Open Staff Positions:
The Information Security Office (ISO) coordinates the risk management process for UC Berkeley's information systems and directs campus-wide efforts to adequately secure Institutional data. ISO is led by the Chief Information Security Officer and consists of: Policy and Outreach, Security Operations, Identity, Development & Engineering, and Security Assessments. This position manages the Security Assessments Team, and reports to the Associate Chief Information Security Officer.
The Office of the CIO and Information Services & Technology (OCIO/IST) believe in and foster a workplace environment where people can bring their diverse skills, perspectives and experiences toward achieving our goals through a process of critical inquiry, discovery, innovation, while simultaneously committing to making positive contributions towards the betterment of our world.
In addition, members of the OCIO/IST community have created and endorse the following values for our organization to augment and amplify the campus principles:
We champion diversity.
We act with integrity.
Diversity, Inclusion, and Belonging are more than just suggestions for us. They are the guiding principles underlying how we come together, develop leaders at all levels of the organization, and create an environment that unites us. We affirm the dignity of all individuals, call upon our leaders to address critical issues with integrity and intention, respect our differences as well as our commonalities, and strive to uphold a just community free from discrimination and hate.
The Security Assessments Team is a talented, and high-performing team of Information Security professionals dedicated to reducing institutional risk through the critical analysis of information technology systems. As manager of this highly technical group, this position will reduce institutional risk through coordinating critical analysis of these applications, networks, and systems in a complex, heterogeneous environment. The work will have a direct and meaningful impact on information security at a world-class research institution.
- Makes recommendations to senior management regarding issues of privacy, security and compliance for departments or the entire campus. Analyzes the needs of functional departments and helps to establish priorities for feasibility studies and assess systems and processes against both internal campus security policy and external compliance requirements.
- Directly manages communication and awareness methods to drive and integrate campus-wide IT privacy and security strategies to reach all constituents, faculty, staff, students and affiliates. Coordinates with functional departments involved in system requirements, techniques, and controls; including application of campus security requirements, data and system classification, and assessment frameworks.
- Manages campus, compliance with privacy and security regulations. Administers IT policies that directly affect subordinate employees and proposes or assists in the development of Campus policy related to Security Assessment engagements across the institution.
- Manages programs, projects and activities to support UC policy on stewardship of electronic resources campus-wide. Using a risk-based approach, establish goals, direction, and scheduling for Assessments Team workload and job assignments.
- Monitors and manages the daily operation of department / section through subordinate supervisors, the coordination of activities of a department with responsibility for results in terms of costs, methods, and employees. Develops and monitors operational and budget processes, staff FTE, finances, human resources, and space planning.
- Manages and recommends changes to policies which affect the department.
- May serve as the campus authority and representative in campuswide, systemwide or national meetings regarding privacy, security, policy, and communication expertise in the area of security assessments and vendor reviews.
- Interacts with law enforcement, Human Resources, Academic Personnel, Student Affairs across the campus on issues of significance that involve compliance of campus' electronic information resources.
- Broad knowledge of information technology security functional areas and as it relates to student data; health information; research subjects; finance; including credit card and loan transactions; management of IT resources and applications; and general computer use practices.
- Knowledge of procedures for budget and account management.
- Demonstrated understanding of privacy and security regulations and best practices, including federal and state laws, policies and standards, as well as extensive knowledge about a wide range of privacy / security regulations relevant to higher education.
- Demonstrated communication skills with project teams, stakeholders, and external contacts including both technical and non-technical audiences.
- Demonstrated ability to change the thinking of, or gain acceptance from, others in sensitive situations, without damage to the relationship.
- Broad knowledge of subject area sufficient for strategic planning, technology assessment and direction.
- Demonstrated experience managing technical staff.
- Experienced in leading change management activities and managing their impact within the department.
- Broad knowledge of technical concepts and basic operating principles of data communications, computer hardware, vendor IT products, and software.
- Demonstrated oral and written communication skills, including the ability to effectively present technical topics to large groups with potentially varied levels of technical sophistication.
- The ability to work effectively with a diverse group of employees and embraces unique viewpoints and outlooks.
- Strong communication skills and effective conflict resolution.
- Bachelor's degree in related area and/or equivalent experience/training
The successful candidate will have a thorough knowledge of many of the following areas:
- ISO 27000 and NIST (800-53, 800-171) information security standards
- FERPA, PCI, HIPAA, FISMA compliance
- Information risk management concepts and application
- Application security testing practices, especially using the OWASP project materials
- Cloud and vendor security standards and assessment frameworks (CSA, SOC 2), including vendor and contract management issues
In addition, the following competencies are required:
- Significant (mid-career) Information Security or Compliance work experience
- A proven track record of providing effective leadership and coordinating the differing skills, outlooks, and experiences of highly technical teams to achieve shared goals
- Experience with and commitment to building team cohesion through the principles of inclusivity, diversity, and equality
- Exceptionally strong written and verbal communication skills, and ability to effectively communicate across a broad range of campus audiences
- Disciplined, organized, methodical, and demonstrable experience developing and executing project plans
- Alignment with our campus mission of excellence in teaching, research and public service, and appreciation for how this affects our approaches to Information Security
UC Berkeley campus and system-wide (Office of the President) security policies and standards, or similar policies and standards in Higher Education and/or Research environments
Minimum of 2 years of experience managing an information technology organization.
Salary & Benefits
Salary commensurate with experience. For information on the comprehensive benefits package offered by the University visit:
How to Apply
Please submit your cover letter and resume as a single attachment when applying.
Please include, as part of your application a brief (1-2 paragraph) statement on your contributions to diversity, equity, inclusion, and belonging in your professional experience.
Advancing diversity, equity, and inclusion are fundamental to our UC Berkeley Principles of Community, which states that "every member of the UC Berkeley community has a role in sustaining a safe, caring, and humane environment in which these values can thrive."
The minimum posting duration of this position is 14 calendar days. The department will not initiate the application review process prior to May 6, 2021.
Conviction History Background
This is a designated position requiring fingerprinting and a background check due to the nature of the job responsibilities. Berkeley does hire people with conviction histories and reviews information received in the context of the job responsibilities. The University reserves the right to make employment contingent upon successful completion of the background check.
Equal Employment Opportunity
The University of California is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status. For more information about your rights as an applicant see:
For the complete University of California nondiscrimination and affirmative action policy see: