Information Security Governance Analyst

The UCLA Information Security Office enables UCLA's goals by providing leadership assuring the confidentiality, integrity, and availability of its information resources. The Information Security Office enables efficient incident response planning and notification procedures. In addition, the office aims to implement risk assessment strategies to identify vulnerabilities and threats to departmental information resources and enterprise systems. This includes executing a comprehensive UCLA IT security plan, which involves proposing, delivering, and enforcing administrative, technical, and physical security measures to tackle identified risks based on their sensitivity or criticality.

The Information Security Governance, Risk Management, and Compliance team develops institutional security policies, standards, procedures, compliance guidelines, strategies, requirements, and documentation for all administrative and academic units, departments, and teams. The team also develops, deploys, and manages security education and training.

The Information Security Governance Analyst will be responsible for ensuring the security and integrity of the university's information technology systems and data via effective governance. The Information Security Governance Analyst will support initiatives to develop, implement, and maintain information security governance frameworks, policies, and procedures to protect the university's information assets and ensure compliance with industry standards and regulations. The Security Analyst will work closely with various stakeholders to assess security risks, develop security strategies, monitor security incidents and vulnerabilities, and oversee governance-related activities. This role will help proselytize governance, risk and compliance to support and drive a culture of proactively managing cyber risk for the UCLA Campus.

The Information Security Governance Analyst will positively impact UCLA's operations and culture by protecting University stakeholders' to effectively implement and maintain UCLA's GRC framework, ensuring compliance with relevant regulations and standards, and providing insightful analysis of risk and control data. This team member will advance the University's mission by delivering exceptional security service comprehensively and consistently across faculty, staff, and students. This role will execute UCLA's vision while modeling UCLA's culture and values.

Percentage of Time:
100%

Shift Start:
8:00 am

Shift End:
5:00 pm

Qualifications for Position

18
Records

Qualifications

Required/Preferred

Three years of experience working in one or more of the following fields: computer science, cybersecurity, computer information systems and performing technical assessments in direct support of a major compliance efforts, such as PCI, GDPR, NIST- CSF, ISO 27001, CMMC, FISMA, FedRAMP, or related field.

Required

Proven experience working in IT security governance or a related role, preferably in an educational or large organizational setting.

Required

Strong knowledge of security governance frameworks and standards such as ISO 27001, NIST, or COBIT. Strong understanding of security governance principles, including policy development, security controls, risk management, and incident response.

Required

Proficiency in conducting security risk assessments and developing risk mitigation strategies.

Required

Strong written and verbal communication skills and is able to communicate technical information and ideas to a diverse community of colleagues and stakeholders. Can relay technical information to audiences of technical and non-technical stakeholders.

Required

Able to establish and advance positive working relationships and a strong rapport with team members, stakeholders, and customers.

Required

Proven organizational skills and is able to balance competing priorities and deliver concurrent projects to various stakeholder types. Experience working in a project-based environment using leading project management practices including schedule management, status reporting, and communication of project risks and issues.

Required

Strong demonstrated problem-solving skills; scopes solutions based on knowledge of available resources and timelines. Able to ask questions, gather information, evaluate options, and make decisions with integrity.

Required

Experience participating in activities to advance an inclusive environment that values equity, diversity, inclusion and belonging.

Required

Thinks creatively and introduces innovations such as the incorporation of new technologies or processes. Thrives in an ever-changing, fast-paced environment.

Required

Knowledge of IT security and demonstrated skill in the design and development of diverse and complex security policies and procedures.

Required

Bachelor's degree or equivalent combination of experience/training in one or more of the following fields: information technology, cybersecurity, computer science, engineering, public administration, business administration, communications, or related field.

Required

Five or more years of experience working in one or more of the following fields: computer science, cybersecurity, computer information systems, etc.

Preferred

Experience in complex higher education environments, serving academic and administrative functions of a large public university.

Preferred

Bachelor's degree in one or more of the following fields: information technology, cybersecurity, computer science, engineering, public administration, business administration, communications.

Preferred

Certified Information Security Manager (CISM)

Preferred

Certified Information Systems Auditor (CISA)

Preferred

Certified Information System Security Professional (CISSP)

Preferred

Additional Posting Information

Bargaining Unit:
99-Policy Covered

Application Deadline:
04-05-2024

External Posting Date: