Job Postings

Open Staff Positions:

Security Assessments Manager

As Manager, you will work with our amazingly talented and high-performing Security Assessments team. These professionals are dedicated to reducing institutional risk through the critical analysis of information technology systems. As manager you’ll be coordinating the critical analysis of these applications, networks, and systems in a complex, heterogeneous environment. The work will have a direct and meaningful impact on information security at our world-class research institution.

Responsibilities

The Security Assessments Team is a talented, and high-performing team of Information Security professionals dedicated to reducing institutional risk through the critical analysis of information technology systems. As manager of this highly technical group, you will encounter a wide variety of information systems critical to supporting the campus mission of teaching, research, and public service. You will have the opportunity to reduce institutional risk through coordinating critical analysis of these applications, networks, and systems in a complex, heterogeneous environment. Your work will have a direct and meaningful impact on information security at a world-class research institution.

Key responsibilities include:

  • Coordinate Security Assessments engagements across the institution

  • Using a risk-based approach, establish goals, direction, and scheduling for Security Assessments Team team workload

  • Review team work products to identify and escalate key risks to institutional data

  • Consult with institutional stakeholders to assess systems and processes against both internal campus security policy and external compliance requirements

  • Document assessment findings and remediation plans, and present reports to campus stakeholders and external vendors

  • Provide technical advice and consultation to personnel involved with development, deployment, administration, and security of the institution's systems and services

  • Interface with the campus Controller's office advising on best practices and assisting in addressing routine issues to comply with the PCI data security standards

  • Develop and participate in documentation of campus security requirements, data and system classification, and assessment frameworks

  • Stay informed about the latest developments in the information security field and contribute to outreach efforts educating campus users on emerging threats

Time will be split between team management tasks such as portfolio management, reviewing work products, and team logistics, and directly participating in assessments and other hands-on work (no more than 50%).

Desired Competencies

We’re looking for exceptional candidates meeting the following criteria:

  • Significant (mid-career) Information Security or Compliance work experience

  • A proven track record of providing effective leadership and coordinating the differing skills, outlooks, and experiences of highly technical teams to achieve shared goals

  • Experience with and commitment to building team cohesion through the principles of inclusivity, diversity, and equality

  • Exceptionally strong written and verbal communication skills, and ability to effectively communicate across a broad range of campus audiences

  • Disciplined, organized, methodical, and demonstrable experience developing and executing project plans

  • Alignment with our campus mission of excellence in teaching, research and public service, and appreciation for how this affects our approaches to Information Security

In addition, experience and qualifications in the following areas is desired:

  • ISO 27000 and NIST (800-53, 800-171) information security standards

  • FERPA, PCI, HIPAA, FISMA compliance

  • Information risk management concepts and application

  • Application security testing practices, especially using the OWASP project materials

  • Cloud and vendor security standards and assessment frameworks (CSA, SOC 2), including vendor and contract management issues

  • UC Berkeley campus and system-wide (Office of the President) security policies and standards, or similar policies and standards in Higher Education and/or Research environments

Salary & Benefits

The salary range for the position of Information Systems Manager 1 is $111,100 - $237,900 annually, depending on qualifications and experience.  The midpoint salary is $174,500.

For information on the comprehensive benefits package offered by the University visit:

http://atyourservice.ucop.edu/forms_pubs/misc/benefits_of_belonging.pdf

 

How to Apply

1. Select the appropriate link below to access our careers site. 
2. Sign In to access your account or if you are not an existing user select the New User link to create one. 
3. Review the job description and select the Apply button to begin your application.

External Applicants click here: https://careerspub.universityofcalifornia.edu/psp/ucb/EMPLOYEE/HRMS/c/HRS_HRAM.HRS_APP_SCHJOB.GBL?Page=HRS_APP_JBPST&Action=U&SiteId=21&FOCUS=Applicant&JobOpeningId=5970&PostingSeq=1

Internal Applicants click here: https://ucpath.universityofcalifornia.edu/peoplesoft-native/EMPLOYEE/HRMS/c/HRS_HRAM_EMP.HRS_APP_SCHJOB.GBL?Page=HRS_APP_JBPST&Action=U&FOCUS=Employee&SiteId=22&JobOpeningId=5970&PostingSeq=1


Open Student Positions:

#3461618 Security Operations Assistant
To apply, go to https://career.berkeley.edu/handshake and send resume, cover letter, and schedule to jakef@berkeley.edu


Security Operations Assistant (Assistant III)
Department: Information Security and Policy
Unit: IST/OCIO
Hours: 10-15 hours/week, hours TBD
Salary: $21/hour
Duration: Ongoing
Summer commitment: Desired
Start date: ASAP
       

The Information Security Office (ISO) collaborates with partners across the Berkeley campus to monitor network activity for vulnerabilities and security incidents, assess data and systems to align in accordance with policies, provide a centralized authentication and authorization system, clarify campus obligations needed to protect data, and to educate the community in becoming a culture of security.

ISO is comprised of five teams: Policy Program Management, Service Management, Security Operations, Development and Engineering, and Security Assessments. This position is part of the Security Operations team, and reports to the Information Security Operations Manager.


The Information Security Operations team is a close-knit group of talented information security professionals performing critical information security functions for the institution, including monitoring/detection, vulnerability scanning, incident/breach response, and network registration. This position supports the activities of the Security Operations team by assisting our Operations Center analysts with management of security incidents and security-related help desk requests.


Responsibilities may include:
* Triaging incident reports, queries, and other requests to our Security email contact address (security@berkeley.edu)
* Answering Security phone tree calls and responding as appropriate
* Drafting and reviewing templates, best-practice articles, and other communications
* Route escalated alerts to tier 2 and 3 analyst support
* Assist in documenting commonly occurring issues and fixes
* Fielding customer information security question and requests via phone and email
* Documents incident status and solutions in incident database tools


Required Qualifications:
* Strong interest in the field of Information Security
* Excellent customer service skills
* Effective written communication skills
* Ability to troubleshoot
* Dependable and attentive to detail
* Ability to work autonomously on projects
* Adept in using the Google Productivity Suite


Preferred Qualifications :
* Working knowledge of key concepts in Information Security
* Awareness of campus policies, practices, and guidelines for Information Security
* Experience working in a front-line customer service or help desk role
* Familiarity with IT Service management software (RequestTracker RT, Jira, ServiceNow)
* Exposure to Information Security tools including vulnerability scanning, Security information and Event Management (SIEM) (Splunk, ArcSight, LogRhythm) or Vulnerability scanners (Nessus, Saint, NMap)


Expectations
* Maintain confidentiality and objectivity in all matters business practices and clientele
* Be responsible with staff privileges, including use of equipment and access to restricted spaces
* Work assigned hours
* Report/meet with the hiring manager to discuss the status of assigned work
* Professional workplace behavior

Applicants must be currently enrolled students at UC Berkeley.