuring they are consistent with SSP control requirements.

Provide training and guidance to system owners and administrators on their responsibilities related to SSP controls.

Ensure executive-level visibility by reporting SSP status, risks, and gaps to the Supercomputer Security Steering Committee, Legal, and Compliance functions.

Serve as the liaison to auditors, assessors, and authorizing officials, representing the supercomputer’s security posture and SSP implementation progress.

Qualifications

Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or related field (or equivalent experience).

Preferred : Master’s degree in Cybersecurity, Information Assurance, or related field.

Professional certifications such as : CISSP, CISM, CCSP, CAP, GDSA, GCCC.

Zero Trust–related certifications (e.g., NIST ZTA training, Microsoft SC-100, vendor-specific ZTNA certifications).

Required Skills

Well-rounded senior security expert with both architectural and assurance expertise.

Influential communicator who can bridge technical, compliance, and legal perspectives.

Calm under pressure, especially in high-visibility incident situations.

Forward-looking, with the ability to integrate Zero Trust and modern security approaches into HPC environments.

Strategic problem-solver who balances security, performance, and mission-critical research needs.

SSP Program Management : Skilled at managing the end-to-end lifecycle of the System Security Plan, ensuring accuracy, execution, and accountability across multiple teams.

Control Assurance : Ability to track, validate, and report on implementation of security controls, including evidence collection and POA&M management.

Cross-Team Coordination : Effective at driving accountability across IT, HPC, cybersecurity, research, legal, and compliance teams without direct authority.

Security Architecture Expertise : Strong knowledge of Zero Trust Architecture, encryption, network segmentation, and identity / access management.

Governance and Compliance Knowledge : Deep understanding of NIST SP 800-53, NIST RMF, ISO 27001, FISMA / FedRAMP, and export control requirements.

Technical Competence in HPC : Familiarity with Linux / Unix and Windows environments, HPC architecture, and research computing infrastructures.

Risk and Incident Management : Skilled in risk assessment, incident response coordination, and integrating lessons learned into continuous monitoring.

Executive Communication : Ability to provide clear, concise updates and recommendations to steering committees, auditors, and authorizing officials.

#J-18808-Ljbffr