The University of California, Berkeley, is one of the world's most iconic teaching and research institutions. Since 1868, Berkeley has fueled a perpetual renaissance, generating unparalleled intellectual, economic and social value in California, the United States and the world. Berkeley's culture of openness, freedom and acceptanceacademic and artistic, political and culturalmake it a very special place for students, faculty and staff.
Berkeley is committed to hiring and developing staff who want to work in a high performing culture that supports the outstanding work of our faculty and students. In deciding whether to apply for a staff position at Berkeley, candidates are strongly encouraged to consider the alignment of the Berkeley Workplace Culture with their potential for success at http://jobs.berkeley.edu/why-berkeley.html.
The Information Security and Policy office (ISP) coordinates the risk management process for UC Berkeley's information systems and directs campus-wide efforts to adequately secure Institutional data. ISP is led by the Chief Information Security Officer and consists of four teams: Assessments & Compliance, Operations, IT Policy, and Identity and Access Management. This position is a part of the Assessments and Compliance team, and reports to the Assessments Manager.
The Assessments and Compliance team is a group of talented information security professionals delivering assessments and managing compliance activities. The team excels at investigation and analysis. As part of this program, you will encounter a wide variety of information systems that meet the needs of researchers, students, and administrators. You will have the opportunity to evaluate and critically analyze applications, networks, and systems in a complex, heterogeneous environment. Your work will have a direct and meaningful impact on data security at a world-class research institution. This position will be focused on addressing compliance obligations: NIST 800-171, GDPR, PCI DSS and the institution's own framework.
As a member of the Information Security and Policy department at UC Berkeley, the Security Analyst 4 (SA4) encounters a wide variety of information systems that support the needs of Campus researchers, students and administrators. The successful SA4 candidate will assess the security of applications, networks, and systems on Campus and in cloud-computing environments. This position will focus on assessments covering external compliance obligations (CA State, PCI DSS, FERPA, FISMA, HIPAA), data-use agreements for academic research, and the University's own information security requirements.
As an Information Security Assessment and Compliance Specialist, you will:
Consult with institutional stakeholders to assess systems and processes against both Campus security policy and external compliance requirements.
Analyze assessment results to identify risks to institutional data.
Document assessment findings and remediation plans, and present reports to campus stakeholders.
Assist stakeholders with interpreting Campus security policy and writing security plans.
Evaluate vendor product and service offerings against internal and external security requirements.
Contribute to Campus security policy enhancements and support socialization of updated policies.
Participate in design, implementation, and administration of a GRC solution.
Excellent verbal and written communication skills.
Ability to work well with personnel of various backgrounds, including the Security team and other campus stakeholders.
3-5 years experience performing information security assessments
Knowledge and understanding of security controls across all security domains, such as access management, encryption, vulnerability management, authentication, authorization, network security, physical security, etc.
Ability to identify security risks in application, system, and network architecture, data flow, and processes or procedures.
Ability to assess the organizational impact of identified security risks and recommend solutions or mitigating controls.
Knowledge of security technologies, devices, hacking techniques, and countermeasures, as well as the threats they are designed to counter.
Experience with developing security reporting and recommendations that are meaningful, defensible, and actionable for a variety of audiences.
Familiarity with NIST 800-series, ISO 27000-series, PCI DSS, CIS and other common security control frameworks.
Professional certifications, such as CISSP or GIAC, are a plus.
Knowledge of OWASP Top 10, CWE/SANS Top 25, or SANS Top 20 Critical Security Controls
Familiarity with federal, state, and industry-based data security/privacy regulations
SANS, ISC2, ISACA or Offensive Security (OSCP/OSCE) certifications
Knowledge of static code analyzers or automated scanning tools
Salary & Benefits
For information on the comprehensive benefits package offered by the University visit:
Please submit your cover letter and resume as a single attachment when applying.
Conviction History Background
This is a designated position requiring fingerprinting and a background check due to the nature of the job responsibilities. Berkeley does hire people with conviction histories and reviews information received in the context of the job responsibilities. The University reserves the right to make employment contingent upon successful completion of the background check.
The University of California was chartered in 1868 and its flagship campus - envisioned as a "City of Learning" - was established at Berkeley, on San Francisco Bay. Today the world's premier public university and a wellspring of innovation, UC Berkeley occupies a 1,232 acre campus with a sylvan 178-acre central core. From this home its academic community makes key contributions to the economic and social well-being of the Bay Area, California, and the nation.