Job Postings

Are you an Information Security professional looking for an interesting position on a dynamic team? Check out our job openings! Apply or review the complete job descriptions at jobs.berkeley.edu.

Current Job Openings


Information Security Policy Program Manager (0656U) #25353

Departmental Overview
The Information Security and Policy office (ISP) coordinates the risk management process for UC Berkeley's information systems and directs campus-wide efforts to adequately secure Institutional data. ISP is led by the Chief Information Security Officer and consists of four teams: Assessments & Compliance, Operations, Identity Management and IT Policy. The Operations team is responsible for implementing and operating detection programs and security services for the campus. The IT Policy team evaluate and formulate campus policy to safeguard information and resources. The Assessment & Compliance team evaluates information systems and manages information security compliance activities. The Identity Management team manages computing accounts, access control and identity data.

This position manages the Information Security Policy Program, and reports to the Chief Information Security Officer.

Responsibilities
This position is responsible for developing, and managing compliance with, campus IT and security policies which includes promoting policy awareness, advising campus administrators on implementation issues, interpreting policy in special circumstances, identifying new policy requirements, and providing domain expertise as needed to campus policy committees.

Key responsibilities include:
• Identifies new policy requirements; proposes, coordinates, and collaborates on the development, review, and approval of new or revised policy. Develops guidelines, best practices, and training material to inform and assist with policy implementation.
• Serves as a subject matter expert to campus committees and initiatives on significant policy issues. Works closely with other campus offices to coordinate policy development, implementation, and requirements definition
• Reviews existing policies, standards, procedures and guidelines to clarify and simplify the University policy base.
• Benchmarks Berkeley’s information security policies against industry-standard frameworks and peer institutions.
• Maintains security policies which specifically address Berkeley’s cybersecurity regulatory and compliance obligations.
• Participates in threat modeling and risk assessment initiatives to ensure the policy base stays current with the evolving threat landscape.
• Facilitates a steering committee with broad University representation to solicit input and feedback on proposed changes to information security policy.
• Contributes towards ensuring parity of security controls for Berkeley’s third-party relationships.
• Produces plain language summaries of policy suitable for various University audiences.
• Develops a network of liaisons across the University to ensure awareness of University security standards.
Required Qualifications
• Candidate must have a minimum of 5 years of experience in the areas of policy development and compliance at the analyst or manager level.
• Strong background in common security frameworks (NIST CSF, ISO 27001, SANS 20, HITRUST CSF, etc)
• Understanding of common security compliance regulations (FERPA, PCI, HIPAA, FISMA, etc)
• Written and oral communications skills essential, particularly ability to write well-crafted policy documents.
• Must be able to work at all levels of the organization, from IT technicians to Vice Chancellors.
• Ability to analyze changes in law and regulations and the impact on campus policies and practices. Experience as facilitator/mediator in building consensus for policy initiatives.
Preferred Qualifications
• CIPP, CISSP, or CISM. Experience in higher education or highly regulated industry desirable.

Salary & Benefits
For information on the comprehensive benefits package offered by the University visit:

http://ucnet.universityofcalifornia.edu/compensation-and-benefits/index....

How to Apply
Apply at jobs.berkeely.edu. Please submit your cover letter and resume as a single attachment when applying.


Information Security Assessments Specialist (0661U) #25091

Departmental Overview
The Information Security and Policy office (ISP) coordinates the risk management process for UC Berkeley's information systems and directs campus-wide efforts to adequately secure Institutional data. ISP is led by the Chief Information Security Officer and consists of four teams: Assessments & Compliance, Operations, IT Policy, and Identity and Access Management. This position is a part of the Assessments and Compliance team, and reports to the Assessments Manager.

The Assessments and Compliance team is a group of talented information security professionals delivering assessments and managing compliance activities. The team excels at investigation and analysis. As part of this program, you will encounter a wide variety of information systems that meet the needs of researchers, students, and administrators. You will have the opportunity to evaluate and critically analyze applications, networks, and systems in a complex, heterogeneous environment. Your work will have a direct and meaningful impact on data security at a world-class research institution. This position will be focused on addressing compliance obligations: NIST 800-171, GDPR, PCI DSS and the institution’s own framework.

