Senior IT Security Analyst, Risk & Compliance - 112257
#112257 Senior IT Security Analyst, Risk & ComplianceInitial Review Date: Wed 10/20/2021
For the safety and well-being of the entire university community, the University of California requires, with few exceptions, that all students, faculty and staff be vaccinated against the COVID-19 virus and influenza before they will be allowed on campus or in a facility or office. For more information visit: Flu Vaccine Mandate / COVID Vaccine Policy
UC San Diego Policy will not allow this position to receive work visa sponsorship.
Fully remote or Hybrid work will be considered.
UC San Diego is ranked the 9th best public university in the nation by U.S. News and World Report and is the largest employer based in San Diego County. Reporting to the VC-CFO, Information Technology Services (ITS) delivers Enterprise information technology services to the University of California, San Diego (UCSD) under the leadership of the campus Chief Information Officer (CIO).
Information Technology Services (IT Services) uses world-class services and technologies to empower UC San Diego's mission to transform California and the world as a student-centered, research-focused, service-oriented public university. As a strategic member of the UC San Diego community, IT Services embraces innovation in their delivery of IT services, infrastructure, applications, and support. IT Services is customer-focused and committed to collaboration, continuous improvement, and accountability.
Equity, Diversity, and Inclusion are core values at UC San Diego and within Information Technology Services. Crafting a culture around these values allows us to more deeply connect with and appreciate our employees, students, and campus partners. Information Technology Services is continuously working to build a community where we all feel safe, empowered, and encouraged to bring our authentic selves to work. We do this not only because it is what’s right, but because we know that diversity drives insight and innovation. We are proud to partner closely UC San Diego’s Office for Equity, Diversity, and Inclusion, as their dedication to this mission helps us all to drive change.
The Office of Information Assurance (OIA), a department within ITS, is responsible for the infrastructure, policies, standards and training necessary to ensure the achievement of the security and privacy goals of the University. Collaborating closely with various campus resources and partners, the department identifies, responds to and mitigates information security/privacy risks, threats and vulnerabilities. OIA delivers a comprehensive set of enterprise security services in the areas of security policy, assessment, compliance, consulting, operations, incident response and risk management. The department is responsible for the design, deployment and administration of network, endpoint, application, and information asset protection systems. Information Security staff also work closely with the IT Infrastructure and Operations department to provide the campus-wide network/security infrastructure. The Senior Risk and Compliance analyst joins a small team dedicated to evaluating and measuring UC San Diego’s risk posture. This will include leading a number of compliance activities related to Controlled Unclassified Information, PCI, and contributing to our CMMC program. You will manage our responses to eDiscovery and similar requests. Perform gap analyses and risk assessments for a number of systems, programs, and vendors and work with system and service owners on bringing them into compliance with external and UC policy. This position requires expert knowledge of security engineering and the ability to design compensation controls and to act as trusted counsel to staff and faculty on most domains of security.
- Drives the implementation and enhancement of security processes across the organization to reduce information security risk, address threat and vulnerabilities to information assets, monitor compliance to policy, and improve the overall security posture of the University.
- Provides recommendations for security controls and ensures remediation of any deficiencies to ensure compliance with campus policy and regulatory requirements
- Monitor compliance to policy and improve the overall security posture of the University.
- Assist with or manage audits by UC or external auditors
- A Bachelor's Degree in Computer Science, Information Security or a closely-related field AND three (3) years of related experience in information security in an enterprise environment and/or equivalent combination of education and experience.
- Extensive expertise in security policy creation and compliance monitoring, auditing methodology, and conducting technology risk assessments. Advanced experience with web application and network/endpoint vulnerability scanning and remediation, pen testing, sensitive data discovery and data loss prevention systems.
- Demonstrated skills applying security controls to computer software and hardware. Solid understanding of information Required security policies, standards, industry best practices, and frameworks. (ISO 27K, NIST 800-115, PCI DSS, HIPAA,FERPA, etc.)
- In-depth knowledge of computer hardware, software and network security issues and approaches.
- Advanced experience using IT security systems and tools. Expertise in using security tools such as Qualys/Nessus, Required IBM Appscan, nmap, Wireshark, Metasploit, etc.
- Demonstrated skill at administering complex security controls and configurations to computer hardware, software and networks. Understanding of network/host firewalls, application gateways/proxies, anti-malware, patch management, disk encryption, centralized configuration, log management, system hardening practices, etc.
- Professional security certifications such as CISSP, GIAC, CCIE/CCNA Security, ITIL are preferred.
Our employees enjoy competitive compensation packages and educational opportunities in a diverse, stimulating workforce. This position is eligible for full: - Health/Dental/Vision Insurance- Vacation/Holidays - Life Insurance- UC Retirement Plan.
For more information about UCSD Benefits visit - http://blink.ucsd.edu/HR/benefits/index.html and UCSD Work/Life visit https://blink.ucsd.edu/HR/benefits/work-life/index.html
To calculate an approximate value of the UC Total Compensation package, please click here: http://ucnet.universityofcalifornia.edu/compensation-and-benefits/total-compensation-calculator.php
Job offer is contingent on clear background check.Employee must be able to, if the need arises, to attain federal security clearance.Employee must be available to work evenings, weekends, and holidays.Employee must be available to travel as required.Must be willing and able to work on a rotating on-call basis.
Job offer is contingent on successful engagement in the UC COVID-19 Vaccination program (fully vaccinated with documented proof or approved exception/deferral).
The University of California is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, age, protected veteran status, gender identity or sexual orientation. For the complete University of California nondiscrimination and affirmative action policy see: http://www-hr.ucsd.edu/saa/nondiscr.html
UC San Diego is a smoke and tobacco free environment. Please visit smokefree.ucsd.edu for more information.