Description
Job Posting Details
Benefits of Belonging
Working at UC means being part of this vibrant institution that shines a light on what is possible. People make UC great, and UC recognizes your contributions by making this a great place to work. Excellent retirement and health are just one of the rewards. Learn more about the benefits of working at UC
Department Marketing Statement:
Department Marketing Statement: There is a reason UCSB has been named the Best Place to Work by our local media for several years running. Whether our employees are on our stunning campus, or working remotely or hybrid they tell us they value the flexibility, stability and rich benefits we offer. Come join us as we support the mission of one of the finest public institutions in the nation. UC Santa Barbara is consistently recognized for excellence across broad fields of study. Set alongside the glorious California coast, our dynamic environment inspires scholarly ambition and creativity. Information Technology Services (ITS), the Campus' central IT unit, contributes to UC Santa Barbara's mission of research, teaching, and community service by partnering with the Campus community to efficiently deliver IT infrastructure and enterprise application services to faculty, students, staff, and affiliates. Join us in supporting the technology making world-class research possible!
Brief Summary of Job Duties:
Information Security Risk Analyst Lead in Information Technology Services' Information Assurance and Cybersecurity unit. Primary responsibility involves overseeing core information security functions in the governance, risk, and compliance areas for the university. Responsible for establishing and maintaining an enterprise-wide information security/digital risk management program to support the confidentiality, integrity, and availability of the university's information assets. Responsible for developing and leading a program to identify, evaluate, and report on digital risk to meet compliance and regulatory requirements and align with IS-3 policy, supporting the university's risk posture. Establishes formal guidelines for secure technologies and architectures as well as programs such as GRC tooling, vendor risk assessments, PCI compliance, research security assessments and Unit risk assessments. Collaborates with the CISO to develop and maintain a risk register for location. Along with other ITS leadership and the CISO, develops, manages and reports on digital risk metrics within the university and to UCOP and Regents. Supports internal, UC and third-party audit activities. Collaborates with business units to implement information security practices that meet defined policies and standards.
Required Qualifications:
- Bachelor's degree in related area and / or equivalent experience / training.
- 7-9 years Information Technology experience.
- 4-6 years conducting information security risk assessments.
Preferred Qualifications:
- Excellent knowledge of regulatory compliance/information security frameworks and standards assessment tools such as ISO 27001, GLBA, NIST CSF, NIST RMF, FISMA, HIPAA, PCI DSS, SOC Type II/III, and HECVAT.
- 1-3 years of experience conducting cloud services information security risk assessments.
- Experience using Governance, Risk & Compliance (GRC), vendor risk, risk register, and other security risk management tools and platforms.
- Demonstrated skill in conducting internal or external risk assessments and providing guidance on the implementation, monitoring, and reporting of control processes, documentation, and compliance measures and/or remediation items.
- Ability to identify and assess the severity and potential impact of risks and to communicate findings effectively to risk owners.
- Advanced interpersonal skills sufficient to work effectively with both technical and non-technical personnel at various levels in the organization.
Special Conditions of Employment:
- UCSB is a Tobacco-Free environment
- Satisfactory conviction history background check
Job Functions and Percentages of Time:
50% Risk Analysis and Management - Develop and lead an enterprise-wide information security/digital risk management program to identify, evaluate, and report on digital risk to meet compliance and regulatory requirements and align with IS-3 policy Establish programs such as GRC tooling, vendor risk assessments, PCI compliance, research security assessments, and Unit risk assessments Collaborate with the CISO on the development of risk assessment processes and conduct risk assessment/security validation tests of projects and Units as part of an overall risk management program Collaborate with CISO to develop and maintain risk register for location Collaborate with CISO and Unit Heads to make risk exception determinations Support internal, UC, and third-party audit activities Assist with the assessment of cybersecurity requirements as part of campus procurement activities Provide consultative support to the Office of Research for cybersecurity requirements on grants and gifts
20% System Architecture Design/Secure Configuration and Guideline Development - Establish formal guidelines for secure technologies and architectures Assist with the implementation of IS-3 on campus by acting as a subject matter expert for administrative, academic, and IT constituencies. Collaborate with business Units to implement information security practices meeting defined policies and standards. Contribute to the design and development of campus cybersecurity capabilities carried out by other teams to ensure that these services advance the goals of the campus program.
