Information Technology Services
At Information Technology Services, our goal is to be the university's trusted business partner by creating a culture of exceptional customer service. Bringing together a team of diverse and talented professionals, we provide the central IT services that support USC's schools, hospitals, research centers, and administrative units. Through our recently launched digital transformation initiatives, we aim to develop an environment of continuous service improvement, founded on cross-functional teamwork, industry best practices, innovation, and commitment to the customer experience.
Risk Operations ManagerApply Information Security ITS Los Angeles, California
The University of Southern California’s (USC’s) Information Technology Services is seeking a strategic and talented Risk Operations Manager to join the Governance, Risk Management and Compliance (OCISO GRC) team within The Office of the Chief Information Security Officer. The Risk Operations Managerwill be responsible for managing the data protection program at USC. This role will oversee the implementation of safeguards to secure confidential data assets at USC (e.g. confidential student data, protected health information, internal investigation, financials, critical research data, etc.). This role focuses on protecting what matters most at USC, the Trojan Community, by managing the program to safeguard high value information.
The Risk Operations Manager manages and oversees the discovery, analysis and mapping of the high value information across USC along with the onboarding of data assets into the data protection program under the OCISO. The Data Protection Manager maintains a strong partnership with Internal Audit and the Office of Ethics & Compliance data privacy program. This role provides leadership and oversight of the data protection requirements to the local schools and units.
The Information Technology Services (ITS) vision aligns strategy, business, and services; affirms ITS cultural values; empowers cross-functional teamwork; embraces world-class best practices; and promotes innovation, excellence, agility, and efficiency. To achieve this vision, ITS is committed to providing a modern technology infrastructure that is resilient and delivers the performance necessary to meet the demands of a growing customer base, training in the latest technologies for its highly productive and motivated workforce, outstanding customer experience, and technology services that are aligned with the university’s mission to provide exceptional learning opportunities for students. ITS is creating a workplace where employees can develop cutting-edge skills, take pride in the services they provide, and have access to the roles and career paths that align to their abilities and potential.
We are looking for top talent to join us on our journey.
USC’s ITS organization represents a diverse and talented team, committed to supporting a collaborative culture and delivering secure and innovative IT services, core to the mission of USC. ITS values accountability, excellence, and commitment to exceptional customer experience. ITS strives for a supportive and inclusive culture that encourages employees to do their best work every day and where individuals are recognized and celebrated for their contributions.
USC is the leading private research university in Los Angeles—a global center for arts, technology, and international business. With more than 47,500 students, we are located primarily in Los Angeles but also in various US and global satellite locations. As the largest private employer in Los Angeles, responsible for $8 billion annually in economic activity in the region, we offer the opportunity to work in a dynamic and diverse environment, in careers that span a broad spectrum of talents and skills across a variety of academic and professional schools and administrative units. As a USC employee and member of the Trojan Family—the faculty, staff, students, and alumni who make USC a great place to work—you will enjoy excellent benefits, including a variety of well-being programs designed to help individuals achieve work-life balance.
Come join the ITS team and work as a trusted partner in shaping an environment of innovation and excellence for the university.
The candidate for the position of Risk Operations Manager must meet the following qualifications:
Bachelor’s degree or combined education/experience as substitute for minimum education.
5 years of experience in Information Security
Knowledgeable in NIST, ISO 27001, CIS or equivalent
Knowledgeable of regulatory requirements (such as: SOX, GLBA, PCI, FERPA, HIPAA, etc.)
Demonstrated understanding of information security in the context of data protection and governance, risk and compliance
Demonstrated understanding of data protection, data privacy, and risk management
Ability to communicate and present information security risk concisely and effectively.
Demonstrated leadership and problem-solving skills.
Possesses ability to adjust communication and response style based on customer, management or third party needs.
Competency in customer focus, change & innovation, relationship thinking, relationship building & influencing and results focused.
Ability to lead effectively and work closely with leaders in fast paced, highly collaborative environment.
The ideal candidate for the position of Risk Operations Manager has the following qualifications:
7 years of experience in Information Security.
Advanced knowledge of information security, governance, data protection, data privacy, risk management
Large enterprise or complex entity related experience.
THE WORK YOU WILL DO
The Risk OperationsManager,under Governance, Risk Management and Compliance (Office of the Chief Information Security Officer - GRC), will be responsible for managing the data protection program at USC. This role will oversee the implementation of safeguards to secure high value assets at USC (e.g. confidential student data, protected health information, internal investigation, financials, critical research data, etc.). This role focuses on protecting what matters most at USC, the Trojan Community, by managing the program to safeguard high value information. This role manages and oversees the discovery, analysis and mapping of the high value information across USC along with the onboarding of high value assets into the high value asset program under the OCISO. The Data Protection Manager maintains a strong partnership with Internal Audit and the Office of Ethics & Compliance data privacy program. This role provides leadership and oversight of the data protection requirements to the local schools and units.
The Risk Operations Manager:
Serves as a Subject Matter Expert (SME) on the organization’s strategy for the data protection to ensure the data protection processes aligns to regulatory, statutory and industry requirements and USC policy and data classification. Recommends programmatic direction with a high degree of independence in matters relating to the investigation, impact and analysis of decisions regarding data protection and high value information.
Defines, operates and implements comprehensive data protection strategies and programs to prioritize and mitigate cyber risk relevant to high value and confidential information at USC. Create and maintain an agreed upon high value asset program and controls assessment in line with the OCISO GRC Risk Framework.
Manages and oversees Risk Management Lead. Shows key milestones, metrics, KPIs, associated budget and resource impacts to continue an effective data protection program that meets USC’s needs.
Engages and partners with GRC advisory, key stakeholders and partners Schools, Services, and Administration function teams to manage relationships, information sharing, and serves as a SMS pertaining to the data program's objectives and associated safeguard requirements.
Manages and oversees vendor and third-party resources assisting in execution of data protection program initiatives.
Manages the high value asset scorecard reporting program to ensure the implications of safeguards implemented or not implemented are understood, and all security risks are reported to Risk Management Lead and are managed at the correct level within the organization, and risk acceptances for high value assets are tracked and reported on throughout their lifecycle.
Defines and manages the Application Security standards and requirements, Data Loss Prevention enterprise program requirements. Oversees the enterprise level components of the programs and partners closely to integrate with the Security Operations team on operational components of Application Security testing and monitoring and Data Loss Prevention tuning and monitoring.
Maintains awareness and knowledge of current changes within legal, regulatory, and technology environments which may affect operations. Ensures senior management and staff are informed of any changes and updates in a timely manner. Establishes and maintains appropriate network of professional contacts. Maintains membership in appropriate professional organizations and publications. Attends meetings, seminars and conferences and maintains continuity of any required or desirable certifications, if applicable.
Performs other duties as assigned or requested. The university reserves the right to add or change duties at any time.
Minimum Education: Bachelor’s degree Minimum Experience: 5 years Minimum Field of Expertise: Advanced knowledge of information security, data protection, data privacy, risk management. Large enterprise or complex entity related experience.
REQ20092586 Posted Date: 10/06/2020 Apply