Menu
close

Job Opportunity

Open Position

Information Security Manager

To serve as the primary security leader across MGHPCC and the AI Computing Resource (AICR) at the heart of the Massachusetts AI Hub. This senior, hands-on role spans security architecture, risk management, compliance, and policy for a nationally recognized academic research computing consortium. This is a compelling opportunity for an experienced security practitioner ready to shape security strategy at the frontier of HPC and AI infrastructure.

Apply for this job (#25597)

Pay Range

$144,505 - $195,900

Job Requirements

REQUIRED: Seven years of progressive information security experience with demonstrated expertise in security architecture, risk and compliance management, security operations, incident response, working knowledge of security frameworks (e.g. NIST 800-171 / 53 moderate, CMMC or equivalent), experience with network security, identity and access management, vulnerability management, and security monitoring tools. 

PREFERRED: Professional certification (CISSP or equivalent), hands-on experience with securing HPC, GPU cluster, or data center environments, experience with AI/ML workload security, and familiarity with multi-institution or consortium security environments.  

Position Overview

About Us:

The Massachusetts Green High Performance Computing Center (MGHPCC) is a nationally recognized, shared data center facility jointly owned and operated by a consortium of leading New England research universities, including Boston University, Harvard University, MIT, Northeastern University, the University of Massachusetts, and Yale. MGHPCC provides the physical and operational infrastructure that supports large-scale, energy-efficient academic research computing.

The AI Compute Resource (AICR) is a major state-of-the-art initiative, developed in partnership with MGHPCC's six academic consortium members and the Commonwealth of Massachusetts' AI Hub, to advance AI and machine learning research and innovation. AICR provides cutting-edge GPU and HPC computational and data resources to empower world-class AI/ML research at both regional and national levels.

MGHPCC and AICR are seeking an Information Security Manager / Security Architect to serve as the primary security leader across both organizations. This is a senior, hands-on technical role with strategic responsibility for protecting the computing infrastructure, data, and operations of MGHPCC and AICR. The position is well-suited to an experienced security practitioner who is comfortable moving between security architecture, policy, risk management, and technical implementation — without requiring a large team to operate effectively.  The successful candidate will serve as the authoritative security voice for both organizations and will collaborate closely with institutional stakeholders across the consortium.

Principal Duties and Responsibilities (Essential Functions)

Security Strategy, Architecture & Policy

  • Design, implement, and maintain a comprehensive security architecture that integrates existing facility security controls (data center and physical infrastructure) with the HPC/AI service environment, including clusters, storage, networking, and containerized workloads.
  • Develop, draft, and maintain information security policies, standards, and guidelines aligned with research security frameworks (e.g., NIST 800-171 / 53 moderate, CMMC or equivalent) and consortium institutional obligations.
  • Conduct and document risk assessments across MGHPCC and AICR environments; develop risk mitigation plans and advise leadership on prioritization.
  • Assess security implications of major technology decisions, infrastructure changes, and vendor onboarding; provide architecture review for significant projects.
  • Develop and maintain an Information Security roadmap aligned with the growth of AICR and MGHPCC operations.

Compliance, Risk Management & Governance

  • Ensure MGHPCC and AICR security practices align with applicable regulatory and contractual requirements, including federal research security, export control considerations, and consortium institutional policies.
  • Lead and coordinate internal security audits, vulnerability assessments, and periodic penetration testing; manage remediation tracking.
  • Develop and maintain security metrics and key performance indicators for reporting to organizational leadership and the MGHPCC Board.
  • Serve as MGHPCC/AICR's primary working-level peer to consortium member CISOs and security architects; engage substantively on shared policy development, research security requirements (CUI handling, data governance, federated identity), and cross-institutional governance structures.

