Organizational Area: Information Technology Services- Immediate Office
Location: Oakland, CA
Posting Salary: Commensurate with experience
Position Summary: We are seeking an experienced professional who is looking for their next challenge to join our inclusive and determined team. The Senior Information Security Analyst will be leading efforts to affect organization wide change by interpreting and implementing risk assessment, security frameworks, and regulatory requirements. This is a hands-on role requiring engagement across multiple IT areas including infrastructure, applications, change management, audit, legal, and other groups. Having wide-ranging experience in IT security, risk, and compliance, this role will be someone who applies professional concepts to University of California initiatives to resolve local UCOP and system-wide cyber risk issues, up to and including the most complex problems, with little or no precedent where analysis of situations and data requires an in-depth evaluation of various factors. In this position, you'll direct the selection of methods, techniques and evaluation criteria to obtain results while serving in a lead capacity as a subject matter expert.
The ideal candidate will have experience in: - Risk and compliance assessment and/or management - Securing and remediating risks in both on-premise and cloud hosted environments. - Cybersecurity, vulnerability management, policy creation, and developing standards
Special Conditions of Employment:
Other Special Conditions of Employment: Job offer is contingent on successful completion of a background check.
Job Close Date:
Duty 1: Leads efforts to interpret, implement, and maintain security and compliance frameworks with organization-wide impact. Independently manages programmatic risk assessment and review of new and existing applications and infrastructure to ensure adequate levels of control are in place to address identified risks and develops risk mitigation techniques and processes when necessary. Includes creating and managing risk metrics and dashboards, informing senior leadership decisions, PII reduction efforts, user education, and creation of policies, standards, and procedures to reduce identified risks organization-wide. Function:Compliance Percent: 25
Duty 2: Designs and manages critical partnership with Change Management functions to assess risk and information security for application and infrastructure changes organization-wide. Works with functional representatives and affected stakeholders to address security concerns associated with requests for change (RFCs) and proactively drives concern resolution across all lifecycle phases. Includes attending regular change meetings, reviewing RFCs, identifying security or compliance issues, and tracking compliance-affected data. Function:Change Management Percent: 25
Duty 3: Expertly reviews, analyzes, and makes recommendations for information security risk reducing improvements to UCOP business and IT operational processes. Includes research into current information security and privacy best practices in the context of business and IT processes, working with organization-wide groups to implement critical risk reductions. Function:Risk Assessment Percent: 20
Duty 4: Coordinates with external and internal auditors and system-wide stakeholders, providing points of contact as well as facilitating the creation and delivery of data call items and other forms of evidence for efforts that carry substantial consequences of success or failure. Ensures critical UC applications and supporting infrastructure adhere to security policies and standards by executing compliance checks and periodic review. Includes maintaining compliance documentation, internal reporting, creation of technical compliance controls, and gap assessment. Function:Program Management Percent: 20
Duty 5: Support security operations team in incident management and other duties as assigned. Function:General Support Percent: 10
Job Requirements Bachelor's degree in related area and / or equivalent experience / training.
Minimum 7 years of IT experience with 4 years of information security experience demonstrating advanced knowledge and increasing responsibilities.
Advanced interpersonal skills sufficient to work effectively with both technical and non-technical personnel at various levels in the organization.
Demonstrated experience analyzing business processes and identifying process improvements including streamlining, addressing risk, etc.
Ability to work in a highly collaborative manner in order to achieve results.
Strong working knowledge of common information security regulations and/or standards such as NIST 800-53/CSF, ISO 27001/2, HIPAA, PCI DSS, and SOC.
Demonstrated skill performing information security risk assessments and administering security controls in an enterprise environment. Required
Expert knowledge of Information security and demonstrated skill in the design and development of diverse and complex security policies and procedures.
Confident ability to advise IT system architects, technical project teams, and high-level business managers.
Familiarity with managing information security and risk in cloud hosted environments (Oracle, AWS, Azure), with third parties, and through managed security service providers.
Demonstrated ability to learn new technologies or skills within minimal support or guidance.
Advanced understanding of risk management concepts, metrics, reporting and reporting methodologies.
Demonstrated ability in establishing and managing successful services.
Experience threat modeling and/or consulting on information security and risk with internal stakeholders.
Certifications: CISSP, CISM, or CISA ITIL Foundation Preferred
About us The University of California, one of the largest and most acclaimed institutions of higher learning in the world, is dedicated to excellence in teaching, research and public service. The University of California Office of the President is the corporate headquarters to the ten campuses, five medical centers and three Department of Energy National Labs and enrolls premier students from California, the nation and the world.
The University of California is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, age or protected veteran status.
Copyright 2017 Jobelephant.com Inc. All rights reserved.
About University of California Office of the President
The Office of the President is the systemwide headquarters of the University of California, managing its fiscal and business operations and supporting the academic and research missions across its campuses, labs and medical centers.