Information Technology Services
At Information Technology Services, our goal is to be the university's trusted business partner by creating a culture of exceptional customer service. Bringing together a team of diverse and talented professionals, we provide the central IT services that support USC's schools, hospitals, research centers, and administrative units. Through our recently launched digital transformation initiatives, we aim to develop an environment of continuous service improvement, founded on cross-functional teamwork, industry best practices, innovation, and commitment to the customer experience.
Senior Information Security AdvisorApply Information Security ITS Los Angeles, California
We are currently seeking a Senior Information Security Advisor to join our Governance, Risk Management, and Compliance Team, within the Office of the CISO in the Information Technology Services (ITS) department here at the University of Southern California. The Senior Information Security Advisor will be responsible for planning, designing, and executing security solutions, identifying security deficiencies by working with USC schools and units, and recommending corrective actions of identified security risks and vulnerabilities.
The ideal candidate must possess seven years of experience in Information Technology, three years of experience in Information Security and two years of Management experience.
Information Technology Services (ITS) is committed to providing information technology (IT) services and support to the university. ITS provides essential, university-wide services such as:
- Enterprise information systems
- University wired and wireless networks
- Educational Technology
- Research Computing
- IT Security
- Must have a Bachelor’s degree in Information Security, Information Technology, Information Systems Management, Computer Science, Engineering or related field(s) or equivalent demonstrated work experience
- Minimum of 7 years of directly related experience in Information Technology
- Minimum of 3 years of experience in Information Security
- Minimum of 2 years of Management level experience
- Demonstrated working knowledge of application and TCP/IP network security technologies, information security concepts, principles and components of a comprehensive information security program
- Demonstrated experience in application security concepts, control frameworks and control objectives
- Strong, demonstrable aptitude for and interest in information and application security.
- Exceptional organizational skills to balance work and lead projects.
- Demonstrable leadership and interpersonal skills with experience in mentoring team members.
- Strong written communication and professional verbal communication skills.
- Experienced facilitator and presenter to a large audience
- Typically possesses experience GCIH/GSEC, CISM, CISA,CISSP, CRISC Certifications
- Typically possesses understanding of modern security tools and controls, secure development life cycle methodologies, programming languages or other scripting languages, and web-based application architectures (IIS, Apache, etc.)
- Typically possesses experience with financial industry regulations such as GLBA, PCI, and SOX
- Typically possesses large complex industry related experience
- Partners with the schools and units to help manage risk at an acceptable level
- Aligns business, IT, and information security functions to facilitate business-relevant security improvements
- Recognizes schools/units’ security needs and translate them into business requirements to enable the Office of the CISO to meet those needs while empowering the business.
- Provide inputs to local unit strategies for the delivery of information security services to the business
- Works with the local unit to develop a security plan which documents the security requirements and describes the security controls in place or planned, responsibilities and expected behavior of individuals who have access to critical systems.
- Serves as a Subject Matter Expert (SME) for information security across the university, to include schools, departments, project teams and vendors. Examines technology vision, opportunities and challenges with regard to security standards and their impact on technology and reacts accordingly in alignment and support of the execution of the USC Information Security Program vision and strategy
- Monitors and anticipates trends and investigates organizational objectives and needs. Provides guidance on Information security solutions.
- Advises on security strategy, architecture and tools in accordance with university standards, policies, procedures and other formal guidance, ensuring security technology standards and best practices are maintained across the university
- Promotes implementation of new technology, solutions and methods to improve business processes, efficiency, effectiveness and security.
- Advises on methods to mature information security risk management processes, programs and strategies. Aligns information security activities with regulatory requirements and internal risk management policies.
- Identifies security gaps and deficiencies by supporting risk assessments and recommends corrective action of identified vulnerabilities and weaknesses. Leads the planning and remediation of identified security risks.
- Interfaces with peers and senior leadership and communicates at all levels. Provides guidance to less experienced Information Security team members
- Presents to senior leaders and large audiences. Facilitates regular security governance meetings with IT leaders and Senior Business Officers to drive risk remediation and adoption of security services across the schools and units.
- Recruits, screens, hires, trains and directly supervises all assigned staff. Evaluates employee performance and provides guidance and feedback. Counsels, disciplines and/or terminates employees as required. Oversees onboarding and orientation of new employees to ensure that duties, responsibilities, work requirements and performance standards are clearly understood. Assesses staff development needs. Promotes staff participation in educational opportunities and activities. Schedules, assigns and prioritizes workloads. Sets appropriate deadlines. Monitors employee performance on day-to-day basis. Ensures timely completion of unit's work
- Maintains awareness and knowledge of current changes within legal, regulatory, and technology environments which may affect operations. Ensures senior management and staff are informed of any changes and updates in a timely manner. Establishes and maintains appropriate network of professional contacts. Maintains membership in appropriate professional organizations and publications. Attends meetings, seminars and conferences and maintains continuity of any required or desirable certifications, if applicable
- Bachelor’s Degree in Information Security, Information Technology, Information Systems Management, Computer Science, or Engineering
- GCIH/GSEC, CISM, CISA,CISSP, and CRISC Certifications
- Understanding of modern security tools and controls, secure development life cycle methodologies, programming languages or other scripting languages, and web-based application architectures (IIS, Apache, etc.)
- Experience with industry regulations such as FERPA, HIPAA, GLBA, PCI, and SOX application protocols such as MS-SQL, LDAP, and SSO, data protection controls, and applied use of cryptography
- Experience with defense in depth, trust levels, privileges and Permissions as well as experience in application penetration testing
- Experience with ISO 27001
- Large complex industry related experience
Minimum Education Bachelor's Degree Combined education/experience as substitute for minimum education Minimum Experience: 7 years Combined education/experience as substitute for minimum experience Minimum Field of Expertise: Bachelor’s degree in Information Security, Information Technology, Information Systems Management, Computer Science, Engineering or related field(s) or equivalent demonstrated work experience. 5+ years of IT experience that includes at least 3 years in information security and 2 years in management. Strong working knowledge of Windows-based platforms, application and TCP/IP network security technologies, information security concepts, principles and components of a comprehensive information security program. Demonstrated experience in Application Security concepts, Control frameworks and control objectives. Strong, demonstrable aptitude for and interest in information and application security. Exceptional organizational skills to balance work and lead projects. Demonstrable leadership and interpersonal skills with experience in mentoring team members. Strong written communication and professional verbal communication skills. Experienced facilitator and presenter.
REQ20082803 Posted Date: 06/29/2020 Apply