Information Security Policy Program Manager (0656U) 25353
University of California, Berkeley
July 31, 2018
Full Time - Experienced
Job Title: Information Security Policy Program Manager (0656U) #25353
Job ID: 25353
Location: Main Campus-Berkeley
Full/Part Time: Full-Time
Department Info Svcs & Tech Imm Office
The University of California, Berkeley, is one of the world's most iconic teaching and research institutions. Since 1868, Berkeley has fueled a perpetual renaissance, generating unparalleled intellectual, economic and social value in California, the United States and the world. Berkeley's culture of openness, freedom and acceptance—academic and artistic, political and cultural—make it a very special place for students, faculty and staff.
Berkeley is committed to hiring and developing staff who want to work in a high performing culture that supports the outstanding work of our faculty and students. In deciding whether to apply for a staff position at Berkeley, candidates are strongly encouraged to consider the alignment of the Berkeley Workplace Culture with their potential for success at http://jobs.berkeley.edu/why-berkeley.html.
The Information Security and Policy office (ISP) coordinates the risk management process for UC Berkeley's information systems and directs campus-wide efforts to adequately secure Institutional data. ISP is led by the Chief Information Security Officer and consists of four teams: Assessments & Compliance, Operations, Identity Management and IT Policy. The Operations team is responsible for implementing and operating detection programs and security services for the campus. The IT Policy team evaluate and formulate campus policy to safeguard information and resources. The Assessment & Compliance team evaluates information systems and manages information security compliance activities. The Identity Management team manages computing accounts, access control and identity data.
This position manages the Information Security Policy Program, and reports to the Chief Information Security Officer.
This position is responsible for developing, and managing compliance with, campus IT and security policies which includes promoting policy awareness, advising campus administrators on implementation issues, interpreting policy in special circumstances, identifying new policy requirements, and providing domain expertise as needed to campus policy committees.
Key responsibilities include:
Identifies new policy requirements; proposes, coordinates, and collaborates on the development, review, and approval of new or revised policy. Develops guidelines, best practices, and training material to inform and assist with policy implementation.
Serves as a subject matter expert to campus committees and initiatives on significant policy issues. Works closely with other campus offices to coordinate policy development, implementation, and requirements definition
Reviews existing policies, standards, procedures and guidelines to clarify and simplify the University policy base.
Benchmarks Berkeley's information security policies against industry-standard frameworks and peer institutions.
Maintains security policies which specifically address Berkeley's cybersecurity regulatory and compliance obligations.
Participates in threat modeling and risk assessment initiatives to ensure the policy base stays current with the evolving threat landscape.
Facilitates a steering committee with broad University representation to solicit input and feedback on proposed changes to information security policy.
Contributes towards ensuring parity of security controls for Berkeley's third-party relationships.
Produces plain language summaries of policy suitable for various University audiences.
Develops a network of liaisons across the University to ensure awareness of University security standards.
Candidate must have a minimum of 5 years of experience in the areas of policy development and compliance at the analyst or manager level.
Strong background in common security frameworks (NIST CSF, ISO 27001, SANS 20, HITRUST CSF, etc)
Understanding of common security compliance regulations (FERPA, PCI, HIPAA, FISMA, etc)
Written and oral communications skills essential, particularly ability to write well-crafted policy documents.
Must be able to work at all levels of the organization, from IT technicians to Vice Chancellors.
Ability to analyze changes in law and regulations and the impact on campus policies and practices. Experience as facilitator/mediator in building consensus for policy initiatives.
CIPP, CISSP, or CISM. Experience in higher education or highly regulated industry desirable.
Salary & Benefits
For information on the comprehensive benefits package offered by the University visit:
Please submit your cover letter and resume as a single attachment when applying.
Conviction History Background
This is a designated position requiring fingerprinting and a background check due to the nature of the job responsibilities. Berkeley does hire people with conviction histories and reviews information received in the context of the job responsibilities. The University reserves the right to make employment contingent upon successful completion of the background check.