Assistant Chief Information Security Officer for Governance, Risk and Compliance

Department Marketing Statement:

There is a reason UCSB has been named the Best Place to Work by our local media for several years running. Whether our employees are on our stunning campus, or working remotely or hybrid, they tell us they value the flexibility, stability and rich benefits we offer. Come join us as we support the mission of one of the finest public institutions in the nation. UC Santa Barbara is consistently recognized for excellence across broad fields of study. Set alongside the glorious California coast, our dynamic environment inspires scholarly ambition and creativity. Information Technology Services (ITS), the Campus' central IT unit, contributes to UC Santa Barbara's mission of research, teaching, and community service by partnering with the Campus community to efficiently deliver IT infrastructure and enterprise application services to faculty, students, staff, and affiliates. Join us in supporting the technology making world class research possible!

Benefits of Belonging:

Working at UC means being part of this vibrant institution that shines a light on what is possible. People make UC great, and UC recognizes your contributions by making this a great place to work. Excellent retirement and health are just one of the rewards. Learn more about the benefits of working at UC and why You Belong at UC.

Brief Summary of Job Duties:

Under the general direction of the Chief Information Security Officer (CISO), the Assistant Chief Information Security Officer for Governance, Risk and Compliance, plans, implements and manages the governance, risk and compliance program at UCSB. The Assistant CISO for Risk and Compliance at UCSB will play a pivotal role in managing the university's information security risk and compliance efforts. The Assistant CISO will be responsible for developing, implementing, and overseeing the university's risk management and compliance programs. This includes identifying and assessing security risks, ensuring compliance with relevant regulations and standards, and working collaboratively across departments to support UCSB's information security objectives. This is a critical role that has a major influence on the security posture of UCSB.

Required Qualifications:

• Bachelor's degree in related area and / or equivalent experience / training.
• 7-9 years of working experience in Information security and information technology.
• 1-3 years of experience leading information security teams.
• 4-6 years of experience leading information security risk assessment programs.

Preferred Qualifications:

• 1-3 years of experience managing governance risk and compliance services in a higher education institution.
• 4-6 years of experience working with industry security standards, frameworks, regulations, and best practices. Implementation level knowledge of information security standards and frameworks (e.g., ISO/IEC 27001/27002, PCI-DSS, NIST Cybersecurity Framework, FedRAMP, etc.
• 4-6 years of demonstrated experience conducting risk assessments and developing mitigation plans.

Special Conditions of Employment:

• Satisfactory conviction history background check
• UCSB is a Tobacco-Free environment

Misconduct Disclosure Requirement:

As a condition of employment, the final candidate who accepts a conditional offer of employment will be required to disclose if they have been subject to any final administrative or judicial decisions within the last seven years determining that they committed any misconduct; received notice of any allegation or are currently the subject of any administrative or disciplinary proceedings involving misconduct; have left a position after receiving notice of allegations or while under investigation in an administrative or disciplinary proceeding involving misconduct; or have filed an appeal of a finding of misconduct with a previous employer. "Misconduct" means any violation of the policies or laws governing conduct at the applicant's previous place of employment, including, but not limited to, violations of policies or laws prohibiting sexual harassment, sexual assault, or other forms of harassment, discrimination, dishonesty, or unethical conduct, as defined by the employer. For reference, below are UC's policies addressing some forms of misconduct:

• UC Sexual Violence and Sexual Harassment Policy
• UC Anti-Discrimination Policy
• Abusive Conduct in the Workplace

Job Functions and Percentages of Time:

35% Risk Management

• Develop and manage a comprehensive information security risk management program, including risk assessments, risk mitigation strategies, and continuous monitoring.
• Identify, assess, and prioritize information security risks to the university's information assets, operations, and reputation.
• Collaborate with various departments to ensure that identified risks are adequately mitigated and managed in alignment with the university's risk appetite and policies.
• Regularly review and update risk management processes to adapt to emerging threats and changes in the regulatory landscape.
• Develop and manage the campus information security risk register.

25% Compliance

• Oversee the development, implementation, and maintenance of an information security compliance program that aligns with federal, state, and local regulations, as well as university policies and industry standards (e.g., GDPR, HIPAA, FERPA, PCI-DSS).
• Ensure that the university's information security practices are in compliance with applicable laws, regulations, and contractual obligations.
• Coordinate internal and external audits related to information security, and manage the response to audit findings, ensuring that any issues are addressed in a timely manner.
• Provide regular reports to the CISO and other stakeholders on the status of compliance efforts and any areas of concern.

25% Team Leadership, Supervision, & Operational Support

• Responsible for supervising the daily activities of IT security analysts who plan, design, develop, implement and maintain systems and programs to insure the integrity, reliability and security of data and systems.
• Supervises the development of methods and procedures on new assignments and provides leadership to other members of department.
• Recommends changes to department policies and procedures to enhance effectiveness of functional area.
• Participates in developing and monitoring operational and budget processes, staff FTE, finance, human resources and space planning.
• Participates in the development and monitoring of policies and procedures for department or department operations.
• Recommends hiring of new employees, salary actions, terminations, and performance ratings.
• Provides oversight and/or operational support for the implemented systems.
• Work with the CISO to implement a governance risk and compliance solution.

15% Policy Development, Communication, & Collaboration

• Assist in the development, review, and enforcement of information security policies, standards, and procedures.
• Work closely with the CISO to ensure that policies are aligned with the university's strategic goals and regulatory requirements.
• Educate and train university staff and students on information security policies and best practices, promoting a culture of security awareness and compliance.
• Frequent communication and collaboration with the CISO, OCIO leadership, ITS leadership and technical experts to communicate strategies, approaches, progress, and project status is essential.
• Frequent collaboration with colleagues at UCSB and within the UC is also essential to share ideas, make efficient use of existing work, and share results. Participation on appropriate campus committees and functional work groups is required.

Policy on Vaccination Programs

As a condition of employment, you will be required to comply with the University of California Policy on Vaccinations Programs. As a condition of Physical Presence at a Location or in a University Program, all Covered Individuals* must participate in any applicable Vaccination Program by providing proof that they are Up-to-Date with any required Vaccines or submitting a request for Exception in a Mandate Program or properly declining vaccination in an Opt-Out Program no later than the Compliance Date (Capitalized terms in this paragraph are defined in the policy.). Federal, state, or local public health directives may impose additional requirements.

For more information, please visit:

• UC Santa Barbara COVID-19 Information https://www.ucsb.edu/COVID-19-information
• University of California Policy on Vaccinations https://policy.ucop.edu/doc/5000695/

* Covered Individuals: A Covered Individual includes anyone designated as Personnel or Students under this policy who Physically Access a University Facility or Program in connection with their employment, appointment, or education/training. A person accessing a Healthcare Location as a patient, or an art, athletics, entertainment, or other publicly accessible venue at a Location as a member of the public, is not a Covered Individual.

Equal Opportunity/Affirmative Action Statement

UC Santa Barbara is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age or protected veteran status.

For the University of California's Affirmative Action Policy, please visit: https://policy.ucop.edu/doc/4010393/PPSM-20.

For the University of California's Anti-Discrimination Policy, please visit: https://policy.ucop.edu/doc/1001004/Anti-Discrimination.

Reasonable Accommodations

The University of California endeavors to make the UCSB Job site (https://jobs.ucsb.edu) accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact Katherine Abad in Human Resources at 805-893-4664 or email katherine.abad@hr.ucsb.edu. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.

Privacy Notification Statement and Notice of Availability of the UCSB Annual Security Report Disclosures

Position Number: 40036147

Payroll Title: IT Security Supervisor 2

Job Code: 005937

Job Open Date: 1/13/25

Application Review Begins: 1/29/25; open until filled

Department Code (Name): ISEC (ENTERPRISE SECURITY SERVICES)

Percentage of Time: 100%

Union Code (Name): 99 (Non-Represented)

Employee Class (Appointment Type): Staff (Career)

FLSA Status: Exempt

Classified Indicator Description (Personnel Program): MSP

Salary Grade: Grade 25

Pay Rate / Range: The budgeted salary range that the University reasonably expects to pay for this position is $119,000-$151,900/yr. Salary offers are determined based on final candidate qualifications and experience; the budget for the position; and the application of fair, equitable, and consistent pay practices at the University. The full salary range for this position is $104,900-$198,900/yr.

Work Location: Hybrid or Remote

Working Days and Hours: M-F; 8am - 5pm

Benefits Eligibility: Full Benefits

Type of Remote or Hybrid Work Arrangement, if applicable: Hybrid or Remote

Special Instructions:
For full consideration, please include a resume and a cover letter as part of your application.

Application Status: If you would like to check the status of your application, please log into the Candidate Gateway where you applied and click on 'my activities'.