The University of Southern California (USC) department of Information Technology Services (ITS) is seeking an Information Security Risk Performance Lead  with an exceptional commitment to service excellence to join its team.

   

As the Information Security Risk Performance Lead  you will be an integral member of the Office of the Chief Information Security Officer (OCISO): Governance, Risk, and Compliance (GRC) unit, collaborating with diverse and talented team members to help solve multidimensional information technology problems, improve customer experience, and generate value for our campus stakeholders across a broad base of departments and constituencies. 

THE WORK YOU WILL DO 

The Information Security Risk Performance Lead is responsible for a risk-based performance management approach to USC’s information security to ensure information security strategies and risk management are integrated and performing at expected levels. This role will assist in managing the mechanisms that determine and report on USC’s approved information security risk appetite performance as it relates to the information security strategies both at the enterprise and local levels, coupled with the investment analysis to manage Key Performance Indicators (KPI’s). This role will assist in managing the enterprise information security compliance expectations and partner with the relevant USC legal and compliance entities to meet requirements such as HIPAA Security Rule, PCI, DSS, FERPA, GLBA Safeguards, etc. The Information Security Risk Performance Lead assists in managing the evaluation of the effectiveness of information security controls and safeguards as it relates to the protection of USC data and relevant requirements.

The Information Security Risk Performance Lead :

• Develops and operates a comprehensive Information Security strategies and programs to prioritize and mitigate business risk. Create and maintain an agreed upon Risk Appetite and Key Risk Indicators (KRIs) in line with the OCISO GRC Risk Framework.

• Serves as a Subject Matter Expert (SME) on the organization’s strategy for the information security risk strategy and appetite, ensures the process aligns to regulatory, statutory and industry requirements and USC policy and data classification. Recommends programmatic direction with a high degree of independence in matters relating to the investigation, impact, and analysis of decisions regarding cyber security risk.

• Defines and partners with the Data Protection & Risk Manager for an annual risk assessment plan and obtains input from key stakeholders across the university. Shows key milestones, metrics, KPIs, associated budget and resource impacts to continue an effective risk management program that meets USC’s standards.

• Engages and partners with enterprise and local entities in preparation of and participates in external and internal compliance audits (PCI DSS, HIPAA Security Rule, NIST, GLBA Safeguards, ISO 27001:2013, etc.)

• Helps track the overall validation of adherence to policy and standards through control evaluation. Ensures performance of the enterprise and local of information security controls through assessment, remediation and escalation.

• Works with the Risk Performance Manager to facilitate the risk acceptance process to ensure the implications of risk acceptance are understood, risks are accepted at the correct level within the organization, and risk acceptances are tracked and reported on throughout their lifecycle.

• Defines and builds the Key Performance Indicators (KPIs) to assure effectiveness and compliance across information security processes and process owners. Partners with Data Protection & Risk Manager and Governance Manager to ensure reporting is provided to manage risk at the right level at USC through the established governance processes.

• Maintains awareness and knowledge of current changes within legal, regulatory, and technology environments which may affect operations. Ensures senior management and staff are informed of any changes and updates in a timely manner. Establishes and maintains appropriate network of professional contacts. Maintains membership in appropriate professional organizations and publications. Attends meetings, seminars and conferences and maintains continuity of any required or desirable certifications, if applicable.

• Performs other duties as assigned or requested. The university reserves the right to add or change duties at any time.

PREFERRED QUALIFICATIONS 

The ideal candidate for the position of Information Security Risk Performance Lead  has the following qualifications: 

• Bachelor’s degree

• 3+ years’ experience in Information Security

• Strong knowledge of information security, Risk Governance, Risk Management

• Data analytics and risk processing skills

• Large Enterprise or complex entity related experience

MINIMUM QUALIFICATIONS  

Candidates for the position of Information Security Risk Performance Lead  must meet the following qualifications: 

• Bachelor’s degree; however, combined education/experience as substitute for minimum education

• 2 years of directly related experience in Information Security or Risk Management

• Experience in performance management, audit, assessment and/or internal controls

• Experience with legal and regulatory requirements and industry security frameworks

• Experience performing information security risk assessments and risk analysis

• Demonstrated strong understanding of regulatory requirements (such as: GLBA, PCI, FERPA, HIPAA, etc.)

• Demonstrated understanding of information security across all security domains and the relationship between threats, vulnerabilities, and information value in the context of risk management

• Demonstrated understanding of processes, internal control risk management, information security controls, and how they interact together

• Ability to communicate and present security risk concisely and effectively in relation to enterprise risk based on the appropriate level of management and stakeholder groups

• Demonstrated leadership and problem-solving skills

• Ability to work closely with business leaders in a high pressure, fast paced, highly collaborative environment with multiple deadlines and competing priorities

• Ability to understand data analytics and dashboarding

THE ITS TEAM 

The ITS vision aligns strategy, business, and services; affirms ITS cultural values; empowers cross-functional teamwork; embraces world-class best practices; and promotes innovation, excellence, agility, and efficiency. To achieve this vision, ITS is committed to providing a modern technology infrastructure that is resilient and delivers the performance necessary to meet the demands of a growing customer base, training in the latest technologies for its highly productive and motivated workforce, outstanding customer experience, and technology services that are aligned with the university’s mission to provide exceptional learning opportunities for students. ITS is creating a workplace where employees can develop cutting-edge skills, take pride in the services they provide, and have access to the roles and career paths that align to their abilities and potential.  We are looking for top talent to join us on our journey. 

ITS CULTURE 

USC’s ITS organization represents a diverse and talented team, committed to supporting a collaborative culture and delivering secure and innovative IT services that are core to the mission of the university. We are also committed to creating and maintaining meaningful partnerships across the university. At ITS, we act with integrity in the pursuit of excellence; embrace diversity, equity and inclusion; promote well-being; engage in open two-way communication and are accountable for living our values. ITS strives for a supportive and inclusive culture that encourages employees to do their best work every day and where individuals are recognized and celebrated for their contributions. 

ABOUT USC 

USC is the leading private research university in Los Angeles—a global center for arts, technology, and international business. With more than 47,500 students, we are located primarily in Los Angeles but also in various US and global satellite locations. As the largest private employer in Los Angeles, responsible for $8 billion annually in economic activity in the region, we offer the opportunity to work in a dynamic and diverse environment, in careers that span a broad spectrum of talents and skills across a variety of academic and professional schools and administrative units. As a USC employee and member of the Trojan Family—the faculty, staff, students, and alumni who make USC a great place to work—you will enjoy excellent benefits, including a variety of well-being programs designed to help individuals achieve work-life balance. USC values diversity and is committed to equal opportunity in employment. 

Come join the USC ITS team and work as a trusted partner in shaping an environment of innovation and excellence. Apply today!