The Information Security Risk Analyst will be responsible for ensuring the success of UCLA's Cybersecurity Risk Management strategy. As part of the Governance Risk & Compliance (GRC) team this role will work closely with business stakeholders, technology experts, cybersecurity professionals, and industry partners to ensure policies, procedures, and technology systems align with UCLA's goals and compliance requirements to support and drive a culture of proactively managing cyber risk. This role will help proselytize governance, risk and compliance to support and drive a culture of proactively managing cyber risk for the UCLA Campus. This individual will own and coordinate risk assessments in the areas of IT, information security, risk management & compliance. They will also own remediation of non-compliant areas of IT. Additionally, they will support the development and implementation of IT security awareness programs for both technical and non-technical audiences.
The Information Security Risk Analyst will positively impact UCLA's operations and culture by protecting University stakeholders' to effectively implement and maintain UCLA's GRC framework, ensuring compliance with relevant regulations and standards, and providing insightful analysis of risk and control data. This team member will advance the University's mission by delivering exceptional security service comprehensively and consistently across faculty, staff, and students. This role will execute UCLA's vision while modeling UCLA's culture and values.
Salary & Compensation
- UCLA provides a full pay range. Actual salary offers consider factors, including budget, prior experience, skills, knowledge, abilities, education, licensure and certifications, and other business considerations. Salary offers at the top of the range are not common. Visit UC Benefit package to discover benefits that start on day one, and UC Total Compensation Estimator to calculate the total compensation value with benefits.
Qualifications
-
Three years experience working in one or more of the following fields: computer science, cybersecurity, computer information systems . (Required)
- Three years performing technical assessments in direct support of a major compliance efforts, such as PCI, GDPR, NIST- CSF, ISO 27001, CMMC, FISMA, FedRAMP, or a related field. (Required)
- Experience using IT security systems and tools. (Required)
- Experience in performing risk, privacy, and data protection impact analyses, vendor reviews and maintaining records of processing. (Required)
- Experience in complex higher education environments, serving academic and administrative functions of a large public university. (Preferred)
- Demonstrated skills applying security controls to computer software and hardware. Demonstrated skill with applying complex security controls and configurations to computer hardware, software and networks. (Required)
-
Strong written and verbal communication skills and is able to communicate technical information and ideas to a diverse community of colleagues and stakeholders. (Required)
-
Able to establish and advance positive working relationships and a strong rapport with team members, stakeholders, and customers. (Required)
-
Strong organizational skills and is able to balance competing priorities and support concurrent projects. Ability to work in a project-based environment using project management practices. (Required)
-
Strong demonstrated problem-solving skills; scopes solutions based on knowledge of available resources and timelines. Able to ask questions, gather information, evaluate options, and make decisions with integrity. (Required)
-
Able to participate in activities to advance an inclusive environment that values equity, diversity, inclusion and belonging. (Required)
-
Thinks creatively and proposes innovative ideas, including the incorporation of new technologies or processes. Is able to work with agility in a fast-paced environment. (Required)
Education, Licenses, Certifications & Personal Affiliations
-
Bachelor's Degree in one or more of the following fields: information technology, cybersecurity, computer science, engineering, public administration, business administration, communications, or a related field. (Required)
- Bachelor's Degree In one or more of the following fields: information technology, cybersecurity, computer science, engineering, public administration, business administration, communications. (Preferred)
- Certified Information Security Manager (CISM) (Preferred)
- Certified Information Systems Auditor (CISA) (Preferred)
- Certified Information System Security Professional (CISSP) (Preferred)
Special Conditions for Employment
This position is eligible for a hybrid work arrangement that includes regular visits to campus as needed (for those who work remotely, travel/lodging expenses are not eligible for reimbursement).
The anticipated pay range for this position is $113,166-$127,915, annually; salary is dependent upon the skills and experience of the selected finalist.
NOTE: This position REQUIRES that a RESUME and COVER LETTER be submitted in addition to the application. Please have these two files ready to upload when applying.
-
Background Check: Continued employment is contingent upon the completion of a satisfactory background investigation.
-
Live Scan Background Check: A Live Scan background check must be completed prior to the start of employment.
Schedule
8:00 A.M. to 5:00 P.M. PT, Monday through Friday and/or variable based upon operational needs.
Union/Policy Covered
99-Policy Covered
Complete Position Description
https://universityofcalifornia.marketpayjobs.com/ShowJob.aspx?EntityID=38&jobcode=MI-DPT455400-JC007338-PD189446