Senior Information Security Compliance Analyst

The UCLA Information Security Office enables UCLA's goals by providing leadership assuring the confidentiality, integrity, and availability of its information resources. The Information Security Office enables efficient incident response planning and notification procedures. In addition, the office aims to implement risk assessment strategies to identify vulnerabilities and threats to departmental information resources and enterprise systems. This includes executing a comprehensive UCLA IT security plan, which involves proposing, delivering, and enforcing administrative, technical, and physical security measures to tackle identified risks based on their sensitivity or criticality.
The Senior Information Security Compliance Analyst will lead the charge in safeguarding UCLA's information technology systems and data through effective governance practices. This Senior Analyst will be responsible for developing, implementing, and maintaining comprehensive IT security governance frameworks, policies, and procedures to protect valuable information assets and ensure compliance with industry standards and regulations. Collaborating closely with various stakeholders, the Senior Information Security Compliance Analyst will assess security risks, devise robust security strategies, monitor incidents and vulnerabilities, and oversee all governance-related activities. This Analyst will play a vital role in cultivating a proactive cyber risk management culture to fortify the university's cybersecurity posture.
The Senior Information Security Compliance Analyst will positively impact UCLA's operations and culture by protecting University stakeholders' information and data in service of the institution's academic mission. This team member will advance the University's mission by delivering exceptional security service comprehensively and consistently across faculty, staff, and students. This role will execute UCLA's vision while modeling UCLA's culture and values.
Percentage of Time:
100%
Shift Start:
8:00 am
Shift End:
5:00 pm
Qualifications for Position
16
Records
Qualifications
Required/Preferred
Five years of experience working in one or more of the following fields: cybersecurity, information technology, computer science, computer information systems, or related field.
Required
Proven experience working in IT security governance or a related role, preferably in an educational or large organizational setting.
Required
Strong knowledge of security governance frameworks and standards such as ISO 27001, NIST, or COBIT. Strong understanding of security governance principles, including policy development, security controls, risk management, and incident response.
Required
Proficiency in conducting security risk assessments and developing risk mitigation strategies.
Required
Expert knowledge of IT security and demonstrated skill in the design and development of diverse and complex security policies and procedures.
Required
Advanced written and verbal communication skills and is able to communicate complex technical ideas to a diverse community of colleagues and stakeholders. Can relay technical information to audiences of technical and non-technical stakeholders.
Required
Able to establish and advance positive working relationships and a strong rapport with a diverse community of colleagues including team members, stakeholders, and customers.
Required
Advanced organizational skills and is able to balance competing priorities and deliver concurrent projects to various stakeholder types. Experience working in a project-based environment using leading project management practices including schedule management, status reporting, and communication of project risks and issues.
Required
Advanced problem-solving skills; ability to uncover root of difficult problems and scope solutions based on knowledge of available resources and timelines as well as awareness of vision and strategy. Seeks information from multiple and diverse sources to inform solutions. Demonstrated ability to make decisions with integrity.
Required
Experience participating in activities to advance an inclusive environment that values equity, diversity, inclusion and belonging.
Required
Thinks creatively and introduces innovations such as the incorporation of new technologies or processes. Thrives in an ever-changing, fast-paced environment.
Required
Bachelor's degree or equivalent combination of experience/training in one or more of the following fields: information technology, computer science, public administration, business administration, communications, or related field.
Required
Seven or more years of experience working in one or more of the following fields: cybersecurity, information technology, computer science, computer information systems, etc.
Preferred
Experience in complex higher education environments, serving academic and administrative functions of a large public university.
Preferred
Bachelor's degree in one or more of the following fields: information technology, computer science, public administration, business administration, communications.
Preferred
CISSP, CISA, Security+, CEH, CISM, or equivalent certification
Preferred
Additional Posting Information
Bargaining Unit:
99-Policy Covered
Application Deadline:
04-05-2024
External Posting Date: