Sign In
 [New User? Sign Up]
Mobile Version

Information Security Operations Director (0592)

University of California Office of the President

Oakland, California 94607
Job Type:
Job Status:
Full Time
  • Information Technology
  • Management
University of California Office of the President
  • Save Ad
  • Email Friend
  • Print

Job Details

Information Security Operations Director (0592)

University of California Office of the President

Requisition Number: 20180125

Appointment Type: Staff - Career

Personnel Program: MSP

Work Hours: Monday - Friday, 8:00 am - 5:00 pm

Percentage of Time: 100

Organizational Area: Information Technology Services - Systems Development

Location: Oakland, CA

Posting Salary: salary to commensurate with experience

Position Summary:
Under the general guidance of the Chief Technology Officer and in coordination with the System-Wide CISO and other UC Information Security colleagues, the Director of Information Security Operations acts as the operational information security officer for the University of California Office of the President location (UCOP) - responsible for ensuring the confidentiality, integrity and availability of the University's information assets.

The Director oversees the delivery of critical operational security functions and services including identity management, incident response, breach management, and network intrusion detection. In addition, the Director interprets UC privacy and security policy, manages the UCOP information risk governance process, guides the acquisition/implementation of security technologies, capably represents UCOP policy makers and senior administrators, and actively participates in system-wide committees developing information security policy, standards and practices.

Successful candidates will demonstrate the ability to provide leadership and hands-on execution across a broad range of complex security, privacy and risk-related issues as they understand business needs, evaluate risk and expeditiously develop prevention and mitigation strategies in a large, complex organization.

The ideal candidate is a thought leader, a consensus builder and an integrator of people and processes. This position requires initiative, original thinking and judgment as you interpret policy and apply technical solutions to protect networks, electronic systems and data while maintaining objectivity and the understanding that security is one of many activities in service of the University of California's education, research, public health, and community service missions.

Erroneous decisions will have a serious impact on the overall success of the Office of the President.

Special Conditions of Employment:
Travel outside of normal business hours

Other Special Conditions of Employment:
Successful completion of a background check is required for this critical position.

Job Close Date:


Duty 1: Defines and implements an annualized set of strategic goals, aligned with a portfolio of prioritized controls that provide ongoing oversight, management, performance measurement, and course correction of all cybersecurity activities - including compliance with internal and external policies and regulations.
Function:Program Management
Percent: 20

Duty 2: Manages a team of engineers, analysts and information security specialists to develop, implement, and continually improve controls, standards, and processes that proactively protect, shield and defend from cyber threats, and prevent the occurrence of cybersecurity incidents in order to ensure the security of all Office of the President services, systems and user access.
Percent: 20

Duty 3: Develops and manages a robust, multilayered information security program consisting of people, process and technology to ensure appropriate controls and safeguards are in place and operationally effective. The program will meet and support all requirements set forth by regulatory agencies; security, compliance and governance authorities within the UC Office of the President; and IT executive leadership.
Percent: 15

Duty 4: Monitors operations and actively hunts for and detects adversaries and instances of suspicious and unauthorized events as well as leads periodic security risk and gap assessments and defines and leads action plans for prioritized remediation of vulnerabilities.
Percent: 15

Duty 5: Manages Office of the President information security operations policies, standards, procedures, and guidelines to ensure they are in compliance with UCOP and system-wide strategy and regularly reviewed to reflect changing threat landscapes, institutional conditions, regulatory requirements, and industry best practices. Ensures the proper functioning of information risk governance at the Office of the President, obtaining senior leadership consensus on information security operations strategy, reporting to senior leadership the current state of UCOP information security programs, and balancing information security with privacy concerns for the institution. Ensures UCOP adheres to our financial audit findings and manages the IT and functional business response to any finding to ensure the appropriate remediation is in place.
Function:Policy, Governance and Compliance
Percent: 10

Duty 6: Collaborates with internal stakeholders and leadership, as well as system-wide and industry peers and subject matter experts to identify, roadmap and deliver efficient and effective information security operations and cyber threat prevention solutions.
Function:Stakeholder Engagement
Percent: 5

Duty 7: Directly manages communication and awareness methods to drive and integrate Office of the President IT privacy and security strategies to reach all constituents, faculty, staff, students, and affiliates in order to minimize the impact of cybersecurity incidents by supporting the return of UCOP assets (technology, information, people, facilities, supply chains) to normal as soon as possible.
Percent: 5

Duty 8: Work with other stakeholders and leaders to ensure that a security requirements framework is included in all system/software/hardware due diligence, acquisition, development, and implementation, particularly ensuring requirements are addressed, architected and documented at the outset of implementation. Ensures that security requirements are included in all Disaster Recovery & Business Continuity initiatives.
Percent: 5

Duty 9: Interacts with law enforcement and key departments and functions across the Office of the President on issues of significance that involve compliance of Office of the President electronic information resources and policies; serves as the Office of the President authority and representative in campuswide, systemwide or national meetings regarding privacy, security, policy, and communication expertise in the higher education sector.
Function:Consultation and Representation
Percent: 5

Job Requirements
Bachelor's degree in related area and/or equivalent experience/training.

5+ years of experience managing an information security organization.

In-depth knowledge of information technology security functional areas and best practices including ISO 2700X, COBIT/Risk IT, and the NIST Cybersecurity and CERT Resilience Management Frameworks.

Thorough understanding of privacy and security regulations, including federal and state laws, policies and standards relevant to higher education.

Excellent enterprise security architecture, design and technology skills developed deploying and supporting SIEM, DLP/CASB, VPN, DMZ, intrusion detection and prevention, encryption, anti-virus and malware, and related solutions.

Comprehensive grasp of the identity and access management domain including process, technologies and best practices.

Well-developed management skills, including the ability to establish priorities, develop/manage a budget, consistently meet strategic deadlines, effectively support operational needs, and manage technical staff in a complex, multi-dimensional environment characterized by some degree of ambiguity and competing demands for scarce resources.

Demonstrated leadership expertise in determining and recommending actions and affecting change across the organization, providing a clear understanding and the information necessary for departments and individuals to carry out their responsibility for information security risk management.

Excellent communication skills, including the ability to effectively present technical topics to large groups with varied levels of technical sophistication and demonstrated experience influencing or gaining acceptance from others in sensitive situations without damage to the relationship.

Detailed knowledge of technical concepts and basic operating principles of data communications, computer hardware, vendor IT products, and software.

Extensive experience leading and leveraging key IT Service, Lifecyle, Program, and Project Management methodologies and practices.

Experience in the management of ongoing technology infrastructure acquisition and expansion, including the identification and integration of suitable emerging technologies.

Ability to understand the process involved to adapt, integrate, and modify existing programs or vendor-supplied products for use within a large and complex technical environment.

License Certifications:

Certified Information Systems Security Professional (CISSP)

Certified Information Security Manager (CISM)

ITIL Foundation

Advanced degree preferred.

How to Apply
For complete job description and application instructions, visit:

About us
The University of California, one of the largest and most acclaimed institutions of higher learning in the world, is dedicated to excellence in teaching, research and public service. The University of California Office of the President is the corporate headquarters to the ten campuses, five medical centers and three Department of Energy National Labs and enrolls premier students from California, the nation and the world.

The University of California is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, age or protected veteran status.

Copyright ©2017 Inc. All rights reserved.

Posted by the FREE value-added recruitment advertising agency