The University of California, Berkeley, is one of the world's most iconic teaching and research institutions. Since 1868, Berkeley has fueled a perpetual renaissance, generating unparalleled intellectual, economic and social value in California, the United States and the world. Berkeley's culture of openness, freedom and acceptance—academic and artistic, political and cultural—make it a very special place for students, faculty and staff.
Berkeley is committed to hiring and developing staff who want to work in a high performing culture that supports the outstanding work of our faculty and students. In deciding whether to apply for a staff position at Berkeley, candidates are strongly encouraged to consider the alignment of the Berkeley Workplace Culture with their potential for success at http://jobs.berkeley.edu/why-berkeley.html.
The Information Security and Policy office (ISP) coordinates the risk management process for UC Berkeley's information systems and directs campus-wide efforts to adequately secure Institutional data. ISP is led by the Chief Information Security Officer and consists of four teams: Assessments & Compliance, Operations, IT Policy, and Identity and Access Management. This position is a part of the Assessments and Compliance team, and reports to the Assessments Manager.
The Assessments and Compliance team is a group of talented information security professionals delivering assessments and managing compliance activities. The team excels at investigation and analysis. As part of this program, you will encounter a wide variety of information systems that meet the needs of researchers, students, and administrators. You will have the opportunity to evaluate and critically analyze applications, networks, and systems in a complex, heterogeneous environment. Your work will have a direct and meaningful impact on data security at a world-class research institution. This position will be focused on addressing compliance obligations: NIST 800-171, GDPR, PCI DSS and the institution's own framework.
As an Information Security Assessment and Compliance Specialist, you will: • Conduct security assessments across the institution. • Analyze assessment results to identify risks to institutional data • Consult with institutional stakeholders to assess systems and processes against both internal campus security policy and external compliance requirements • Document assessment findings and remediation plans, and present reports to campus stakeholders and external vendors • Provide technical advice and consultation to personnel involved with development, deployment, administration, and security of the institution's systems and services • Interface with the campus Controller's office advising on best practices and assisting in addressing routine issues to comply with the PCI data security standards • Participate in the documentation of assessment and compliance efforts including campus security requirements, guidelines, and processes • Stay informed about the latest developments in the information security field and contribute to outreach efforts educating campus users on emerging threats • Led efforts to leverage GRC toolset that will streamline end to end security processes reducing human error, eliminate duplication of activities, improve efficiencies and information quality
• Minimum of 5 years Information Security or compliance work experience • General knowledge of information security topics (e.g., basic cryptographic principles, common network protocols, information systems auditing, packet analysis, intrusion detection, computer forensics, web application security, etc.) • Excellent written and oral communication skills, including the ability to compose concise and accurate assessment reports as well as the ability to articulate key points to both technical and non-technical audiences • Demonstrated ability to quickly understand diverse and complex business environments • Demonstrated ability to interface with a variety of personalities • Ability to contribute within a team of security professionals, as well as the capability to work independently with only general direction • Knowledge of security standards such as ISO 27001 and NIST 800-53 • Bachelor's degree in related field and/or equivalent experience/training
• Knowledge of OWASP Top 10, CWE/SANS Top 25, or SANS Top 20 Critical Security Controls • Familiarity with federal, state, and industry-based data security/privacy regulations • SANS, ISC2, ISACA or Offensive Security (OSCP/OSCE) certifications • Knowledge of static code analyzers or automated scanning tools
Salary & Benefits
For information on the comprehensive benefits package offered by the University visit:
Please submit your cover letter and resume as a single attachment when applying.
Conviction History Background
This is a designated position requiring fingerprinting and a background check due to the nature of the job responsibilities. Berkeley does hire people with conviction histories and reviews information received in the context of the job responsibilities. The University reserves the right to make employment contingent upon successful completion of the background check. Equal Employment Opportunity