At the University of California, Berkeley, we are committed to creating a community that fosters equity of experience and opportunity, and ensures that students, faculty, and staff of all backgrounds feel safe, welcome and included. Our culture of openness, freedom and belonging make it a special place for students, faculty and staff.
The University of California, Berkeley, is one of the world's leading institutions of higher education, distinguished by its combination of internationally recognized academic and research excellence; the transformative opportunity it provides to a large and diverse student body; its public mission and commitment to equity and social justice; and its roots in the California experience, animated by such values as innovation, questioning the status quo, and respect for the environment and nature. Since its founding in 1868, Berkeley has fueled a perpetual renaissance, generating unparalleled intellectual, economic and social value in California, the United States and the world.
We are looking for equity-minded applicants who represent the full diversity of California and who demonstrate a sensitivity to and understanding of the diverse academic, socioeconomic, cultural, disability, gender identity, sexual orientation, and ethnic backgrounds present in our community. When you join the team at Berkeley, you can expect to be part of an inclusive, innovative and equity-focused community that approaches higher education as a matter of social justice that requires broad collaboration among faculty, staff, students and community partners. In deciding whether to apply for a position at Berkeley, you are strongly encouraged to consider whether your values align with our Guiding Values and Principles, our Principles of Community, and our Strategic Plan.
The Information Security Office (ISO) coordinates the risk management process for UC Berkeley's information systems and directs campus-wide efforts to adequately secure Institutional data. ISO is led by the Chief Information Security Officer and consists of five teams: Policy and Outreach, Service Management, Security Operations, Development & Engineering, and Security Assessments. This position manages the Security Assessments Team, and reports to the Associate Chief Information Security Officer.
The Office of the CIO and Information Services & Technology (OCIO/IST) believe in and foster a workplace environment where people can bring their diverse skills, perspectives and experiences toward achieving our goals through a process of critical inquiry, discovery, innovation, while simultaneously committing to making positive contributions towards the betterment of our world.
In addition, members of the OCIO/IST community have created and endorse the following values for our organization to augment and amplify the campus principles:
We champion diversity.
We act with integrity.
Diversity, Inclusion, and Belonging are more than just suggestions for us. They are the guiding principles underlying how we come together, develop leaders at all levels of the organization, and create an environment that unites us. We affirm the dignity of all individuals, call upon our leaders to address critical issues with integrity and intention, respect our differences as well as our commonalities, and strive to uphold a just community free from discrimination and hate.
The Security Assessments Team is a talented, and high-performing team of Information Security professionals dedicated to reducing institutional risk through the critical analysis of information technology systems. As manager of this highly technical group, this position will reduce institutional risk through coordinating critical analysis of these applications, networks, and systems in a complex, heterogeneous environment. The work will have a direct and meaningful impact on information security at a world-class research institution.
Makes recommendations to senior management regarding issues of privacy, security and compliance for department or entire campus. Analyzes the needs of functional departments and helps to establish priorities for feasibility studies and assess systems and processes against both internal campus security policy and external compliance requirements.
Directly manages communication and awareness methods to drive and integrate campus-wide IT privacy and security strategies to reach all constituents, faculty, staff, students and affiliates. Coordinates with functional departments involved in system requirements, techniques, and controls; including application of campus security requirements, data and system classification, and assessment frameworks.
Manages campus, compliance with privacy and security regulations. Administers IT policies that directly affect subordinate employees and proposes or assists in the development of Campus policy related to Security Assessment engagements across the institution.
Manages programs, projects and activities to support UC policy on stewardship of electronic resources campus-wide. Using a risk-based approach, establish goals, direction, and scheduling for Assessments Team workload and job assignments.
Monitors and manages the daily operation of department / section through subordinate supervisors, the coordination of activities of a department with responsibility for results in terms of costs, methods, and employees. Develops and monitors operational and budget processes, staff FTE, finances, human resources, and space planning.
Manages and recommends changes to policies which affect the department.
May serve as the campus authority and representative in campuswide, systemwide or national meetings regarding privacy, security, policy, and communication expertise in the area of security assessments and vendor reviews.
Interacts with law enforcement, Human Resources, Academic Personnel, Student Affairs across the campus on issues of significance that involve compliance of campus electronic information resource.
Broad knowledge of information technology security functional areas and as it relates to student data; health information; research subjects; finance; including credit card and loan transactions; management of IT resources and applications; and general computer use practices.
Knowledge of procedures for budget and account management.
Demonstrated understanding of privacy and security regulations and best practices, including federal and state laws, policies and standards, as well as extensive knowledge about a wide range of privacy / security regulations relevant to higher education.
Demonstrated communication skills with project teams, stakeholders, and external contacts including both technical and non-technical audiences.
Demonstrated ability to change the thinking of, or gain acceptance from, others in sensitive situations, without damage to the relationship.
Broad knowledge of subject area sufficient for strategic planning, technology assessment and direction.
Demonstrated experience managing technical staff.
Experienced in leading change management activities and managing their impact within the department.
Broad knowledge of technical concepts and basic operating principles of data communications, computer hardware, vendor IT products, and software.
Demonstrated oral and written communication skills, including the ability to effectively present technical topics to large groups with potentially varied levels of technical sophistication.
The ability to work effectively with a diverse group of employees and embraces unique viewpoints and outlooks.
Strong communication skills and effective conflict resolution.
Bachelors degree in related area and/or equivalent experience/training
The successful candidate will have a thorough knowledge of many of the following areas:
ISO 27000 and NIST (800-53, 800-171) information security standards
FERPA, PCI, HIPAA, FISMA compliance
Information risk management concepts and application
Application security testing practices, especially using the OWASP project materials
Cloud and vendor security standards and assessment frameworks (CSA, SOC 2), including vendor and contract management issues
In addition, the following competencies are required:
Significant (mid-career) Information Security or Compliance work experience
A proven track record of providing effective leadership and coordinating the differing skills, outlooks, and experiences of highly technical teams to achieve shared goals
Experience with and commitment to building team cohesion through the principles of inclusivity, diversity, and equality
Exceptionally strong written and verbal communication skills, and ability to effectively communicate across a broad range of campus audiences
Disciplined, organized, methodical, and demonstrable experience developing and executing project plans
Alignment with our campus mission of excellence in teaching, research and public service, and appreciation for how this affects our approaches to Information Security
UC Berkeley campus and system-wide (Office of the President) security policies and standards, or similar policies and standards in Higher Education and/or Research environments
Minimum of 2 years of experience managing an information technology organization.
Salary & Benefits
Annual salary up to $174,500. Salary commensurate with experience. For information on the comprehensive benefits package offered by the University visit:
Please submit your cover letter and resume as a single attachment when applying.
Conviction History Background
This is a designated position requiring fingerprinting and a background check due to the nature of the job responsibilities. Berkeley does hire people with conviction histories and reviews information received in the context of the job responsibilities. The University reserves the right to make employment contingent upon successful completion of the background check.
The University of California was chartered in 1868 and its flagship campus - envisioned as a "City of Learning" - was established at Berkeley, on San Francisco Bay. Today the world's premier public university and a wellspring of innovation, UC Berkeley occupies a 1,232 acre campus with a sylvan 178-acre central core. From this home its academic community makes key contributions to the economic and social well-being of the Bay Area, California, and the nation.