IT Security Assessments Manager (6019U) 17672

Website University of California, Berkeley

IT Security Assessments Manager (6019U) 17672

About Berkeley


At the University of California, Berkeley, we are committed to creating a community that fosters equity of experience and opportunity, and ensures that students, faculty, and staff of all backgrounds feel safe, welcome and included. Our culture of openness, freedom and belonging make it a special place for students, faculty and staff.


The University of California, Berkeley, is one of the world’s leading institutions of higher education, distinguished by its combination of internationally recognized academic and research excellence; the transformative opportunity it provides to a large and diverse student body; its public mission and commitment to equity and social justice; and its roots in the California experience, animated by such values as innovation, questioning the status quo, and respect for the environment and nature. Since its founding in 1868, Berkeley has fueled a perpetual renaissance, generating unparalleled intellectual, economic and social value in California, the United States and the world.


We are looking for equity-minded applicants who represent the full diversity of California and who demonstrate a sensitivity to and understanding of the diverse academic, socioeconomic, cultural, disability, gender identity, sexual orientation, and ethnic backgrounds present in our community. When you join the team at Berkeley, you can expect to be part of an inclusive, innovative and equity-focused community that approaches higher education as a matter of social justice that requires broad collaboration among faculty, staff, students and community partners. In deciding whether to apply for a position at Berkeley, you are strongly encouraged to consider whether your values align with our, our, and


Departmental Overview


The Information Security Office (ISO) coordinates the risk management process for UC Berkeley’s information systems and directs campus-wide efforts to adequately secure Institutional data. ISO is led by the Chief Information Security Officer and consists of: Policy and Outreach, Security Operations, Identity, Development & Engineering, and Security Assessments. This position manages the Security Assessments Team, and reports to the Associate Chief Information Security Officer.


The Office of the CIO and Information Services & Technology (OCIO/IST) believe in and foster a workplace environment where people can bring their diverse skills, perspectives and experiences toward achieving our goals through a process of critical inquiry, discovery, innovation, while simultaneously committing to making positive contributions towards the betterment of our world.


In addition, members of the OCIO/IST community have created and endorse the following values for our organization to augment and amplify the campus principles:


We champion diversity.

We act with integrity.

We deliver.

We innovate.


Diversity, Inclusion, and Belonging are more than just suggestions for us. They are the guiding principles underlying how we come together, develop leaders at all levels of the organization, and create an environment that unites us. We affirm the dignity of all individuals, call upon our leaders to address critical issues with integrity and intention, respect our differences as well as our commonalities, and strive to uphold a just community free from discrimination and hate.




The Security Assessments Team is a talented, and high-performing team of Information Security professionals dedicated to reducing institutional risk through the critical analysis of information technology systems. As manager of this highly technical group, this position will reduce institutional risk through coordinating critical analysis of these applications, networks, and systems in a complex, heterogeneous environment. The work will have a direct and meaningful impact on information security at a world-class research institution.


Key Responsibilities:


• Makes recommendations to senior management regarding issues of privacy, security and compliance for departments or the entire campus. Analyzes the needs of functional departments and helps to establish priorities for feasibility studies and assess systems and processes against both internal campus security policy and external compliance requirements.

• Directly manages communication and awareness methods to drive and integrate campus-wide IT privacy and security strategies to reach all constituents, faculty, staff, students and affiliates. Coordinates with functional departments involved in system requirements, techniques, and controls; including application of campus security requirements, data and system classification, and assessment frameworks.

• Manages campus, compliance with privacy and security regulations. Administers IT policies that directly affect subordinate employees and proposes or assists in the development of Campus policy related to Security Assessment engagements across the institution.

• Manages programs, projects and activities to support UC policy on stewardship of electronic resources campus-wide. Using a risk-based approach, establish goals, direction, and scheduling for Assessments Team workload and job assignments.

• Monitors and manages the daily operation of department / section through subordinate supervisors, the coordination of activities of a department with responsibility for results in terms of costs, methods, and employees. Develops and monitors operational and budget processes, staff FTE, finances, human resources, and space planning.

