Updated: May 2, 2022 Location: UC Irvine Campus Job Type: Department: IT Security
Job Opening ID: 27786
Reports To: Assistant Chief Information Security Officer
Working Title: Senior Information Security Risk Analyst
Department: OIT IT Security
Bargaining Unit: 99
Payroll Job Code: 007338
Job Location: UCI Campus- Irvine
Percent of Time: 100%
Work Schedule: 8-5, M-F
Employee Class: Career
The UC Irvine Office of Information Technology (OIT) is responsible for supporting the IT needs of faculty, students, and staff. Our mission is to provide information technology leadership, services, and innovative solutions to promote the research, education, and community service goals of the University. The IT Security Risk & Compliance team is responsible for leading the development, implementation and evaluation of campus-wide information security risk management processes and policy. This team also leads campus-wide information security education, training, and awareness programs.
Under general supervision of the Assistant Chief Information Security Officer, the Senior Information Security Risk Analyst is responsible for facilitating and evaluating internal and 3rd party information security risk assessments. The IT Security Analyst also provides risk remediation recommendations to mitigate identified control gaps and drives awareness of available supporting resources and technologies. This role works closely with stakeholders across campus to ensure that risks are well documented and clearly communicated. This role is also responsible for leading the campus-wide information security awareness program, and continuously improving campus-facing and specialized resources, including the information security website, GRC platform and risk register.
Three (3) or more years of experience in information security, especially in an information risk analysis role, risk management and/or IT audit role.
Three (3) or more years of experience with regulatory compliance and information security management frameworks (e.g., IS0 27000, COBIT, NIST 800, etc.)
BS or MA in Business, Computer Science, Information Security, Business Information Systems, or a related field
Knowledge of common cybersecurity frameworks and standards (e.g., NIST 800-171, ISO 27001/27002).
Demonstrated skill in conducting internal or external risk assessments and providing guidance on the implementation, monitoring, and reporting of control processes, documentation, and compliance measures and/or remediation items. Interpersonal skills sufficient to work effectively with both technical and non-technical personnel at various levels in the organization.
Ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative and actionable manner.
Ability to follow department processes and procedures, including knowledge of other areas of IT, department processes and procedures.
Knowledge of common computer hardware, software, and network security issues.
Proven prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part.
Ability to identify and assess the severity and potential impact of risks and to communicate findings effectively to risk owners.
Self-motivated with a sense of urgency, and has demonstrated commitment to high standards of ethics, regulatory compliance, and integrity.
Demonstrated alignment to UCI Office of Information Technology values: collaboration, customer-centricity, inclusiveness, learning and growth, quality, respect, transparency, and trust.
Higher education experience.
Prior experience managing a security awareness program.
Familiarity with UC information security policy (i.e., IS-3), program and procedures.
Ability to create and interpret technical diagrams (e.g., network diagrams, data flow diagrams).
Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM). Project Management Professional (PMP).
Final candidate subject to background check. As a federal contractor, UC Irvine is required to use E-Verify to confirm the work status of individuals assigned to perform substantial work under certain federal contracts/subcontracts.
The University of California, Irvine is an Equal Opportunity/Affirmative Action Employer advancing inclusive excellence. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age, protected veteran status, or other protected categories covered by the UC nondiscrimination policy.
UCI provides reasonable accommodations for applicants with disabilities upon request. For more information, please contact Human Resources at (949) 824-0500.
Since 1965, the University of California, Irvine has combined the strengths of a major research university with the bounty of an incomparable Southern California location. UCI's unyielding commitment to rigorous academics, cutting-edge research, and leadership and character development makes the campus a driving force for innovation and discovery that serves our local, national and global communities.