Information Security Risk Performance Lead @ USC - Los Angeles, CA
2 months ago
Information Security Risk Performance Lead
USC - Los Angeles, CA
The University of Southern California (USC) Department of Information Technology Services (ITS) is seeking an InfoSec Risk Performance Lead with an exceptional commitment to service excellence to join its team.
As the InfoSec Risk Performance Lead Analyst, you will be an integral member of the Security Strategy and Governance team of the Office of the CISO.
The InfoSec Risk Performance Lead Analyst defines and builds key performance indicators to ensure effectiveness and compliance across information security processes and process owners. The Lead assists in managing evaluation process that determines effectiveness of information security controls and safeguards while ensuring that processes align to regulatory, statutory, and industry requirements, as well as university policy and data classification. In addition, the Lead participates in external and internal compliance audits while serving as a subject matter expert on information security risk strategy and risk appetite.
THE WORK YOU WILL DO
The InfoSec Risk Performance Lead Analyst:
- Develops and implements comprehensive information security strategies and programs to identify and mitigate business risk. Obtains input from key stakeholders across university and partners with data protection manager to define annual risk assessment plan. Recommends programmatic direction, with a high degree of independence, in matters relating to the investigation, impact, and analysis of decisions regarding cyber security risk.
- Creates and maintains key risk indicators (KRIs) and risk appetite in line with the OCISO framework. Ensures information security strategies and risk management are performing at established levels.
- Serves as a subject matter expert (SME) on information security risk strategy and risk appetite. Collaborates with risk performance manager to facilitate the risk acceptance process. Ensures the implications of risk acceptance are understood, risks are accepted at the correct level within the organization, and risk acceptances are tracked and reported on throughout their lifecycle.
- Defines and builds key performance indicators (KPIs) to ensure effectiveness and compliance across information security processes and process owners. Specifies key milestones and metrics, as well as associated budget and resource impacts, to continue an effective risk management program. Partners with data protection manager and governance manager to ensure appropriate reporting and data is provided to manage risk.
- Assists in managing evaluation process that determines effectiveness of information security controls and safeguards. Ensures processes align to regulatory, statutory, and industry requirements, as well as university policy and data classification. Participates in external and internal compliance audits (e.g., PCI DSS, HIPAA Security Rule, NIST, GLBA Safeguards). Engages and partners with enterprise and local entities in preparation of compliance audits. Helps track adherence to policy and standards through control evaluation.
- Maintains currency of changes in laws, regulations, and technologies which may affect operations. Ensures senior management and staff are informed of any changes and updates in a timely manner. Establishes and maintains appropriate network of professional contacts. Participates in professional organizations (e.g., attends meetings, seminars, and conferences). Reads pertinent publications. Maintains continuity of any required or desirable certifications, if applicable.
- Promotes an environment that fosters inclusive relationships and creates unbiased opportunities for contributions through ideas, words, and actions that uphold principles of the USC Code of Ethics.
- Bachelor's degree or combined experience/education as substitute for minimum education
- 5 years’ experience of directly related experience in information security or risk management.
- Demonstrated understanding of information security across all security domains and the relationship between threats, vulnerabilities, and information value in the context of risk management.
- Experience with legal and regulatory requirements and industry security frameworks.
- Demonstrated understanding of processes, internal control risk management, information security controls, and how they interact together.
- Experience performing information security risk assessments and risk analysis.
- Demonstrated strong understanding of regulatory requirements (e.g., GLBA, PCI, FERPA, HIPAA).
- Ability to communicate and present security risk concisely and effectively in relation to enterprise risk based on the appropriate level of management and stakeholder groups.
- Demonstrated leadership and problem-solving skills.
- Ability to work closely with business leaders in a high pressure, fast-paced, highly collaborative environment with multiple deadlines and competing priorities.
- Ability to understand data analytics and dashboarding.
- Bachelor’s degree in information security, information science, computer science, or related field.
- 7 or more years’ experience in information security or risk management.
- Strong understanding of applicable and accepted audit and risk frameworks (e.g., COBIT, NIST, ISO) and government guidelines and laws (e.g., FERPA, HIPAA).
- Experienced in presenting to management.
- Strong interviewing skills and ability to adapt communication style based on stakeholder preferences.
- In-depth experience in system hardening, analysis, and vulnerability management.
- Proficient in Windows, Linux, and Mac OS.
- Experienced in Federated or decentralized environments.
THE ITS TEAM
The ITS vision aligns strategy, business, and services; affirms ITS cultural values; empowers cross-functional teamwork; embraces world-class best practices; and promotes innovation, excellence, agility, and efficiency. To achieve this vision, ITS is committed to providing a modern technology infrastructure that is resilient and delivers the performance necessary to meet the demands of a growing customer base, training in the latest technologies for its highly productive and motivated workforce, outstanding customer experience, and technology services that are aligned with the university’s mission to provide exceptional learning opportunities for students. ITS is creating a workplace where employees can develop cutting-edge skills, take pride in the services they provide, and have access to the roles and career paths that align to their abilities and potential. We are looking for top talent to join us on our journey.
USC’s ITS organization represents a diverse and talented team, committed to supporting a collaborative culture and delivering secure and innovative IT services that are core to the mission of the university. We are also committed to creating and maintaining meaningful partnerships across the university. At ITS, we act with integrity in the pursuit of excellence; embrace diversity, equity, and inclusion; promote well-being; engage in open two-way communication, and are accountable for living our values. ITS strives for a supportive and inclusive culture that encourages employees to do their best work every day and where individuals are recognized and celebrated for their contributions.
