Information Technology Services
At Information Technology Services, our goal is to be the university's trusted business partner by creating a culture of exceptional customer service. Bringing together a team of diverse and talented professionals, we provide the central IT services that support USC's schools, hospitals, research centers, and administrative units. Through our recently launched digital transformation initiatives, we aim to develop an environment of continuous service improvement, founded on cross-functional teamwork, industry best practices, innovation, and commitment to the customer experience.
Information Security Governance LeadApply Information Security ITS Los Angeles, California
The University of Southern California’s (USC’s) Information Technology Services is seeking a strategic and talented Information Security Governance Leadto join the Governance, Risk Management and Compliance (OCISO GRC) team within The Office of the Chief Information Security Officer. The Information Security Governance Lead will partner with stakeholders and team members to assist in the creation, delivery, and maintenance of policies, standards, procedures, and guidelines. The Lead will provide support to the governing bodies and steering committees in accordance to our risk governance framework. This role will help drive efforts to enhance security awareness operations and assist the Governance Manager in the management of other security program areas and functions.
The ideal candidate must possess five years of experience in Information Technology (or Information Security), three years of experience in policy management, and one year in a lead or supervisory role. The ideal candidate should possess experience with building or aiding in the development of new programs, legal and regulatory requirements, NIST, ISO 27001 or CIS, administering security awareness training, and organizational change communication experience.
The Information Technology Services (ITS) vision aligns strategy, business, and services; affirms ITS cultural values; empowers cross-functional teamwork; embraces world-class best practices; and promotes innovation, excellence, agility, and efficiency. To achieve this vision, ITS is committed to providing a modern technology infrastructure that is resilient and delivers the performance necessary to meet the demands of a growing customer base, training in the latest technologies for its highly productive and motivated workforce, outstanding customer experience, and technology services that are aligned with the university’s mission to provide exceptional learning opportunities for students. ITS is creating a workplace where employees can develop cutting-edge skills, take pride in the services they provide, and have access to the roles and career paths that align to their abilities and potential.
We are looking for top talent to join us on our journey.
USC’s ITS organization represents a diverse and talented team, committed to supporting a collaborative culture and delivering secure and innovative IT services, core to the mission of USC. ITS values accountability, excellence, and commitment to exceptional customer experience. ITS strives for a supportive and inclusive culture that encourages employees to do their best work every day and where individuals are recognized and celebrated for their contributions.
USC is the leading private research university in Los Angeles—a global center for arts, technology, and international business. With more than 47,500 students, we are located primarily in Los Angeles but also in various US and global satellite locations. As the largest private employer in Los Angeles, responsible for $8 billion annually in economic activity in the region, we offer the opportunity to work in a dynamic and diverse environment, in careers that span a broad spectrum of talents and skills across a variety of academic and professional schools and administrative units. As a USC employee and member of the Trojan Family—the faculty, staff, students, and alumni who make USC a great place to work—you will enjoy excellent benefits, including a variety of well-being programs designed to help individuals achieve work-life balance.
Come join the ITS team and work as a trusted partner in shaping an environment of innovation and excellence for the university.
The candidate for the position of Information Security Governance Lead must meet the following qualifications:
- Bachelor’s degree or combined education/experience as substitute for minimum education.
- 5 or more years of demonstrated IT experience, with at least 2 years in information security.
- Experience in risk analysis and remediation planning
- Knowledgeable in NIST, ISO 27001, CIS or equivalent
- Knowledgeable of regulatory requirements (such as: GLBA, PCI, FERPA, HIPAA, etc.)
- Demonstrated understanding of information security in the context of risk management.
- Demonstrated understanding of third-party risk management processes and relevant information security controls.
- Demonstrated understanding of information security contractual agreements.
- Ability to communicate and present information security risk concisely and effectively.
- Demonstrated leadership and problem-solving skills.
- Possesses ability to adjust communication and response style based on client, management or third party needs.
- Competency in customer focus, change & innovation, relationship thinking, relationship building & influencing and results focused.
- Ability to lead effectively and work closely with leaders in fast paced, highly collaborative environment.
The ideal candidate for the position of Information Security Governance Lead has the following qualifications:
- Bachelor’s Degree
- 7 years of experience in Information Technology or Information Security.
- Working toward or has CISA or CISSP certification.
- Strong understanding of applicable and accepted audit and risk frameworks (such as COBIT, NIST, and ISO) and government guidelines and laws (such as FERPA and HIPAA).
- Large complex, federated organization related experience
- Experience presenting to large groups with confidence and polished presentation skills.
