DESCRIPTION

UC San Diego is ranked the 9th best public university in the nation by U.S. News and World Report and is the largest employer based in San Diego County. Reporting to the VC-CFO, Information Technology Services (ITS) delivers Enterprise information technology services to the University of California, San Diego (UCSD) under the leadership of the campus Chief Information Officer (CIO).

Information Technology Services (IT Services) uses world-class services and technologies to empower UC San Diego's mission to transform California and the world as a student-centered, research-focused, service-oriented public university. As a strategic member of the UC San Diego community, IT Services embraces innovation in their delivery of IT services, infrastructure, applications, and support. IT Services is customer-focused and committed to collaboration, continuous improvement, and accountability.

Equity, Diversity, and Inclusion are core values at UC San Diego and within Information Technology Services. Crafting a culture around these values allows us to more deeply connect with and appreciate our employees, students, and campus partners. Information Technology Services is continuously working to build a community where we all feel safe, empowered, and encouraged to bring our authentic selves to work. We do this not only because it is what's right, but because we know that diversity drives insight and innovation. We are proud to partner closely UC San Diego's Office for Equity, Diversity, and Inclusion, as their dedication to this mission helps us all to drive change.

The Office of Information Assurance, Trust, and Identity (OIA) within ITS is responsible for the infrastructure, policies, standards and training necessary to ensure the achievement of the security and privacy goals of the University. Collaborating closely with various campus resources and partners, the department identifies, responds to and mitigates information security/privacy risks, threats and vulnerabilities. OIA delivers a comprehensive set of enterprise security services in the areas of security policy, assessment, compliance, consulting, operations, incident response and risk management. The department is responsible for the design, deployment and administration of network, endpoint, application and information asset protection systems. OIA staff also work closely with the IT Infrastructure and Operations department to provide the campus-wide network/security infrastructure.

UC San Diego is establishing itself as a national center of excellence supporting the Cybersecurity Maturity Model Certification (CMMC) program being deployed by the Department of Defense. This position will be dedicated to the management of CMMC compliance artifacts required by the CMMC standards. This includes the management and curation of our system security plans, collection of evidence of compliance, and creating and maintaining required risk assessments. Reporting to the Manager for Security Engineering and Services, the Risk and Compliance Analyst for CMMC is expected to be an experienced security professional who will be part of a team dedicated to supporting CMMC and the research mission at UC San Diego.

RESPONSIBILTIES

• Serves as compliance lead on CMMC assessments and CUI audits performed by UC auditors or external agencies.
• Provides guidance and leadership in monitoring CMMC and CUI compliance and writes regular reports on the status of CMMC and CUI compliance.
• The maintenance of all CMMC related SSP.
• Working with researchers, SDSC staff, and divisional IT staff to document variances from the campus standard SSP.
• Creating and maintaining Plans of Action and Milestones.
• Creating and curating the risk assessments required of the CMMC program

QUALIFICATIONS

• A Bachelor's Degree in Computer Science, Information Security or a closely-related field AND three (3) years of related experience in information security in an enterprise environment; and/or equivalent combination of education and experience.

• Employee must be able to obtain a Federal Security Clearance (if necessary)

• Proven skills applying security controls to computer software and hardware. Solid understanding of information required security policies, standards, industry best practices, and frameworks. (CISO 27K, NIST 800-171, PCI DSS, HIPAA, FERPA, etc.).

• In-depth knowledge of computer hardware, software and network security issues and approaches. Expert knowledge required of various platforms (Windows, Linux, Mac, Android, iOS, etc.), securing Microsoft technologies (Windows, SQL, IIS, AD) and Linux technologies (CentOS, Apache, MySQL).

• Demonstrated knowledge of secure hardware, software and network design techniques.

• Demonstrated ability to effectively p