Assessments Security Analyst (7338U) 32618 About Berkeley
At the University of California, Berkeley, we are committed to creating a community that fosters equity of experience and opportunity, and ensures that students, faculty, and staff of all backgrounds feel safe, welcome and included. Our culture of openness, freedom and belonging make it a special place for students, faculty and staff.
The University of California, Berkeley, is one of the world's leading institutions of higher education, distinguished by its combination of internationally recognized academic and research excellence; the transformative opportunity it provides to a large and diverse student body; its public mission and commitment to equity and social justice; and its roots in the California experience, animated by such values as innovation, questioning the status quo, and respect for the environment and nature. Since its founding in 1868, Berkeley has fueled a perpetual renaissance, generating unparalleled intellectual, economic and social value in California, the United States and the world.
We are looking for equity-minded applicants who represent the full diversity of California and who demonstrate a sensitivity to and understanding of the diverse academic, socioeconomic, cultural, disability, gender identity, sexual orientation, and ethnic backgrounds present in our community. When you join the team at Berkeley, you can expect to be part of an inclusive, innovative and equity-focused community that approaches higher education as a matter of social justice that requires broad collaboration among faculty, staff, students and community partners. In deciding whether to apply for a position at Berkeley, you are strongly encouraged to consider whether your values align with our Guiding Values and Principles , our Principles of Community , and our Strategic Plan .
Departmental Overview
The Information Security Office (ISO) coordinates the risk management process for UC Berkeley's information systems and directs campus-wide efforts to adequately secure Institutional data. ISO is led by the Chief Information Security Officer and consists of five teams: Policy and Outreach, Security Operations, Development and Engineering, Identity Management, and Security Assessments. This position is part of the Security Assessments team and reports to the Security Assessments Supervisor.
The Office of the CIO and Information Services & Technology (OCIO/IST) believe in and foster a workplace environment where people can bring their diverse skills, perspectives and experiences toward achieving our goals through a process of critical inquiry, discovery, innovation, while simultaneously committing to making positive contributions towards the betterment of our world.
In addition, members of the OCIO/IST community have created and endorse the following values for our organization to augment and amplify the campus principles:
We champion diversity.
We act with integrity.
We deliver.
We innovate.
Diversity, Inclusion, and Belonging are more than just suggestions for us. They are the guiding principles underlying how we come together, develop leaders at all levels of the organization, and create an environment that unites us. We affirm the dignity of all individuals, call upon our leaders to address critical issues with integrity and intention, respect our differences as well as our commonalities, and strive to uphold a just community free from discrimination and hate.
Application Review Date
The First Review Date for this job is: 3/23/2022
Responsibilities
Position Overview
The Information Security Analyst (ISA) will perform security assessments of:
Units (divisions and departments)
IT systems and services
Third-party vendors
Research environments
The ISA will also provide consulting services to campus stakeholders. The primary focus is to support units in managing information security risk and achieving alignment with external compliance requirements and information security policies. External compliance requirements include but are not limited to:
California State Committee for the Protection of Human Subjects (CPHS)
Payment Card Industry Data Security Standard (PCI-DSS)
Health Insurance Portability and Accountability Act (HIPAA)
Responsibilities
Conduct security assessment services in accordance with standard approaches.
Determine whether security controls are implemented to manage risk to an acceptable level.
Document evidence gathered, results of procedures performed, and findings identified.
Communicate assessment results and make recommendations through meetings and assessment reports.
Provide advice and guidance on classifying data and information systems.
Provide advice and guidance on adherence to information security policy, standards, and guidelines.
Participate in workgroups in support of establishing and maintaining information security policies, standards, and guidelines.
Work independently or as a part of a team on projects to further ISO's strategic priorities.
Team up with other campus security analysts to analyze emerging threats and development of risk action plans.
Gather information, analyze, and resolve security tickets on a periodic analyst rotation (during normal business hours).
Required Qualifications
Minimum of 1-2 years of experience in information security (e.g., IT/security audit, IT risk assessment, security administrator, security analyst/engineer, compliance analyst, security consultant, or penetration tester).
Ability to assess risk and evaluate the design and implementation of administrative, physical, and technical security controls.
Excellent written and oral communication skills, including the ability to compose concise and accurate assessment reports as well as the ability to articulate key points to both technical and non-technical audiences.
Demonstrated ability to:
Quickly understand diverse and complex business environments
Problem solve
Interface with a variety of personalities
Contribute within a team of security professionals, as well as the capability to work independently with only general direction
General knowledge of:
Risk and security control assessment methodologies and practices
Exception management practices
Information security standards such as ISO 27001, and CIS Critical Security Controls, NIST CSF, and NIST 800-53
Information security laws and regulations (e.g., PCI DSS and HIPAA)
Information and information system classification models
Information security technologies and methods to design and implement security controls (e.g., basic cryptographic principles, common secure communications protocols, host security, network security, etc.)
Salary & Benefits
Salary commensurate with experience. For information on the comprehensive benefits package offered by the University visit:
https://ucnet.universityofcalifornia.edu/compensation-and-benefits/index.html