DESCRIPTION

UC San Diego is ranked the 9th best public university in the nation by U.S. News and World Report and is the largest employer based in San Diego County. Reporting to the VC-CFO, Information Technology Services (ITS) delivers Enterprise information technology services to the University of California, San Diego (UCSD) under the leadership of the campus Chief Information Officer (CIO).

Information Technology Services (IT Services) uses world-class services and technologies to empower UC San Diego's mission to transform California and the world as a student-centered, research-focused, service-oriented public university. As a strategic member of the UC San Diego community, IT Services embraces innovation in their delivery of IT services, infrastructure, applications, and support. IT Services is customer-focused and committed to collaboration, continuous improvement, and accountability.

Equity, Diversity, and Inclusion are core values at UC San Diego and within Information Technology Services. Crafting a culture around these values allows us to more deeply connect with and appreciate our employees, students, and campus partners. Information Technology Services is continuously working to build a community where we all feel safe, empowered, and encouraged to bring our authentic selves to work. We do this not only because it is what’s right, but because we know that diversity drives insight and innovation. We are proud to partner closely UC San Diego’s Office for Equity, Diversity, and Inclusion, as their dedication to this mission helps us all to drive change.

The Office of Information Assurance (OIA), a department within ITS, is responsible for the infrastructure, policies, standards and training necessary to ensure the achievement of the security and privacy goals of the University. Collaborating closely with various campus resources and partners, the department identifies, responds to and mitigates information security/privacy risks, threats and vulnerabilities.

POSITION OVERVIEW:

OIA delivers a comprehensive set of enterprise security services in the areas of security policy, assessment, compliance, consulting, operations, incident response and risk management. The department is responsible for the design, deployment and administration of network, endpoint, application, and information asset protection systems. Information Security staff also work closely with the IT Infrastructure and Operations department to provide the campus-wide network/security infrastructure.

The Senior Risk and Compliance Analyst joins a small team dedicated to evaluating and measuring UC San Diego’s risk posture. This will include leading a number of compliance activities related to Controlled Unclassified Information, supplier risk management, and data security reviews. You will manage our responses to eDiscovery and similar requests. Perform gap analyses and risk assessments for a variety of systems, programs, and vendors and work with system and service owners on bringing them into compliance with external and UC policy. This position requires expert knowledge of security engineering and the ability to design compensation controls and to act as trusted counsel to staff and faculty on most domains of security.

Responsibilities:

* Drives the implementation and enhancement of security processes across the organization to reduce information security risk, address threat and vulnerabilities to information assets, monitor compliance to policy, and improve the overall security posture of the University.

* Provides recommendations for security controls and ensures remediation of any deficiencies to ensure compliance with campus policy and regulatory requirements

* Monitor compliance to policy and improve the overall security posture of the University.

* Assist with or manage audits by UC or external auditors

~This position is eligible for a flexible work arrangement, which could include a non-standard work schedule, and/or the ability to work off-site part of the time.

QUALIFICATIONS

• Bachelor's Degree in Computer Science, Information Security or a closely related field AND three (3) years of related experience in information security in an enterprise environment and/or equivalent combination of education and experience.

• Extensive expertise in security policy creation and compliance monitoring, auditing methodology, and conducting technology risk assessments. Advanced experience with web application and network/endpoint vulnerability scanning and remediation, pen testing, sensitive data discovery and data loss prevention systems.

• Demonstrated skills applying security controls to computer software and hardware. Solid understanding of information security policies, standards, industry best practices, and frameworks. (ISO 27K, NIST 800-115, PCI DSS, HIPAA, FERPA, etc.)

• In-depth knowledge of computer hardware, software and network security issues and approaches.

• Advanced experience using IT security systems and tools. Expertise in using security tools such as Qualys/Nessus, IBM Appscan, nmap, Wireshark, Metasploit, etc.

• Must be able to obtain/maintain a Federal security clearance.

Preferred Qualifications:

• Demonstrated skill at administering complex security controls and configurations to computer hardware, software and networks. Understanding of network/host firewalls, application gateways/proxies, anti-malware, patch management, disk encryption, centralized configuration, log management, system hardening practices, etc.

• Professional security certifications such as CISSP, GIAC, CCIE/CCNA Security, ITIL are preferred.

SPECIAL CONDITIONS

• Job offer is contingent upon satisfactory clearance based on background check results.

• Employee must be able to, if the need arises, attain federal security clearance.

• Employee must be available to work evenings, weekends, and holidays.

• Employee must be available to travel as required.

• Must be willing and able to work on a rotating on-call basis.

• This position is eligible for a flexible work arrangement, which could include a non-standard work schedule, and/or the ability to work off-site part of the time.