The University of Southern California (USC) department of Information Technology Services (ITS) is seeking a Senior Information Security Risk Management Analyst Â with an exceptional commitment to service excellence to join its team.
Â Â Â
Â As the Senior Information Security Risk Management Analyst Â you will be an integral member of the Office of the Chief Information Security Officer (OCISO): Governance, Risk, and Compliance (GRC) unit, collaborating with diverse and talented team members to help solve multidimensional information technology problems, improve customer experience, and generate value for our campus stakeholders across a broad base of departments and constituencies.Â
THE WORK YOU WILL DOÂ
The SeniorSecurity Risk Management Analyst is responsible for analyzing documented practices pertaining to risk compliance; monitors compliance actions to ensure systems, data and configuration management are in accordance with internal security, provides comprehensive systems and data analyses that are used to record and maintain security plans. The Senior Security Risk Management Analyst plays an integral role in internal and external security audits, evaluates proposed changes to all systems, and ensures proper protection and/or corrective measures are taken when incidents or vulnerabilities are discovered.
The Senior Information Security Risk Management Analyst :
As a part of the GRC team, provides risk mediation, drafts mitigation or escalation plans, and ensures compliance is met. In coordination with the Information Security team and the Office of Compliance, addresses non-compliance to established information security practices across the University and analyzes plans of action developed with risk owners.
Establishes and maintains comprehensive systems and data security analyses practices, and uses data taken from ongoing analyses to create concise documentation. Monitors compliance actions within an approved compliance tracking system, continually reviewing against regulations, policies and laws related to university business.
Analyzes data stored in multiple systems to ensure integrity of plans, and adherence to established university security internal security policies and practices outlined in the Â Governance, Risk and Compliance program.
Establishes and evaluates configuration management programs for security relevant software, hardware and firmware for maintenance and documentation, in accordance with the GRC program.
Develops and oversees relevancy and accessibility of all internal GRC information security-related documentation in a knowledgebase lifecycle and configuration database. By way of lifecycle review and minor data entry, creates and analyzes records maintained for workstations, software, servers, routers, firewalls, network switches, and equipment; ensures all information system security related documentation is current and accessible to properly authorized individuals.
Analyzes and reviews proposed changes and additions to USCâs information systems, advising the GRC program of their security relevance, and provides input in internal and external security audits, performing risk assessments as assigned.
Probes to ensure proper protection and/or corrective measures have been taken when an incident or vulnerability has been discovered.
Audits Information Systems Security Plans, and develops, implements and enforces Information Security Policies and Procedures together with the Policy team.
Creates, monitors, analyzes and measures risk treatment activities through the security metrics program.
Maintains awareness and knowledge of current changes within legal, regulatory, and technology environments which may affect operations. Ensures senior management and staff are informed of any changes and updates in a timely manner. Establishes and maintains appropriate network of professional contacts. Maintains membership in appropriate professional organizations and publications. Attends meetings, seminars and conferences and maintains continuity of any required or desirable certifications, if applicable.
Performs other related duties as assigned or requested. The university reserves the right to add or change duties at any time.
The ideal candidate for the position of Senior Information Security Risk Management Analyst Â has the following qualifications:Â
6+ yearsâ experience in Information Security
Professional related credentials (e.g., Certified Information Security Auditor (CISA), Certified Information System Security Professional, Certified in the Governance of Enterprise IT [CGEIT], etc.)
Strong understanding of applicable and accepted audit and risk frameworks (e.g., COBIT, NIST, ISO) and government guidelines and laws (e.g., FERPA, HIPAA)
Experienced in presenting to management
Strong interviewing skills and ability to adapt communication style based on stakeholder preferences. In-depth experience in system hardening, analysis and vulnerability management
Proficient in Windows, Linux, and Mac OS. Experienced in Federated or decentralized environments
Communication -- written and oral skills Interpretation of policies/analyses/trends/etc. Knowledge of applicable laws/policies/principles/etc. Problem identification and resolution Project management Scheduling
Configuration management Database administration and management Database and application security Groupware applications Incident/problem management Network administration reporting Network communications technologies
Network security access, management and testing Network systems/data backup, storage and recovery Server security policies and procedures, access management Technical documentation Technical training and instructional design
Â Quick learner, relationship manager, problem solver
MINIMUM QUALIFICATIONSÂ Â
Candidates for the position of Senior Information Security Risk Management Analyst Â must meet the following qualifications:Â
Bachelor's degree; however, combined experience/education as substitute for minimum education
5 yearsâ experience in Information Security
Understanding of regulatory requirements (e.g., GLBA, PCI, FERPA, HIPAA, etc.)
