UC San Diego Policy will not allow this position to receive work visa sponsorship.
Fully remote or Hybrid work will be considered.
UC San Diego is ranked the 9th best public university in the nation by U.S. News and World Report and is the largest employer based in San Diego County. Reporting to the VC-CFO, Information Technology Services (ITS) delivers Enterprise information technology services to the University of California, San Diego (UCSD) under the leadership of the campus Chief Information Officer (CIO).
Information Technology Services (IT Services) uses world-class services and technologies to empower UC San Diego's mission to transform California and the world as a student-centered, research-focused, service-oriented public university. As a strategic member of the UC San Diego community, IT Services embraces innovation in their delivery of IT services, infrastructure, applications, and support. IT Services is customer-focused and committed to collaboration, continuous improvement, and accountability.
Equity, Diversity, and Inclusion are core values at UC San Diego and within Information Technology Services. Crafting a culture around these values allows us to more deeply connect with and appreciate our employees, students, and campus partners. Information Technology Services is continuously working to build a community where we all feel safe, empowered, and encouraged to bring our authentic selves to work. We do this not only because it is what's right, but because we know that diversity drives insight and innovation. We are proud to partner closely UC San Diego's Office for Equity, Diversity, and Inclusion, as their dedication to this mission helps us all to drive change.
The Office of Information Assurance (OIA), a department within ITS, is responsible for the infrastructure, policies, standards and training necessary to ensure the achievement of the security and privacy goals of the University. Collaborating closely with various campus resources and partners, the department identifies, responds to and mitigates information security/privacy risks, threats and vulnerabilities. OIA delivers a comprehensive set of enterprise security services in the areas of security policy, assessment, compliance, consulting, operations, incident response and risk management. The department is responsible for the design, deployment and administration of network, endpoint, application, and information asset protection systems. Information Security staff also work closely with the IT Infrastructure and Operations department to provide the campus-wide network/security infrastructure. The Senior Risk and Compliance analyst joins a small team dedicated to evaluating and measuring UC San Diego's risk posture. This will include leading a number of compliance activities related to Controlled Unclassified Information, PCI, and contributing to our CMMC program. You will manage our responses to eDiscovery and similar requests. Perform gap analyses and risk assessments for a number of systems, programs, and vendors and work with system and service owners on bringing them into compliance with external and UC policy. This position requires expert knowledge of security engineering and the ability to design compensation controls and to act as trusted counsel to staff and faculty on most domains of security.
Drives the implementation and enhancement of security processes across the organization to reduce information security risk, address threat and vulnerabilities to information assets, monitor compliance to policy, and improve the overall security posture of the University.
Provides recommendations for security controls and ensures remediation of any deficiencies to ensure compliance with campus policy and regulatory requirements
Monitor compliance to policy and improve the overall security posture of the University.
Assist with or manage audits by UC or external auditors
A Bachelor's Degree in Computer Science, Information Security or a closely-related field AND three (3) years of related experience in information security in an enterprise environment and/or equivalent combination of education and experience.
Extensive expertise in security policy creation and compliance monitoring, auditing methodology, and conducting technology risk assessments. Advanced experience with web application and network/endpoint vulnerability scanning and remediation, pen testing, sensitive data discovery and data loss prevention systems.
Demonstrated skills applying security controls to computer software and hardware. Solid understanding of information Required security policies, standards, industry best practices, and frameworks. (ISO 27K, NIST 800-115, PCI DSS, HIPA
UC San Diego is an academic powerhouse and economic engine, recognized as one of the top 8 public universities by U.S. News and World Report. Innovation is central to who we are and what we do. Here, students learn that knowledge isn't just acquired in the classroom - life is their laboratory. UC San Diego's rich academic portfolio includes six undergraduate colleges, five academic divisions and five graduate and professional schools. The university's award-winning scholars are experts at the forefront of their fields with an impressive track record for achieving scientific, medical and technological breakthroughs.