Job Requisition Number: 24040. The Division of Student Affairs advances the learning and personal growth of students by providing leadership, services, and opportunities that enable students to succeed in and contribute to a diverse and global society. Student Affairs Information Technologies (SAIT), a department within the Division, provides and supports the technology and computing services for the Division. SAIT supports many of the services provided to students, the Division of Student Affairs, and the university community.
SAIT consists of 30+ full-time career staff and over 70+ student part-time staff. The department is organized into six teams: Student Technologies, Portfolio and Project Management, Application Development, Systems, Operations, and Information Security.
The Information Security team within Student Affairs Information Technologies is responsible for managing, guiding, and/or executing the implementation of security initiatives and improvements to information security policies and procedures that protect Student Affairs business processes and technology resources.
This position functions Chief Information Security Officer as an internal consultant providing technical expertise and is responsible for assessing information risk and facilitating remediation of identified vulnerabilities in the systems and applications within the Division of Student Affairs. Additional duties may involve developing and maintaining the security of data and systems as the primary responsibility of the position. The team plans, designs, develops, implements and maintains systems and programs to ensure the integrity, reliability and security of data and systems.
• Applies advanced IT security concepts to execute highly complex and campus-impacting security controls to prevent hackers from infiltrating campus information or jeopardizing web-based programs for the campus. • Responsible for providing research, analysis and solutions to address attempted efforts to compromise security protocol and measures. • Designs and maintains highly complex security systems. • Responsible for administering highly complex security policies to control access to systems. • Uses highly advanced and industry standard encryption methods. • Manages the pro-active efforts to identify vulnerabilities including but not limited to security scanning and review of alignment with security standards. Works with vendors to evaluate alignment of vendor operations and hosted cloud services with campus security requirements. • Advises business partners on security considerations related to selection of vendors and solutions. • Proactively addresses the negative impact on the campus caused by theft, destruction, alteration or denial of access of information. Develops standards, training and operational programs such as but not limited to hard drive encryption, removal of protected data from inappropriate systems and protection of personal workstations to reduce risk to information and systems. Aligns department’s efforts with UCB policies and industry standards. • May lead a team of IT security professionals. Directly and indirectly supervises a student team in collaboration with the Student Leadership Coordinator and the student leads; participates in the annual cycle of recruitment, hiring and training; shares responsibility for developing and sustaining a strong student leadership program. • Applies advanced IT security concepts to provide input, define or revise incident response processes. • Interacts with peer managers in the IT and other areas of the organization. Maintains a positive relationship with other departments and personnel that will assist in the development, funding, promotion, and/or public relations of the Division of Student Affairs and SAIT. Supports the success and objectives of SAIT. • Identifies and selects training opportunities for professional development. Participates in cross-functional group discussions, activities and other training efforts. • Adheres to University and departmental policies, procedures, and professional practices as well as city, state, and federal laws. Also responsible for adherence to UC Berkeley’s Data Classification Standard, Minimum Security Standards for Networked Devices and Minimum Security Standards for Electronic Information. • Other duties as assigned.• Minimum of five years of direct full-time security work experience in two or more security fields in a Higher Education environment. • Requires advanced knowledge of IT security function. • Must have knowledge relating to the design of security programs across the campus, including but not limited to federal, state, and industry requirements for personal data (e.g. FERPA, PCI DSS, UCOP BFB IS Series, HIPAA, DMCA, HEOA). • Requires knowledge of other related areas of IT. • Knowledge of department processes and procedures. • Requires interpersonal skills in order to work with both technical and non-technical personnel at various levels in the organization. • Experience performing and leading IT security reviews and/or audits. • Bachelors degree in related area and/or equivalent experience/training • Master's degree in related area and/or equivalent experience/training is preferred • CISSP or another security certification/accreditation preferred • ITIL V3 Foundations training and certification preferred
The University of California was chartered in 1868 and its flagship campus - envisioned as a "City of Learning" - was established at Berkeley, on San Francisco Bay. Today the world's premier public university and a wellspring of innovation, UC Berkeley occupies a 1,232 acre campus with a sylvan 178-acre central core. From this home its academic community makes key contributions to the economic and social well-being of the Bay Area, California, and the nation.