Â Broad breadth of technical skills and experience in IT, security and privacy
Knowledgeable of information security across all security domains and the relationship between threats, vulnerabilities and information value in the context of risk management
Experience in risk management, audit, assessment and/or internal controls
Experience with legal and regulatory requirements and industry security frameworks
Experience performing information security risk assessments and risk analysis
THE ITS TEAMÂ
The ITS vision aligns strategy, business, and services; affirms ITS cultural values; empowers cross-functional teamwork; embraces world-class best practices; and promotes innovation, excellence, agility, and efficiency. To achieve this vision, ITS is committed to providing a modern technology infrastructure that is resilient and delivers the performance necessary to meet the demands of a growing customer base, training in the latest technologies for its highly productive and motivated workforce, outstanding customer experience, and technology services that are aligned with the universityâs mission to provide exceptional learning opportunities for students. ITS is creating a workplace where employees can develop cutting-edge skills, take pride in the services they provide, and have access to the roles and career paths that align to their abilities and potential.Â We are looking for top talent to join us on our journey.Â
USCâs ITS organization represents a diverse and talented team, committed to supporting a collaborative culture and delivering secure and innovative IT services that are core to the mission of the university. We are also committed to creating and maintaining meaningful partnerships across the university. At ITS, we act with integrity in the pursuit of excellence; embrace diversity, equity and inclusion; promote well-being; engage in open two-way communication and are accountable for living our values. ITS strives for a supportive and inclusive culture that encourages employees to do their best work every day and where individuals are recognized and celebrated for their contributions.Â
USC is the leading private research university in Los Angelesâa global center for arts, technology, and international business. With more than 47,500 students, we are located primarily in Los Angeles but also in various US and global satellite locations. As the largest private employer in Los Angeles, responsible for $8 billion annually in economic activity in the region, we offer the opportunity to work in a dynamic and diverse environment, in careers that span a broad spectrum of talents and skills across a variety of academic and professional schools and administrative units. As a USC employee and member of the Trojan Familyâthe faculty, staff, students, and alumni who make USC a great place to workâyou will enjoy excellent benefits, including a variety of well-being programs designed to help individuals achieve work-life balance. USC values diversity and is committed to equal opportunity in employment.Â
Come join the USC ITS team and work as a trusted partner in shaping an environment of innovation and excellence. Apply today!
MINIMUM QUALIFICATIONS Candidates for the position of Senior Information Security Risk Management Analyst must meet the following qualifications: â¢ Bachelor's degree; however, combined experience/education as substitute for minimum educationâ¢ 5 yearsâ experience in Information Securityâ¢ Understanding of regulatory requirements (e.g., GLBA, PCI, FERPA, HIPAA, etc.)â¢ Broad breadth of technical skills and experience in IT, security and privacyâ¢ Knowledgeable of information security across all security domains and the relationship between threats, vulnerabilities and information value in the context of risk managementâ¢ Experience in risk management, audit, assessment and/or internal controlsâ¢ Experience with legal and regulatory requirements and industry security frameworksâ¢ Experience performing information security risk assessments and risk analysis
USC is the leading private research university in Los Angeles—a global center for arts, technology and international business. With more than 47,500 students, we are located primarily in Los Angeles but also in various US and global satellite locations. As the largest private employer in Los Angeles, responsible for $8 billion annually in economic activity in the region, we offer the opportunity to work in a dynamic and diverse environment, in careers that span a broad spectrum of talents and skills across a variety of academic and professional schools and administrative units. As a USC employee and member of the Trojan Family—the faculty, staff, students, and alumni who make USC a great place to work—you will enjoy excellent benefits, including a variety of well-being programs designed to help individuals achieve work-life balance.