At the University of California, Berkeley, we are committed to creating a community that fosters equity of experience and opportunity, and ensures that students, faculty, and staff of all backgrounds feel safe, welcome and included. Our culture of openness, freedom and belonging make it a special place for students, faculty and staff.
The University of California, Berkeley, is one of the world’s leading institutions of higher education, distinguished by its combination of internationally recognized academic and research excellence; the transformative opportunity it provides to a large and diverse student body; its public mission and commitment to equity and social justice; and its roots in the California experience, animated by such values as innovation, questioning the status quo, and respect for the environment and nature. Since its founding in 1868, Berkeley has fueled a perpetual renaissance, generating unparalleled intellectual, economic and social value in California, the United States and the world.
We are looking for equity-minded applicants who represent the full diversity of California and who demonstrate a sensitivity to and understanding of the diverse academic, socioeconomic, cultural, disability, gender identity, sexual orientation, and ethnic backgrounds present in our community. When you join the team at Berkeley, you can expect to be part of an inclusive, innovative and equity-focused community that approaches higher education as a matter of social justice that requires broad collaboration among faculty, staff, students and community partners. In deciding whether to apply for a position at Berkeley, you are strongly encouraged to consider whether your values align with our Guiding Values and Principles, our Principles of Community, and our Strategic Plan.
Application Review Date
The First Review Date for this job is: 6/19/2020
The Information Security Office (ISO) coordinates the risk management process for UC Berkeley's information systems and directs campus-wide efforts to adequately secure Institutional data. ISO is led by the Chief Information Security Officer and consists of five teams: Policy and Outreach. Service Management, Security Operations, Development and Engineering, and Security Assessments. This position is part of the Security Assessments team and reports to the Security Assessments Manager.
The Security Assessments team is a group of talented, and high-performing information security professionals, dedicated to reducing institutional risk through the critical analysis of information technology systems. The team excels at investigation and analysis. As part of this highly-technical group, you will encounter a wide variety of information systems that meet the needs of researchers, students, and administrators. You will have the opportunity to evaluate and critically analyze applications, networks, and systems in a complex, heterogeneous environment. Your work will have a direct and meaningful impact on data security at a world-class research institution.
Key responsibilities include:
- Conduct security assessments across the institution.
- Analyze assessment results to identify risks to institutional data.
- Consult with institutional stakeholders to assess systems and processes against both internal campus security policy and external compliance requirements.
- Document assessment findings and remediation plans, and present reports to campus stakeholders and external vendors.
- Provide technical advice and consultation to personnel involved with development, deployment, administration, and security of the institution's systems, services, and IT policies.
- Interface with the campus Controller's office advising on best practices and assisting in addressing routine issues to comply with the PCI Data Security Standards.
- Participate in the documentation of assessment and compliance efforts including campus security requirements, guidelines, and processes.
- Stay informed about the latest developments in the information security field and contribute to outreach efforts for educating campus users on emerging threats.
- Significant (mid-career) Information Security or compliance work experience.
- General knowledge of information security topics (e.g., basic cryptographic principles, common network protocols, information systems auditing, packet analysis, intrusion detection, computer forensics, web server configuration best practices, etc.).
- Excellent written and oral communication skills, including the ability to compose concise and accurate assessment reports as well as the ability to articulate risks and key points to both technical and non-technical audiences.
- Demonstrated ability to quickly understand diverse and complex business environments.
- Demonstrated ability to interface with a variety of personalities.
- Ability to contribute within a team of security professionals, as well as the capability to work independently with only general direction.
- Alignment with our campus mission of excellence in teaching, research, and public service, and appreciation for how this affects our approaches to Information Security.
- ISO 27000 and NIST (800-53, 800-171) information security standards
- FERPA, PCI DSS, HIPAA, FISMA compliance
- Information risk management concepts and application
- Web application security and development best practices
Cloud and vendor security standards and assessment frameworks (CSA, SOC 2), including vendor and contract management issues
- UC Berkeley campus and system-wide (Office of the President) security policies and standards, or similar policies and standards in higher education and/or research environments
Salary & Benefits
Salary commensurate with experience. For information on the comprehensive benefits package offered by the University visit:
How to Apply
Please submit your cover letter and resume as a single attachment when applying.
The Office of the CIO and Information Services & Technology (OCIO/IST) believe in and foster a workplace environment where people can bring their diverse skills, perspectives and experiences toward achieving our goals through a process of critical inquiry, discovery, innovation, while simultaneously committing to making positive contributions towards the betterment of our world. In addition, members of the OCIO/IST community have created and endorse the following values for our organization to augment and amplify the campus principles:
We champion diversity.
We act with integrity.
Diversity, Inclusion, and Belonging are more than just suggestions for us. They are the guiding principles underlying how we come together, develop leaders at all levels of the organization, and create an environment that unites us. We affirm the dignity of all individuals, call upon our leaders to address critical issues with integrity and intention, respect our differences as well as our commonalities, and strive to uphold a just community free from discrimination and hate.
Conviction History Background
This is a designated position requiring fingerprinting and a background check due to the nature of the job responsibilities. Berkeley does hire people with conviction histories and reviews information received in the context of the job responsibilities. The University reserves the right to make employment contingent upon successful completion of the background check.
Equal Employment Opportunity
The University of California is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status.
For more information about your rights as an applicant see:
For the complete University of California nondiscrimination and affirmative action policy see: