Posting Salary: The recommended hiring range is $125,000 to $150,000 commensurate with experience.
Position Summary: This position can be located at any of our 10 campuses throughout California.
The University of California is a premier higher education system spanning 10 campuses, 5 nationally ranked academic health systems and a national research laboratory. With over 238,000 students, over 190,000 employees, and over $27 billion dollars in revenue, the University represents a complex, diverse organization that stands as a leader in teaching, research, public service and patient care throughout California and the world. Critical to the success of the University is an effective cybersecurity program that works to ensure the adequate protection of information systems and data.
As a Cybersecurity Audit Specialist, you will join a highly specialized team that is responsible for conducting audits and advisory service projects to provide independent assurance that cybersecurity controls are implemented adequately and as designed to effectively reduce cyber risks.
The extensive and diverse nature of operations across the UC system provides a unique opportunity to work with a broad variety of systems, networks, and data. You'll use the most complex and advanced analysis techniques which require an extensive understanding of cybersecurity technical controls, IT networks, and systems. You will execute cybersecurity focused internal audit, advisory, and compliance projects leveraging established standards and a broad knowledge of industry regulations and best practice frameworks including NIST, ISO, COBIT, HIPAA, CIS Critical Security Controls and other guidance. In addition, you will have deep knowledge and experience working with network configurations, protocols, operating systems, software, and web applications, etc. to identify vulnerabilities, and assess risk and IT control effectiveness. You will be expected to leverage this expertise, combined with frameworks, regulations, and other guidance, to evaluate cybersecurity posture of an organization.
Essential to your success in this role will be strong analytic and IT technical skills to evaluate highly complex and diverse IT systems while maintaining the ability to understand and relate the risks to the organization's overall security posture.
Applicants will be expected to have a bachelor's degree in a related area and a minimum of ten years relevant experience, and/or equivalent experience/training. You will also be required to have a professional specialized certification, preferably industry security or audit certification (e.g., CISSP, CISA, GIAC).
Special Conditions of Employment: Travel outside of normal business hours
Duty 1: Performs cybersecurity audit projects as part of the cybersecurity audit team that require the most complex and advanced analysis techniques, including an extensive understanding of cybersecurity technical controls, IT networks, and systems. Executes cybersecurity-focused internal audit and compliance projects leveraging established standards and a broad knowledge of industry regulations and best practice frameworks including NIST, ISO, COBIT, HIPAA and other guidance. Performs detailed evaluations of technical controls and configuration of networks and systems requiring a deep knowledge of a wide variety of IT systems, networks and security controls, including the use of specialized software such as vulnerability scanning and/or network mapping tools. Leverages extensive understanding of IT technologies, cybersecurity risks, and controls to develop effective audit approaches that identify the highest risk issues and advise leadership on the best approach for addressing the identified issues from the audit. Function:1 Percent: 55
Duty 2: In an advisory role, develops audit and compliance control frameworks to monitor IT production environments for potential system integrity exposure and control weaknesses. Function:2 Percent: 20
Duty 3: Develops formal written reports to communicate complex and often times highly technical audit and compliance results to all levels of management, and makes recommendations as appropriate. Function:3 Percent: 10
Duty 4: May oversee other audit and compliance personnel and/or independently manage specialized cybersecurity audit and compliance programs on a project basis. Function:4 Percent: 10
Duty 5: Conducts and leads investigations. Function:5 Percent: 5
Job Requirements Bachelor's degree in related area and a minimum of ten years relevant experience, and/or equivalent experience/training. Required
Professional specialized certification required. Prefer industry security and/or audit certification (e.g., CISSP, CISA, GIAC) Required
Has thorough knowledge of finance, accounting, business and systems operations.
Has advanced audit and compliance related knowledge and skills.
Requires the ability to gather, organize, analyze, and report on findings and recommendations that are complex in nature.
Must be able to communicate complex information to all levels of management and administrators in a clear and concise manner both written and verbal.
Familiarity and experience using network scanning and vulnerability assessment tools to evaluate system configurations, vulnerabilities, and assess them against security standards.
Knowledge and experience working with network configurations including TCP/IP and UDP networking protocols to identify vulnerabilities, and assess risk and IT controls (e.g. firewalls) effectiveness.
Familiarity and experience working with various IT security control frameworks and guidance such as NIST, CIS, ISO, CoBIT and others to evaluate cybersecurity posture of an organization.
Strong analytic and IT technical skills to evaluate highly complex and diverse IT systems while maintaining the ability to understand and relate the risks to the organization's overall security posture.
Knowledge and experience performing assessments and audits in large diverse IT organizations with multiple software and hardware environments with distributed oversight.
Excellent interpersonal and communication skills to work independently with all levels of University personnel, including management and faculty, and to facilitate agreement on issues and corrective actions. Required
Familiarity and experience working in healthcare.
Familiarity and experience working in higher education.
Experience in IT security or IT operations. Preferred
About us The University of California, one of the largest and most acclaimed institutions of higher learning in the world, is dedicated to excellence in teaching, research and public service. The University of California Office of the President is the corporate headquarters to the ten campuses, five medical centers and three Department of Energy National Labs and enrolls premier students from California, the nation and the world.
The University of California is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, age or protected veteran status.