Posting Salary: Salary Commensurate with Experience
Position Summary: The University of California is a premier higher education system spanning 10 campuses, 5 nationally ranked academic health systems and a national research laboratory. With over 238,000 students, over 190,000 employees, and over $27 billion dollars in revenue, the University represents a complex, diverse organization that stands as a leader in teaching, research, public service and patient care throughout California and the world. Critical to the success of the University is an effective cybersecurity program that works to ensure the adequate protection of information systems and data. As a Cybersecurity Audit Analyst, you will join a highly specialized team that is responsible for conducting audits and advisory service projects to provide independent assurance that cybersecurity controls are implemented adequately and as designed to effectively reduce cyber-risks. The extensive and diverse nature of operations across the UC system provides a unique opportunity to work with a broad variety of systems, networks, and data. You'll use the most complex and advanced analysis techniques which require an extensive understanding of cybersecurity technical controls, IT networks, and systems. You will execute cybersecurity-focused internal audit, advisory, and compliance projects leveraging established standards and a broad knowledge of industry regulations and best practice frameworks including NIST, ISO, COBIT, HIPAA, CIS Critical Security Controls and other guidance. In addition, you will have deep knowledge and experience working with network configurations, protocols, operating systems, software, and web applications, etc. to identify vulnerabilities, and assess risk and IT control effectiveness. You will be expected to leverage this expertise, combined with frameworks, regulations, and other guidance, to evaluate cybersecurity posture of an organization. Essential to your success in this role will be strong analytic and IT technical skills to evaluate highly complex and diverse IT systems while maintaining the ability to understand and relate the risks to the organization's overall security posture. Applicants will be expected to have a bachelor's degree in a related area and relevant experience, and/or equivalent experience/training. You will also be required to have a professional specialized certification, preferably industry security or audit certification (e.g., CISSP, CISA, GIAC).
Special Conditions of Employment: Overtime Travel outside of normal business hours
Other Special Conditions of Employment:
Job Close Date:
Duty 1: Working as a member of the Cybersecurity Audit Team, supports cybersecurity audit projects that require the most complex and advanced analysis techniques, including an extensive understanding of cybersecurity technical controls, IT networks, and systems. Executes cybersecurity focused internal audit and compliance projects leveraging established standards and a broad knowledge of industry regulations and best practice frameworks including NIST, ISO, COBIT, HIPAA and other guidance.
Performs detailed evaluations of technical controls and configuration of networks and systems requiring a deep knowledge of a wide variety of IT systems, networks and security controls, including the use of specialized software such as vulnerability scanning and/or network mapping tools. Leverages extensive understanding of IT technologies, cybersecurity risks, and controls to develop effective audit approaches that identify the highest risk issues and advise leadership on the best approach for addressing the identified issues from the audit. Function:Cybersecurity Audit Team Percent: 65
Duty 2: In an advisory role, develops audit and compliance control frameworks to monitor IT production environments for potential system integrity exposure and control weaknesses. Function:Monitor IT Production Environments Percent: 25
Duty 3: Working with the cybersecurity audit specialists will develop drafts of formal written reports to communicate complex and often times highly technical audit and compliance results to all levels of management, and makes recommendations as appropriate. Function:Develop Written Reports Percent: 10
Job Requirements Bachelor's degree in related area and/or equivalent experience/training. Professional certification preferred.
Has advanced knowledge of audit and compliance function.
Also has knowledge of finance, accounting, business and systems operations.
Is able to apply appropriate policies and practices in the completion of audit and compliance assignments.
Is able to extract, verify, compile and develop recommendations related to audit and compliance results.
Has an understanding of the interrelationship of procedures and desired results.
Requires ability to present complex audit findings in a clear and concise manner, both in writing and verbally.
Familiarity and experience using network scanning and vulnerability assessment tools to evaluate system configurations, vulnerabilities, and assess them against security standards.
Knowledge and experience working with network configurations including TCP/IP and UDP networking protocols to identify vulnerabilities, and assess risk and IT controls (e.g. firewalls) effectiveness.
Familiarity and experience working with various IT security control frameworks and guidance such as NIST, CIS, ISO, CoBIT and others to evaluate cybersecurity posture of an organization.
Strong analytic and IT technical skills to evaluate highly complex and diverse IT systems while maintaining the ability to understand and relate the risks to the organization's overall security posture.
Knowledge and experience performing assessments and audits in large diverse IT organizations with multiple software and hardware environments with distributed oversight. Required
Professional specialized certification required. Prefer industry security and/or audit certification (e.g., CISSP, CISA, GIAC)
Familiarity and experience working in healthcare.
Familiarity and experience working in higher education.
Experience in IT security or IT operations. Preferred
About us The University of California, one of the largest and most acclaimed institutions of higher learning in the world, is dedicated to excellence in teaching, research and public service. The University of California Office of the President is the corporate headquarters to the ten campuses, five medical centers and three Department of Energy National Labs and enrolls premier students from California, the nation and the world.
The University of California is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, age or protected veteran status.