• Manages and recommends changes to policies which affect the department.

• May serve as the campus authority and representative in campuswide, systemwide or national meetings regarding privacy, security, policy, and communication expertise in the area of security assessments and vendor reviews.

• Interacts with law enforcement, Human Resources, Academic Personnel, Student Affairs across the campus on issues of significance that involve compliance of campus’ electronic information resources.


Required Qualifications


• Broad knowledge of information technology security functional areas and as it relates to student data; health information; research subjects; finance; including credit card and loan transactions; management of IT resources and applications; and general computer use practices.

• Knowledge of procedures for budget and account management.

• Demonstrated understanding of privacy and security regulations and best practices, including federal and state laws, policies and standards, as well as extensive knowledge about a wide range of privacy / security regulations relevant to higher education.

• Demonstrated communication skills with project teams, stakeholders, and external contacts including both technical and non-technical audiences.

• Demonstrated ability to change the thinking of, or gain acceptance from, others in sensitive situations, without damage to the relationship.

• Broad knowledge of subject area sufficient for strategic planning, technology assessment and direction.

• Demonstrated experience managing technical staff.

• Experienced in leading change management activities and managing their impact within the department.

• Broad knowledge of technical concepts and basic operating principles of data communications, computer hardware, vendor IT products, and software.

• Demonstrated oral and written communication skills, including the ability to effectively present technical topics to large groups with potentially varied levels of technical sophistication.

• The ability to work effectively with a diverse group of employees and embraces unique viewpoints and outlooks.

• Strong communication skills and effective conflict resolution.

• Bachelor’s degree in related area and/or equivalent experience/training


The successful candidate will have a thorough knowledge of many of the following areas:


• ISO 27000 and NIST (800-53, 800-171) information security standards

• FERPA, PCI, HIPAA, FISMA compliance

• Information risk management concepts and application

• Application security testing practices, especially using the OWASP project materials

• Cloud and vendor security standards and assessment frameworks (CSA, SOC 2), including vendor and contract management issues


In addition, the following competencies are required:


• Significant (mid-career) Information Security or Compliance work experience

• A proven track record of providing effective leadership and coordinating the differing skills, outlooks, and experiences of highly technical teams to achieve shared goals

• Experience with and commitment to building team cohesion through the principles of inclusivity, diversity, and equality

• Exceptionally strong written and verbal communication skills, and ability to effectively communicate across a broad range of campus audiences

• Disciplined, organized, methodical, and demonstrable experience developing and executing project plans

• Alignment with our campus mission of excellence in teaching, research and public service, and appreciation for how this affects our approaches to Information Security


Preferred Qualifications


• UC Berkeley campus and system-wide (Office of the President) security policies and standards, or similar policies and standards in Higher Education and/or Research environments

• Minimum of 2 years of experience managing an information technology organization.


Salary & Benefits


Salary commensurate with experience. For information on the comprehensive benefits package offered by the University visit:


How to Apply


Please submit your cover letter and resume as a single attachment when applying.


Diversity Statement


Please include, as part of your application a brief (1-2 paragraph) statement on your contributions to diversity, equity, inclusion, and belonging in your professional experience.


Advancing diversity, equity, and inclusion are fundamental to our UC Berkeley Principles of Community, which states that “every member of the UC Berkeley community has a role in sustaining a safe, caring, and humane environment in which these values can thrive.”


Other Information


The minimum posting duration of this position is 14 calendar days. The department will not initiate the application review process prior to May 6, 2021.


Conviction History Background


This is a designated position requiring fingerprinting and a background check due to the nature of the job responsibilities. Berkeley does hire people with conviction histories and reviews information received in the context of the job responsibilities. The University reserves the right to make employment contingent upon successful completion of the background check.


Equal Employment Opportunity


The University of California is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status. For more information about your rights as an applicant see:

For the complete University of California nondiscrimination and affirmative action policy see:


To apply, visit


Copyright ©2017 Inc. All rights reserved.


To apply for this job please visit