USC is the leading private research university in Los Angeles—a global center for arts, technology, and international business. With more than 47,500 students, we are located primarily in Los Angeles but also in various US and global satellite locations. As the largest private employer in Los Angeles, responsible for $8 billion annually in economic activity in the region, we offer the opportunity to work in a dynamic and diverse environment, in careers that span a broad spectrum of talents and skills across a variety of academic and professional schools and administrative units. As a USC employee and member of the Trojan Family—the faculty, staff, students, and alumni who make USC a great place to work—you will enjoy excellent benefits, including a variety of well-being programs designed to help individuals achieve work-life balance. USC values diversity and is committed to equal opportunity in employment.
Come join the USC ITS team and work as a trusted partner in shaping an environment of innovation and excellence. Apply today!
MINIMUM QUALIFICATIONS Candidates for the position of Information Security Risk Performance Lead must meet the following qualifications: • Bachelor’s degree; however, combined education/experience as substitute for minimum education • 5 years of directly related experience in Information Security or Risk Management • Experience in performance management, audit, assessment and/or internal controls • Experience with legal and regulatory requirements and industry security frameworks • Experience performing information security risk assessments and risk analysis • Demonstrated strong understanding of regulatory requirements (such as: GLBA, PCI, FERPA, HIPAA, etc.) • Demonstrated understanding of information security across all security domains and the relationship between threats, vulnerabilities, and information value in the context of risk management • Demonstrated understanding of processes, internal control risk management, information security controls, and how they interact together • Ability to communicate and present security risk concisely and effectively in relation to enterprise risk based on the appropriate level of management and stakeholder groups • Demonstrated leadership and problem-solving skills • Ability to work closely with business leaders in a high pressure, fast paced, highly collaborative environment with multiple deadlines and competing priorities • Ability to understand data analytics and dashboarding
City National Bank
Los Angeles, CA
Recommend new security solutions as well as effective improvements to existing security controls that do not negatively impact business innovation.
Los Angeles, CA
Knowledge with respect to security administration and information technology governance in a multiplatform environment. This position reports to the CEO.
San Dimas, CA
In this role, the Compliance Delivery Analyst will report under the Global Money Movement & Compliance (GMM&C) organization. Master's or advanced degree.
Huntington Beach, CA
Email security (Spam filtering, encryption). Must understand Active Directories from a security view point. Provide on call support as needed for any potential…
Child and Family Guidance Center
Assists management in the strategic planning of information security policies and procedures. Reports to executive management on the status of security…
LIBERTY Dental Plan
Remain current on new and developing information security risk trends, and best practices. Proficiency in security risk management to include an understanding…
San Diego, CA
Experience developing in Unreal Engine with security best practices. Familiarity with EasyAntiCheat, BattleEye, or other industry game security standards.
Simi Valley, CA
Provides general information security (INFOSEC) support. Assists the sponsor in clarifying cyber security related policies and procedures and determining…
Respond to information security incidents immediately such as phishing, malware and spamming according to established procedures. Help desk: 1 year (Preferred).
HomeXpress Mortgage Corp
Santa Ana, CA
Able to handle sensitive information on a confidential basis. Experience and expertise in a broad array of specialized areas such as infrastructure systems,…
This role will include broad knowledge on security industrial best practices, security assessment and risk management as well as security internal and external…
Evaluates the effectiveness and efficiency of existing information security control measures. Participates in internal and external information security tests…
Los Angeles, CA
Conduct reviews and technical inspections to identify and mitigate potential security weaknesses, and ensure that all security features applied to a system are…
First American Financial Corporation
Santa Ana, CA
Provides others with reliable information, delivers informative and persuasive presentations. Experience with security policy, standards, and controls…
Woodland Hills, CA
This position requires an individual that demonstrates leadership, business strategy, decision-making, and management skills, and to oversee the ServiceNow IRM…
Los Angeles, CA
Demonstrated skill in developing and implementing methods and procedures to ensure information security and data integrity. Ability to lift 42 lbs.
RSM US LLP
Los Angeles, CA
Strong understanding of information technology controls and security experience in a widely used financial application (SAP, Oracle, JD Edwards, PeopleSoft, etc…
Los Angeles, CA
Four (4) to six (6) years of experience of information systems and operational auditing experience required. One (1) to two (2) years of supervisory experience…
Los Angeles, CA
Fox Corporation is seeking an experienced Senior Financial Analyst, Financial Planning & Analysis to join the Digital & Technology Finance team based in Los…
Pueo Business Solutions LLC
Pueo is hiring a Penetration Tester to join our newly awarded Penetration Testing Contract with Marine Corps Tactical Systems Support Activity (MCTSSA).
McKinley Children's Center
San Dimas, CA
Assist with evaluating new information security technologies with recommendations to management on different platforms. Ability to commute to various sites.
City of Beverly Hills, CA
Beverly Hills, CA
Oversee all aspects of the City's information security function. Perform security incident investigation or analysis of a security incident or event.
Verify security for network, cloud, and application level for internal proprietary products. Develop test scenarios based on documented software requirements…
LOCKHEED MARTIN CORPORATION
Develop system documentation for information system authorization, security management, and continuous monitoring of both networked and standalone classified…