We are currently seeking a Risk Management Lead to join our Office of the CISO - Governance and Risk, and Compliance team within the Information Technology Services (ITS) department here at the University of Southern California. The Risk Management Lead will be responsible for continuing the maturation of the third-party security risk management program, leading third-party risk assessments, defining data sharing and third-party information security contractual requirements, and lead the relationship with a managed service. This role will lead analysis of all USC information security risks including risk scoring and risk reduction. The Lead will partner with stakeholders and team members to ascertain comprehensive risk remediation plans are gathered. This role will partner closely with other GRC team members to collaborate on compliance and governance requirements for information security risks.
The ideal candidate must possess five years of experience in Information Technology (or Information Security), three years of experience in risk management, and one year in a lead or supervisory role. The ideal candidate should possess experience with building a new program, legal and regulatory requirements, NIST, ISO 27001 or CIS, and experience performing information risk analysis and risk remediation planning.
Must have a Bachelorâs degree or combined education/experience as substitute for minimum education minimum of 5 years of directly related experience in Information Technology (or Information Security)
Experience in risk analysis and remediation planning
Knowledgeable in NIST, ISO 27001, CIS or equivalent
Demonstrated understanding of information security in the context of risk management
Demonstrated understanding of third-party risk management processes and relevant information security controls
Demonstrated understanding of information security contractual agreements
Ability to communicate and present information security risk concisely and effectively
Demonstrated leadership and problem-solving skills
Possesses ability to adjust communication and response style based on client, management or third party needs
Competency in customer focus, change & innovation, relationship thinking, relationship building & influencing and results focused
Ability to lead effectively and work closely with leaders in fast paced, highly collaborative environment
Leads the third-party security risk management program to monitor and analyze risks associated with third parties in scope, and determines overall information risk profile and health of the third parties.
Works with and manages partnerships with procurement and related groups to define the information security contractual requirements
Partners with stakeholders to gather the information security risk treatment plans based on established risk-level, service-level agreements (SLAs), or on risk decisions from chartered governing bodies
Leads and defines third-party security risk management requirements, security risk profiling and risk assessment process
Maintains process for assigning risk ratings to new third parties and vendors
Contributes to the enhancement in tools and methodologies used for risk management lifecycle
Reassesses or redefines priorities as appropriate in order to achieve performance objectives.
Maintains awareness and knowledge of current changes within legal, regulatory, and technology environments which may affect operations.
Ensures senior management and staff are informed of any changes and updates in a timely manner.
Minimum Education: Bachelor's degree
Combined experience/education as substitute for minimum education
Minimum Experience: 5 years
Minimum Field of Expertise:
5 or more years of demonstrated IT experience, with at least 3 years in information security.
Working knowledge of risk management lifecycle, NIST, ISO 27001, CIS or similar, third party risk management
Experience in risk management concepts
Exceptional organizational skills to balance work and lead projects.
Strong, professional written and verbal communication skills.
Preferred Education: Bachelor's degree
Preferred Experience: 7 years
Preferred Field of Expertise:
Strong understanding of risk management frameworks and processes
Large complex, federated organization related experience.
Communication -- written and oral skills
Problem identification and resolution
Supervisory Level: May oversee student, temporary and/or resource workers.
Nature of Work: Administrative Professional/Paraprofessional
The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified.
Minimum EducationBachelor's DegreeCombined education/experience as substitute for minimum educationMinimum Experience:5 yearsMinimum Field of Expertise:Five or more years of demonstrated IT experience, with at least two years in information security. Working knowledge of Windows-based platforms, application and TCP/IP network security technologies, information security concepts, principles and components of a comprehensive information security program. Experience in Application Security concepts, Control frameworks and control objectives. Aptitude for and interest in information and application security. Exceptional organizational skills to balance work and lead projects. Strong, professional written and verbal communication skills.
USC’s Viterbi School of Engineering has been one of the economic engines in Southern California and a vital hub in the California economy. The technical innovations and ideas generated by the Viterbi faculty and research community have resulted in countless innovations, many becoming the foundations for new companies, products and services. The thousands of students graduating each year bring new ideas and vitality to companies in California and beyond. With an annual research budget exceeding $205M each year, more than 46 research centers and institutes, more than 180 faculty members, 7,800 students and over 60,000 impassioned alumni world-wide, the Viterbi School is addressing some of the world’s great challenges.