Posting Salary: Salary commensurate with experience.
Position Summary: Having wide-ranging cybersecurity and risk management experience, uses audit and compliance concepts and objectives to resolve the most complex issues with system-wide impact. Works on most complex cybersecurity issues with little or no precedent where analysis of situations or data requires an in-depth evaluation of variable factors. Exercises judgment in selecting audit and compliance methods, techniques, tools, and evaluation criteria for obtaining appropriate results. Interacts with all levels, including senior internal and external personnel. Internal and external contacts often pertain to overall plans and objectives. Is considered a subject matter expert and often recognized as an expert externally in the industry. Responsible for coordinating and administering the highest complexity internal audit and compliance assignments, including investigations.
Special Conditions of Employment: Travel outside of normal business hours
Other Special Conditions of Employment: Successful completion of a background check is required for appointment to this critical position.
Job Close Date:
Duty 1: Performs cybersecurity audit projects as part of the cybersecurity audit team that require the most complex and advanced analysis techniques, including an extensive understanding of cybersecurity technical controls, IT networks, and systems. Executes cybersecurity-focused internal audit and compliance projects leveraging established standards and a broad knowledge of industry regulations and best practice frameworks including NIST, ISO, COBIT, HIPAA and other guidance. Performs detailed evaluations of technical controls and configuration of networks and systems requiring a deep knowledge of a wide variety of IT systems, networks and security controls, including the use of specialized software such as vulnerability scanning and/or network mapping tools. Leverages extensive understanding of IT technologies, cybersecurity risks, and controls to develop effective audit approaches that identify the highest risk issues and advise leadership on the best approach for addressing the identified issues from the audit. Function:1 Percent: 55
Duty 2: In an advisory role, develops audit and compliance control frameworks to monitor IT production environments for potential system integrity exposure and control weaknesses. Function:2 Percent: 20
Duty 3: Develops formal written reports to communicate complex and often times highly technical audit and compliance results to all levels of management, and makes recommendations as appropriate. Function:3 Percent: 10
Duty 4: May oversee other audit and compliance personnel and/or independently manage specialized cybersecurity audit and compliance programs on a project basis. Function:4 Percent: 10
Duty 5: Conducts and leads investigations. Function:5 Percent: 5
Job Requirements Bachelor's degree in related area and a minimum of ten years relevant experience, and/or equivalent experience/training. Required
Professional specialized certification required. Prefer industry security and/or audit certification (e.g., CISSP, CISA, GIAC) Required
Has advanced audit and compliance related knowledge and skills.
Has thorough knowledge of finance, accounting, business and systems operations.
Applies sound audit and compliance principles and standards in completing more complex and diverse assignments.
Requires an in-depth knowledge of the audit and compliance function.
Requires the ability to gather, organize, analyze, and report on findings and recommendations that are complex in nature.
Must be able to communicate complex information to all levels of management and administrators in a clear and concise manner both written and verbal.
Familiarity and experience using network scanning and vulnerability assessment tools to evaluate system configurations, vulnerabilities, and assess them against security standards.
Knowledge and experience working with network configurations including TCP/IP and UDP networking protocols to identify vulnerabilities, and assess risk and IT controls (e.g. firewalls) effectiveness.
Familiarity and experience working with various IT security control frameworks and guidance such as NIST, CIS, ISO, CoBIT and others to evaluate cybersecurity posture of an organization.
Strong analytic and IT technical skills to evaluate highly complex and diverse IT systems while maintaining the ability to understand and relate the risks to the organization's overall security posture.
Knowledge and experience performing assessments and audits in large diverse IT organizations with multiple software and hardware environments with distributed oversight. Required
Familiarity and experience working in healthcare.
Familiarity and experience working in higher education.
Experience in IT security or IT operations. Preferred
About us The University of California, one of the largest and most acclaimed institutions of higher learning in the world, is dedicated to excellence in teaching, research and public service. The University of California Office of the President is the corporate headquarters to the ten campuses, five medical centers and three Department of Energy National Labs and enrolls premier students from California, the nation and the world.
The University of California is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, age or protected veteran status.