Security Operations & Incident Response (25%)

  • Oversee security monitoring tools (SIEM, IDS/IPS, endpoint security) for MGHPCC and AICR environments; define alerting thresholds and response playbooks.
  • Develop, maintain, and exercise an incident response plan; serve as incident commander for significant security events.
  • Manage identity and access management (IAM) governance, including multi-factor authentication and privileged access management.
  • Oversee patch and vulnerability management processes in coordination with systems and infrastructure teams.
  • Manage relationships with managed security service providers (MSSPs) or SOC services to extend 24x7 coverage.

Stakeholder Engagement, Consortium Collaboration & Security Awareness (15%)

  • Develop and maintain security awareness guidance and training for MGHPCC and AICR operational staff.
  • Collaborate with consortium member security leadership on policy alignment, research security strategy, and shared threat intelligence; represent MGHPCC/AICR in higher education security communities (e.g., REN-ISAC, Internet2, Educause, RRCoP).
  • Advise MGHPCC and AICR leadership on security posture; prepare executive-level security briefings and risk summaries.
  • Define and communicate MGHPCC/AICR security requirements for research users, including acceptable use, data classification, and access control expectations.
  • Perform other duties as required.

Supervision Received

This position reports to the Executive Director, AI Computing Resource (AICR)

Supervision Exercised

None

Employment Type

Full-Time, Hybrid (primarily remote with occasional on-site) Some travel to consortium member institutions may be required.

Required Qualifications & Technical Skills

  • Bachelor's degree in Computer Science, Engineering, IT, or a closely related field; or equivalent professional experience.
  • Minimum 7 years of progressive experience in information security, with demonstrated expertise in at least two of the following: security architecture, risk and compliance management, security operations, or incident response.
  • Demonstrated ability to develop and communicate security policy, standards, and risk guidance to both technical and non-technical audiences.
  • Familiarity with research computing or academic IT environments, including multi-tenant infrastructure, shared user communities, and federated identity management.
  • Working knowledge of applicable regulatory and compliance frameworks (e.g., NIST 800-171 / 53 moderate, CMMC or equivalent).
  • Demonstrated hands-on responsibility for deploying and operating security infrastructure, including network security controls, identity and access management, vulnerability management, and security monitoring.
  • Strong oral and written communication skills; ability to produce clear policy documents, risk assessments, and executive briefing materials.

Desired Qualifications & Technical Skills

  • Master's degree in Computer Science, Engineering, Information Systems, or a related discipline.
  • Professional certification(s) such as CISSP, or equivalent.
  • Hands-on experience with securing HPC, GPU cluster, or data center environments, including Linux system hardening, container security (Singularity, Docker, Kubernetes), and high-throughput network architectures.
  • Experience designing or evaluating security for AI/ML workloads, including data pipeline security, model access controls, and awareness of AI-specific threat vectors.
  • Experience working across a consortium, federation, or multi-institution environment, engaging peer security leaders on shared policy, research security requirements, or cross-institutional governance; familiarity with the higher education security landscape is a strong plus.
  • Familiarity with scripting or automation for security tooling (Python, Bash, or similar).
  • Experience managing or overseeing MSSP/SOC service relationships.

Research projects
The US ATLAS Northeast Tier 2 Center
Yale Budget Lab
Volcanic Eruptions Impact on Stratospheric Chemistry & Ozone
Towards a Whole Brain Cellular Atlas
Tornado Path Detection
The Kempner Institute - Unlocking Intelligence
The Institute for Experiential AI
Taming the Energy Appetite of AI Models
All Research Projects

Collaborative projects
CAREERS Cyberteam
Northeast Research and Education Network
Ecosystem for Research Networking
AI Jumpstart
New England Research Cloud
Red Hat Collaboratory
The US ATLAS Northeast Tier 2 Center
Open Cloud Testbed
ALL Collaborative PROJECTS

OUTREACH & EDUCATION PROJECTS
CSTA - Western MA
Girls Inc. Eureka!
Expanding Computing Education Pathways (ECEP) Alliance
See ALL Scholarships
UNIVERSITY PARTNERS
IN PARTNERSHIP WITH
100 Bigelow Street, Holyoke, MA 01040