Responsibilities
As an Information Security Assessment and Compliance Specialist, you will:
• Conduct security assessments across the institution.
• Analyze assessment results to identify risks to institutional data
• Consult with institutional stakeholders to assess systems and processes against both internal campus security policy and external compliance requirements
• Document assessment findings and remediation plans, and present reports to campus stakeholders and external vendors
• Provide technical advice and consultation to personnel involved with development, deployment, administration, and security of the institution's systems and services
• Interface with the campus Controller's office advising on best practices and assisting in addressing routine issues to comply with the PCI data security standards
• Participate in the documentation of assessment and compliance efforts including campus security requirements, guidelines, and processes
• Stay informed about the latest developments in the information security field and contribute to outreach efforts educating campus users on emerging threats
• Led efforts to leverage GRC toolset that will streamline end to end security processes reducing human error, eliminate duplication of activities, improve efficiencies and information quality

Required Qualifications
• Minimum of 5 years Information Security or compliance work experience
• General knowledge of information security topics (e.g., basic cryptographic principles, common network protocols, information systems auditing, packet analysis, intrusion detection, computer forensics, web application security, etc.)
• Excellent written and oral communication skills, including the ability to compose concise and accurate assessment reports as well as the ability to articulate key points to both technical and non-technical audiences
• Demonstrated ability to quickly understand diverse and complex business environments
• Demonstrated ability to interface with a variety of personalities
• Ability to contribute within a team of security professionals, as well as the capability to work independently with only general direction
• Knowledge of security standards such as ISO 27001 and NIST 800-53
• Bachelor's degree in related field and/or equivalent experience/training

Preferred Qualifications
• Knowledge of OWASP Top 10, CWE/SANS Top 25, or SANS Top 20 Critical Security Controls
• Familiarity with federal, state, and industry-based data security/privacy regulations
• SANS, ISC2, ISACA or Offensive Security (OSCP/OSCE) certifications
• Knowledge of static code analyzers or automated scanning tools

Salary & Benefits
For information on the comprehensive benefits package offered by the University visit:

http://ucnet.universityofcalifornia.edu/compensation-and-benefits/index....

How to Apply
Apply at jobs.berkeely.edu. Please submit your cover letter and resume as a single attachment when applying.


Junior Security Assessment Analyst (7337U) #25352

Application Review Date
The First Review Date for this job is: 8/2/2018

Departmental Overview
Information Security and Policy (ISP) provides policy and security oversight for institutional information and campus IT resources, providing a structured approach to information risk management for the campus.

The position involves assessing the security of data and systems as the primary responsibility of the position. The role plans, designs, develops, implements and maintains assessment program to insure the integrity, reliability and security of data and systems.

Responsibilities
• Applies professional IT security concepts and established procedures to select appropriate response to IT security incidents or assessment requests
• Uses professional concepts to assess security controls to prevent hackers from infiltrating campus information or jeopardizing web-based programs for the campus.
• Researches and analyzes security of systems, applications or processes and reports findings to higher level IT Security Analysts.
• Under general supervision, maintains security assessment systems and programs.
Required Qualifications
• Knowledge of systems of IT security function.
• Knowledge of industry information security, and regulatory requirements
• Knowledge relating to the design of security programs.
• Knowledge of other areas of IT.
• Knowledge of department processes and procedures or ability to learn.
• Good interpersonal skills in order to work with both technical and non-technical personnel at various levels in the organization.
• Good verbal and written communication skills.
• Good organization skills
• Bachelors degree in related area and/or equivalent experience/training

Salary & Benefits
For information on the comprehensive benefits package offered by the University visit:

http://ucnet.universityofcalifornia.edu/compensation-and-benefits/index....

How to Apply
Apply at jobs.berkeely.edu. Please submit your cover letter and resume as a single attachment when applying.