Vacancy expired!
Job Opening ID: 39994
Reports To: Assistant CISOWorking Title: Security Risk and Compliance SupervisorDepartment: IT SecurityBargaining Unit: 99FLSA: ExemptPayroll Job Code: 005937Job Location: UCI Campus- IrvinePercent of Time: 100%Work Schedule: 8-5, M-FEmployee Class: CareerPosition Summary:The UC Irvine Office of Information Technology (OIT) is responsible for supporting the IT needs of faculty, students, and staff. Our mission is to provide information technology leadership, services, and innovative solutions to promote the research, education and community service goals of the University. The IT Security Risk & Compliance team is responsible for leading the development, implementation and evaluation of campus-wide information security risk management processes and policy. This team also leads campus-wide information security education, training and awareness programs.Under general direction of the Assistant CISO, the Security Risk and Compliance Supervisor receives assignments in the form of objectives with goals and the process by which to meet goals. Provides direction to staff according to established policies and management guidance. Administers policies that directly affect subordinate staff. Recommends changes to department policies and practices. Identifies risks and responds accordingly. Provide priority setting and work flow analysis. Oversees security risk and compliance function. Manages governance, risk & compliance (GRC) tools and supporting technologies, maintains organizational security risk register. Oversees a security awareness and outreach program, and partners with other units within the organization to provide security risk management guidance and communicate security compliance requirements. Performs risk assessments of organization-developed and vendor-procured systems, assessing threats, vulnerabilities, and existing controls of systems. Recommend appropriate risk mitigations and compensating controls prioritized using a risk-based approach, escalating risk red flags to appropriate leadership when necessary.Compensation Range:Commensurate with experienceDepartment Website:https://www.oit.uci.edu/ Required:Five (5) to ten (10) years of experience in information security, especially in an information risk analysis role, risk management and/or IT audit role. Five (5) to ten (10) years of experience with regulatory compliance and information security management frameworks (e.g., IS0 27000, COBIT, NIST 800, etc.).Bachelor's degree or equivalent work experience with an emphasis in computer science, data processing, computer information systems, or in a related field.Excellent critical thinking, persuasion / negotiation, mentoring, leadership / management and problem solving abilities. Broad knowledge of other areas of IT. Ability to create and interpret technical diagrams (e.g., network diagrams, data flow diagrams). Advanced knowledge of IT security risk frameworks and relevant compliance regulations (e.g. NIST 800-171, ISO 27001/27002, NIST CSF, DOJ, PCI-DSS). Human Resources policies and procedures. relating to management responsibilities. Self-motivated with a sense of urgency, and has demonstrated commitment to high standards of ethics, regulatory compliance, and integrity. Advanced knowledge of the IT security function across all IT security domains. Demonstrated knowledge of secure hardware, software and network design techniques. Ability to communicate best practices to diverse audiences. Demonstrated skill in managing technical staff. Excellent verbal and written communication, quantitative and analytical skills. Knowledge of department processes and procedures. Expert knowledge of security risk management methodologies, tools, and security risk assessment processes. Demonstrated skill in conducting internal or external risk assessments and providing guidance on the implementation, monitoring, and reporting of control processes, documentation, and compliance measures and/or remediation items. Ability to identify and assess the severity and potential impact of risks and to communicate findings effectively to risk owners.Preferred:Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), SANS GIAC Security Essentials (GSEC) Project Management Professional (PMP).Familiarity with UC information security policy (i.e., IS-3), program and procedures, and/or higher education experience. Project management experience.Special Conditions Required:Occasional over-time may be required. Must be able to work outside of normal business hours and occasionally on weekends. Must pass a background check. Must possess a valid California Driver's LicenseConditions of EmploymentThe University of California, Irvine (UCI) seeks to provide a safe and healthy environment for the entire UCI community. As part of this commitment, all applicants who accept an offer of employment must comply with the following conditions of employment:- Background Check and Live Scan
- Legal Right to work in the United States
- Vaccination Policies
- Smoking and Tobacco Policy
- Drug Free Environment
- California Child Abuse and Neglect Reporting Act
- E-Verify
- Pre-Placement Health Evaluation
Vacancy expired!