Information Security Assessment Analyst (0661U) 23390
At the University of California, Berkeley, we are committed to creating a community that fosters equity of experience and opportunity, and ensures that students, faculty, and staff of all backgrounds feel safe, welcome and included. Our culture of openness, freedom and belonging make it a special place for students, faculty and staff.
The University of California, Berkeley, is one of the world's leading institutions of higher education, distinguished by its combination of internationally recognized academic and research excellence; the transformative opportunity it provides to a large and diverse student body; its public mission and commitment to equity and social justice; and its roots in the California experience, animated by such values as innovation, questioning the status quo, and respect for the environment and nature. Since its founding in 1868, Berkeley has fueled a perpetual renaissance, generating unparalleled intellectual, economic and social value in California, the United States and the world.
We are looking for equity-minded applicants who represent the full diversity of California and who demonstrate a sensitivity to and understanding of the diverse academic, socioeconomic, cultural, disability, gender identity, sexual orientation, and ethnic backgrounds present in our community. When you join the team at Berkeley, you can expect to be part of an inclusive, innovative and equity-focused community that approaches higher education as a matter of social justice that requires broad collaboration among faculty, staff, students and community partners. In deciding whether to apply for a position at Berkeley, you are strongly encouraged to consider whether your values align with our Guiding Values and Principles
, our Principles of Community
, and our Strategic Plan.
The Information Security Office (ISO) coordinates the risk management process for UC Berkeley's information systems and directs campus-wide efforts to adequately secure Institutional data. ISO is led by the Chief Information Security Officer and consists of five teams: Policy and Outreach, Security Operations, Development and Engineering, Identity Management, and Security Assessments. This position is part of the Security Assessments team and reports to the Security Assessments Supervisor.
The Office of the CIO and Information Services & Technology (OCIO/IST) believe in and foster a workplace environment where people can bring their diverse skills, perspectives and experiences toward achieving our goals through a process of critical inquiry, discovery, innovation, while simultaneously committing to making positive contributions towards the betterment of our world.
In addition, members of the OCIO/IST community have created and endorse the following values for our organization to augment and amplify the campus principles:
We champion diversity.
We act with integrity.
Diversity, Inclusion, and Belonging are more than just suggestions for us. They are the guiding principles underlying how we come together, develop leaders at all levels of the organization, and create an environment that unites us. We affirm the dignity of all individuals, call upon our leaders to address critical issues with integrity and intention, respect our differences as well as our commonalities, and strive to uphold a just community free from discrimination and hate.
The Information Security Assessments team is a close-knit group of talented information security professionals delivering assessments and managing compliance activities. The team excels at risk identification, assessment, and consulting with risk owners to recommend risk responses. As part of this highly technical group, you will encounter a wide variety of information systems that meet the needs of researchers, students, and administrators. You will have the opportunity to evaluate and critically analyze applications, networks, and systems in a complex, heterogeneous environment. Your work will have a direct and meaningful impact on data security at a world-class research institution.
Key responsibilities include:
- Conduct security risk assessments across the institution including vendor, application, compliance, and research
- Analyze assessment results to identify risks to institutional data
- Consult with institutional stakeholders to assess systems and processes against both internal campus security policy and external compliance requirements
- Document assessment findings and remediation recommendations, consult on the design and implementation of risk response plans, and present reports to campus stakeholders
- Provide technical advice and consultation to personnel involved with development, deployment, administration, and security of the institution's systems and services
- Participate in the documentation of assessment and compliance efforts including campus security requirements, guidelines, and processes
- Participate in workgroups and project teams in support of ISO's strategic priorities
- Triage security incidents and support tickets as part of an analysts rotation (regular business hours)
- Act as a subject matter expert in the creation of security awareness and education programs for the campus on best practices
- Stay informed about the latest developments in the information security field and contribute to outreach efforts educating campus users on emerging threats
- Minimum of 5 years Information Security or compliance work experience
- The ability to understand, interpret, and assess against security policies, frameworks, and data use agreements, providing gap analysis and standards crosswalks as needed
- General knowledge of information security topics (e.g., basic cryptographic principles, common network protocols, firewalls, intrusion detection, system hardening, etc.)
- Excellent written and oral communication skills, including the ability to compose concise and accurate assessment reports as well as the ability to articulate key points to both technical and non-technical audiences
- Demonstrated ability to quickly understand diverse and complex business environments
- Demonstrated interpersonal skills to work with technical and non-technical personnel at various levels in the organization
- Ability to contribute within a team of security professionals, as well as the capability to work independently with only general direction
- Knowledge of security standards such as ISO 27001 and NIST 800-53
- Knowledge of common security controls and topics such as OWASP Top 10, CIS Controls (Top 18), and MITRE ATT&CK
- Familiarity with federal, state, and industry-based data security & privacy regulations such as PCI-DSS, HIPAA, FISMA, FERPA, GDPR, CCPA, SB-1386, and CMMC/NIST 800-171
- GIAC, CISSP, ISACA, or similar security certifications
- Experience advising on best practices and addressing routine issues to comply with PCI-DSS
- Bachelor's degree in related area and/or equivalent experience/training
Salary & Benefits
Salary commensurate with experience. For information on the comprehensive benefits package offered by the University visit:
How to Apply
Please submit your cover letter and resume as a single attachment when applying.
- The minimum posting duration of this position is 14 calendar days. The department will not initiate the application review process prior to 9/21/2021.
- May consider the option for fully remote work for qualified applicants.
Conviction History Background
This is a designated position requiring fingerprinting and a background check due to the nature of the job responsibilities. Berkeley does hire people with conviction histories and reviews information received in the context of the job responsibilities. The University reserves the right to make employment contingent upon successful completion of the background check.
Equal Employment Opportunity
The University of California is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status. For more information about your rights as an applicant see:
For the complete University of California nondiscrimination and affirmative action policy see:
To apply, visit https://careerspub.universityofcalifornia.edu/psp/ucb/EMPLOYEE/HRMS/c/HRS_HRAM.HRS_APP_SCHJOB.GBL?Page=HRS_APP_JBPST&Action=U&FOCUS=Applicant&SiteId=21&JobOpeningId=23390&PostingSeq=1