20% Communication and Leadership - Collaborate with CISO, security operations management and other ITS leadership to develop, manage, and report on digital risk and cybersecurity metrics Provide leadership for UCSB Campus-wide Cybersecurity Awareness Month and general security/digital risk awareness communications Act as member of UCOP Cybersecurity Awareness Committee, providing guidance in creating security awareness activities across UC system Be an active and contributing member of the campus IT community. Be an enthusiastic advocate of information security. Participate in project teams, committees, and policy development. Lead committees appropriate to area of expertise.
10% Continuing Education / Professional Development - Keep up-to-date on information security risk management frameworks and assessment tools. Take courses for professional development and additional certifications as appropriate.
Policy on Vaccination Programs
As a condition of employment, you will be required to comply with the University of California Policy on Vaccinations Programs – With Interim Revisions.
As a condition of Physical Presence at a Location or in a University Program, all Covered Individuals* must participate in any applicable Vaccination Program by providing proof that they are Up-to-Date with any required Vaccines or submitting a request for Exception in a Mandate Program or properly declining vaccination in an Opt-Out Program no later than the Compliance Date (Capitalized terms in this paragraph are defined in the policy.). Federal, state, or local public health directives may impose additional requirements.
For more information, please visit:
- UC Santa Barbara COVID-19 Information https://www.ucsb.edu/COVID-19-information
- University of California Policy on Vaccinations – With Interim Revisions https://policy.ucop.edu/doc/5000695/
* Covered Individuals: A Covered Individual includes anyone designated as Personnel or Students, under this Policy who physically access a University Facility or Program in connection with their employment, appointment, or education/training. A person accessing a Healthcare Location as a patient, or an art, athletics, entertainment, or other publicly accessible venue at a Location as a member of the public, is not a Covered Individual.
Equal Opportunity/Affirmative Action Statement:
UC Santa Barbara is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age or protected veteran status.
For the University of California's Affirmative Action Policy, please visit: https://policy.ucop.edu/doc/4010393/PPSM-20.
For the University of California's Anti-Discrimination Policy, please visit: https://policy.ucop.edu/doc/1001004/Anti-Discrimination.
Reasonable Accommodations:
The University of California endeavors to make https://jobs.ucsb.edu accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact Katherine Abad in Human Resources at 805-893-4664 or email katherine.abad@hr.ucsb.edu. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.
Privacy Notification Statement
Privacy Notification Statement and Notice of Availability of the UCSB Annual Security Report Disclosures
Application Status: If you would like to check the status of your application, please log into the Candidate Gateway where you applied and click on 'my activities'.
Payroll Title: IT Security Analyst 4
Job Code: 000661
Job Open Date: 4/15/24
Application Review Begins: 4/30/24; open until filled
Department Code (Name): ISEC (ENTERPRISE SECURITY SERVICES)
Percentage of Time: 100%
Union Code (Name): 99 (Non-Represented)
Employee Class (Appointment Type): Staff (Career)
FLSA Status: Exempt
Classified Indicator Description (Personnel Program): MSP
Salary Grade: Grade 25
Hiring/Budgeted Salary Range: $114,780 to $146,700/yr.
Full Salary Range: Salary offers are determined based on final candidate qualifications and experience; the budget for the position; and the application of fair, equitable, and consistent pay practices at the University. The full salary range for this position is $101,100 to $192,300/yr. The budgeted salary range that the University reasonably expects to pay for this position is $114,780 to $146,700/yr.
Work Location: SAASB 4101
Working Days and Hours: Monday-Friday; 8:00am - 5:00pm
Benefits Eligibility: Full Benefits
Type of Remote or Hybrid Work Arrangement, if applicable: Hybrid (Both UC & Non-UC locations)
Apply on company website
Find Connections via Linkedin