THE WORK YOU WILL DO
The Information Security Governance Lead is primarily responsible for planning, designing, and executing security solutions, benchmarking technology strategies, and providing input for the selection and implementation of technology solutions. The role is also accountable for identifying security deficiencies and recommending corrective actions of identified vulnerabilities. Responsibilities include the creation and publication of internal controls, ensuring the development and maintenance of adequate compliance resources and training opportunities, and fostering a risk and compliance-focused culture within the division. This position works with IT internal support teams as well as external clients within the university to provide the highest standards of support relative to information security governance and risk management practices. Other responsibilities include providing guidance on security solutions, preparing benchmarking reports and presentations, monitoring security metrics to evaluate efficacy of security programs, and supporting security incident response activities.
The Information Security Governance Lead:
- Leads the IS governance policy and standards program.
- Works with stakeholders in developing standards and maintaining policies.
- Partners with stakeholders to gather the information security risk treatment plans based on established risk-level, service-level agreements (SLAs), or on risk decisions from chartered governing bodies
- Contributes to the enhancement in tools and methodologies used for risk management lifecycle
- Reassesses or redefines priorities as appropriate in order to achieve performance objectives.
- Maintains awareness and knowledge of current changes within legal, regulatory, and technology environments which may affect operations.
- Ensures senior management and staff are informed of any changes and updates in a timely manner
- Leads and contributes to the assessment of multiple project risks and complexities. Participates in project handoffs including document preparation, training and education, and support to ensure smooth transitions. Assists in the selection and design of tools that allow reuse of design components and plans between similar projects.
- Interfaces with peers and senior leadership and communicates relative information at all levels. Provides Cybersecurity guidance to less-experienced Information Security team members and other technologists across the university. Meets with project teams and other system architects to develop system designs and project plans that include the appropriate security controls and meet security standards.
- Helps mature information security risk management processes, programs and strategies. Aligns information security activities with regulatory requirements and internal risk management policies. Identifies security gaps and deficiencies by conducting risk assessments and recommends corrective action of identified vulnerabilities and weaknesses. Leads the planning, testing, tracking, remediation, and acceptance level for identified security risks, and the creation and publication of internal controls. Ensures requisite compliance monitoring is in place to identify control weaknesses, compliance breaches and operational loss events. Ensures adequate compliance resources and training, fostering a risk and compliance focused culture and optimizing relations with team members and regulators.
- Maintains awareness and knowledge of current changes within legal, regulatory, and technology environments which may affect operations. Ensures senior management and staff are informed of any changes and updates in a timely manner. Establishes and maintains appropriate network of professional contacts. Maintains membership in appropriate professional organizations and publications. Attends meetings, seminars and conferences and maintains continuity of any required or desirable certifications, if applicable.
- Leads planning, design and execution of appropriate technology security solutions. Examines technology vision, opportunities and challenges with regard to information security standards and their impact on technology, and reacts accordingly in alignment and support of the execution of the USC Information Security Program vision and strategy. Participates in developing security strategy, architecture and tools in accordance with university standards, policies, procedures and other formal guidance, ensuring security technology standards and best practices are maintained across the university.
- Provides assistance in benchmarking technology strategies and architectures. Monitors and anticipates trends and investigates organizational objectives and needs. Provides guidance on security solutions and prepares benchmarking reports and presentations.
- Directs the research, evaluation, proof-of-concept, selection and implementation of technology solutions. Provides detailed pros-and-cons, build-vs-buy analyses of options. Facilitates flexible and scalable solutions. Ensures that the technical design considers security controls, performance, confidentiality, integrity, availability, access and total cost. Assists with working solutions or prototypes and resolves any issues that arise.
- Promotes implementation of new technology, solutions and methods to improve business processes, efficiency, effectiveness and security. Configures operational, architectural and design documentation including procedures, task lists, and roadmaps.
- Conducts enterprise due-diligence activities, including security monitoring and security metrics, to evaluate effectiveness of the enterprise security program and established controls.
- Performs other duties as assigned or requested. The university reserves the right to add or change duties at any time.
Minimum Education Bachelor's Degree Combined education/experience as substitute for minimum education Minimum Experience: 5 years Minimum Field of Expertise: Five or more years of demonstrated IT experience, with at least two years in information security. Working knowledge of Windows-based platforms, application and TCP/IP network security technologies, information security concepts, principles and components of a comprehensive information security program. Experience in Application Security concepts, Control frameworks and control objectives. Aptitude for and interest in information and application security. Exceptional organizational skills to balance work and lead projects. Strong, professional written and verbal communication skills.
REQ20093056 Posted Date: 09/16/2020 Apply