USC USA Careers – Security Risk Policy Management Analyst

The

University of Southern California

(USC) Department of

Information Technology Services

(ITS) is seeking a Policies and Standards InfoSec Lead with an exceptional commitment to service excellence to join its team.

As the

Security Risk Policy Management Analyst

, you will be an integral member of the Security Strategy and Governance team of the

Office of the CISO

.

The

Security Risk Policy Management Analyst

is responsible for supporting the development of comprehensive Information Security policies, standards and guidelines across USC. In addition, this role support related policies by ensuring that proper governance within policy standards are aligned with requirements within the policies standards are aligned with requirements within Information Technology Services organization, schools, and departments across the university.

THE WORK YOU WILL DO

The Security Risk Policy Management Analyst Will

• Establishes and maintains comprehensive systems and data security analyses practices, and uses data taken from ongoing analyses to create concise documentation. Monitors compliance actions within an approved Compliance Tracking system, continually reviewing against regulations, policies and laws related to university business.
• Analyzes data stored in multiple systems to ensure integrity of plans, and adherence to established university security internal security policies and practices outlined in the Information Security Governance and Risk Management (ISGRM) Program.
• Provides risk mediation, drafts mitigation or escalation plans, and ensures compliance is met. In coordination with the Information Security Advisor team and the Office of Compliance, addresses non-compliance to established information security practices across the University and analyzes plans of action developed with risk owners.
• Creates, enhances and maintains information security policies and standards development across the policy management lifecycle and supports policy and standards enterprise rollout.
• Supports and assesses IT Operations to identify and gain efficiencies related to existing and new policies and standards repositories.
• Partners with relevant staff, faculty and students to specify, commission, develop, review, approve, implement, maintain, and obtain compliance materials associated with the university’s cybersecurity program.
• Develops and oversees relevancy and accessibility of all internal ISGRM information security-related documentation in a knowledgebase lifecycle and configuration database. By way of lifecycle review and minor data entry, creates and analyzes records maintained for workstations, software, servers, routers, firewalls, network switches, and equipment; ensures all information system security-related documentation is current and accessible to properly authorized individuals.
• Maintains awareness and knowledge of current changes within legal, regulatory, and technology environments which may affect operations. Ensures senior management and staff are informed of any changes and updates in a timely manner. Establishes and maintains appropriate network of professional contacts. Maintains membership in appropriate professional organizations and publications. Attends meetings, seminars and conferences and maintains continuity of any required or desirable certifications, if applicable.

MINIMUM QUALIFICATIONS

• Bachelor’s degree or combined experience/education as substitute for minimum education
• 3 or more years of related experience
• Understanding of regulatory requirements (e.g., GLBA, PCI, FERPA, HIPAA, etc.).
• Broad breadth of technical skills and experience in IT, security and privacy.
• Knowledgeable of information security across all security domains and the relationship between threats, vulnerabilities and information value in the context of risk management.
• Experience in information security policy and standards development, risk management, audit, assessment and/or internal controls. Experience with legal and regulatory requirements and industry security frameworks.
• Experience performing information security risk assessments and risk analysis.
• Demonstrates an understanding of processes, internal control risk management, information security controls, and how they interact together.
• Communicates and presents security risk concisely and effectively in relation to enterprise risk.
• Experience performing information security risk assessments and risk analysis.
• Demonstrates problem-solving skills and relationship management skills.

PREFERRED QUALIFICATIONS

• Bachelor’s or other advanced degree
• 5 or more years of related experience
• Strong understanding of applicable and accepted audit and risk frameworks (e.g., COBIT,
• NIST, ISO) and government guidelines and laws (e.g., FERPA, HIPAA).
• Experienced in information security policies & standards development and presenting to management.
• Strong interviewing skills and ability to adapt communication style based on stakeholder preferences.
• In-depth experience in system hardening, analysis and vulnerability management.
• Proficient in Windows, Linux, and MacOS.
• Experienced in Federated or decentralized environments.

THE ITS TEAM

The ITS vision aligns strategy, business, and services; affirms ITS cultural values; empowers cross-functional teamwork; embraces world-class best practices; and promotes innovation, excellence, agility, and efficiency. To achieve this vision, ITS is committed to providing a modern technology infrastructure that is resilient and delivers the performance necessary to meet the demands of a growing customer base, training in the latest technologies for its highly productive and motivated workforce, outstanding customer experience, and technology services that are aligned with the university’s mission to provide exceptional learning opportunities for students. ITS is creating a workplace where employees can develop cutting-edge skills, take pride in the services they provide, and have access to the roles and career paths that align to their abilities and potential. We are looking for top talent to join us on our journey.

ITS CULTURE

USC’s ITS organization represents a diverse and talented team, committed to supporting a collaborative culture and delivering secure and innovative IT services that are core to the mission of the university. We are also committed to creating and maintaining meaningful partnerships across the university. At ITS, we act with integrity in the pursuit of excellence; embrace diversity, equity, and inclusion; promote well-being; engage in open two-way communication, and are accountable for living our values. ITS strives for a supportive and inclusive culture that encourages employees to do their best work every day and where individuals are recognized and celebrated for their contributions.

ABOUT USC

USC is the leading private research university in Los Angeles—a global center for arts, technology, and international business. With more than 47,500 students, we are located primarily in Los Angeles but also in various US and global satellite locations. As the largest private employer in Los Angeles, responsible for $8 billion annually in economic activity in the region, we offer the opportunity to work in a dynamic and diverse environment, in careers that span a broad spectrum of talents and skills across a variety of academic and professional schools and administrative units. As a USC employee and member of the Trojan Family—the faculty, staff, students, and alumni who make USC a great place to work—you will enjoy excellent benefits, including a variety of well-being programs designed to help individuals achieve work-life balance. USC values diversity and is committed to equal opportunity in employment.

Come join the USC ITS team and work as a trusted partner in shaping an environment of innovation and excellence. Apply today!

The annual base salary range for this position is $90,000 to $125,000. When extending an offer of employment, the University of Southern California considers factors such as (but not limited to) the scope and responsibilities of the position, the candidate’s work experience, education/training, key skills, internal peer equity, federal, state, and local laws, contractual stipulations, grant funding, as well as external market and organizational considerations.

Minimum Education: Bachelor’s degree; Combined experience/education as substitute for minimum education Minimum Experience: 3 years Minimum Field of Expertise: Understanding of regulatory requirements (e.g., GLBA, PCI, FERPA, HIPAA, etc.). Broad breadth of technical skills and experience in IT, security and privacy. Knowledgeable of information security across all security domains and the relationship between threats, vulnerabilities and information value in the context of risk management. Experience in risk management, audit, assessment and/or internal controls. Experience with legal and regulatory requirements and industry security frameworks. Experience performing information security risk assessments and risk analysis. Demonstrates an understanding of processes, internal control risk management, information security controls, and how they interact together. Communicates and presents security risk concisely and effectively in relation to enterprise risk. Experience performing information security risk assessments and risk analysis. Demonstrates problem-solving skills.