It Security Risk Analyst

The UCLA Information Security Office is a group that operates within UCLA IT Services and has campus-wide input and oversight on a variety of security and policy matters relating to the protection of the University's information resources. Broadly, the UCLA Information Security Office exists to facilitate the following:

• Executing a UCLA IT security plan, including recommending administrative, technical, and physical security measures to address identified risks relative to their sensitivity or criticality.
• Risk assessment strategies to identify vulnerabilities and threats to departmental information resources as well as major enterprise systems, and

The IT Security Risk Analyst is responsible for ensuring the success of UCLA's Cybersecurity Risk Management strategy. As part of the Governance Risk & Compliance (GRC) team this role will work closely with business stakeholders, technology experts, cybersecurity professionals, Senior IT Security Risk Analysts, and industry partners to ensure policies, procedures, and technology systems align with UCLA's goals and compliance requirements to support and drive a culture of proactively managing cyber risk. This role will help proselytize governance, risk and compliance to support and drive a culture of proactively managing cyber risk for the UCLA Campus. This individual will support and coordinate risk assessments in the areas of IT, information security, risk management & compliance. They will also support remediation of non-compliant areas of IT. Additionally, they will support the development and implementation of IT security awareness programs for both technical and non-technical audiences.
The IT Security Risk Analyst will positively impact UCLA's operations and culture by protecting University stakeholders' to effectively implement and maintain UCLA's GRC framework, ensuring compliance with relevant regulations and standards, and providing insightful analysis of risk and control data. This team member will advance the University's mission by delivering exceptional security service comprehensively and consistently across faculty, staff, and students. This role will execute UCLA's vision while modeling UCLA's culture and values.
Percentage of Time:
100
Shift Start:
8:00 am
Shift End:
5:00 pm
Qualifications for Position
18
Records
Qualifications
Required/Preferred
Bachelor's Degree or equivalent combination of experience/training in one or more of the following fields: information technology, cybersecurity, computer science, engineering, public administration, business administration, communications.
Required
5+ years of experience working in one or more of the following fields: computer science, cybersecurity, computer information systems and performing technical assessments in direct support of a major compliance efforts, such as PCI, GDPR, NIST- CSF, ISO 27001, CMMC, FISMA, FedRAMP, etc.
Required
Experience using IT security systems and tools.
Required
Demonstrated skills applying security controls to computer software and hardware. Demonstrated skill with applying complex security controls and configurations to computer hardware, software and networks.
Required
Experience in performing risk, privacy, and data protection impact analyses, vendor reviews and maintaining records of processing.
Required
Strong written and verbal communication skills and is able to communicate technical information and ideas to a diverse community of colleagues and stakeholders. Can relay technical information to audiences of technical and non-technical stakeholders.
Required
Able to establish and advance positive working relationships and a strong rapport with team members, stakeholders, and customers.
Required
Proven organizational skills and is able to balance competing priorities and deliver concurrent projects to various stakeholder types. Experience working in a project-based environment using leading project management practices including schedule management, status reporting, and communication of project risks and issues.
Required
Strong demonstrated problem-solving skills; scopes solutions based on knowledge of available resources and timelines. Able to ask questions, gather information, evaluate options, and make decisions with integrity.
Required
Experience participating in activities to advance an inclusive environment that values equity, diversity, inclusion and belonging.
Required
Thinks creatively and introduces innovations such as the incorporation of new technologies or processes. Thrives in an ever-changing, fast-paced environment.
Required
Advanced degree in one or more of the following fields: information technology, cybersecurity, computer science, engineering, public administration, business administration, communications.
Preferred
7+ years of experience working in one or more of the following fields: computer science, cybersecurity, computer information systems, etc.
Preferred
Experience in complex higher education environments, serving academic and administrative functions of a large public university.
Preferred
Experience with the Department of Defense (DOD) SPRS system, including entering and managing organization scores. Experience with governance, risk, and compliance (GRC) or vendor management tools. Experience working with and handling materials marked CUI.
Can be trained
Certified Information Security Manager (CISM)
Preferred
Certified Information Systems Auditor (CISA)
Preferred
Certified Information System Security Professional (CISSP)
Preferred
Additional Posting Information
Bargaining Unit:
99-Policy Covered
Application Deadline:
05-31-2023
External Posting Date: