Career Center

The University of Southern California (USC) Department of Information Technology Services (ITS) is seeking an InfoSec Risk Performance Lead with an exceptional commitment to service excellence to join its team.

As the InfoSec Risk Performance Lead Analyst, you will be an integral member of the Security Strategy and Governance team of the Office of the CISO.

The InfoSec Risk Performance Lead Analyst defines and builds key performance indicators to ensure effectiveness and compliance across information security processes and process owners. The Lead assists in managing evaluation process that determines effectiveness of information security controls and safeguards while ensuring that processes align to regulatory, statutory, and industry requirements, as well as university policy and data classification. In addition, the Lead participates in external and internal compliance audits while serving as a subject matter expert on information security risk strategy and risk appetite.

THE WORK YOU WILL DO

The InfoSec Risk Performance Lead Analyst:

• Develops and implements comprehensive information security strategies and programs to identify and mitigate business risk. Obtains input from key stakeholders across university and partners with data protection manager to define annual risk assessment plan. Recommends programmatic direction, with a high degree of independence, in matters relating to the investigation, impact, and analysis of decisions regarding cyber security risk.
• Creates and maintains key risk indicators (KRIs) and risk appetite in line with the OCISO framework. Ensures information security strategies and risk management are performing at established levels.
• Serves as a subject matter expert (SME) on information security risk strategy and risk appetite. Collaborates with risk performance manager to facilitate the risk acceptance process. Ensures the implications of risk acceptance are understood, risks are accepted at the correct level within the organization, and risk acceptances are tracked and reported on throughout their lifecycle.
• Defines and builds key performance indicators (KPIs) to ensure effectiveness and compliance across information security processes and process owners. Specifies key milestones and metrics, as well as associated budget and resource impacts, to continue an effective risk management program. Partners with data protection manager and governance manager to ensure appropriate reporting and data is provided to manage risk.
• Assists in managing evaluation process that determines effectiveness of information security controls and safeguards. Ensures processes align to regulatory, statutory, and industry requirements, as well as university policy and data classification. Participates in external and internal compliance audits (e.g., PCI DSS, HIPAA Security Rule, NIST, GLBA Safeguards). Engages and partners with enterprise and local entities in preparation of compliance audits. Helps track adherence to policy and standards through control evaluation.
• Maintains currency of changes in laws, regulations, and technologies which may affect operations. Ensures senior management and staff are informed of any changes and updates in a timely manner. Establishes and maintains appropriate network of professional contacts. Participates in professional organizations (e.g., attends meetings, seminars, and conferences). Reads pertinent publications. Maintains continuity of any required or desirable certifications, if applicable.
• Promotes an environment that fosters inclusive relationships and creates unbiased opportunities for contributions through ideas, words, and actions that uphold principles of the USC Code of Ethics.

MINIMUM QUALIFICATIONS

• Bachelor's degree or combined experience/education as substitute for minimum education
• 5 years’ experience of directly related experience in information security or risk management.
• Demonstrated understanding of information security across all security domains and the relationship between threats, vulnerabilities, and information value in the context of risk management.
• Experience with legal and regulatory requirements and industry security frameworks.
• Demonstrated understanding of processes, internal control risk management, information security controls, and how they interact together.
• Experience performing information security risk assessments and risk analysis.
• Demonstrated strong understanding of regulatory requirements (e.g., GLBA, PCI, FERPA, HIPAA).
• Ability to communicate and present security risk concisely and effectively in relation to enterprise risk based on the appropriate level of management and stakeholder groups.
• Demonstrated leadership and problem-solving skills.
• Ability to work closely with business leaders in a high pressure, fast-paced, highly collaborative environment with multiple deadlines and competing priorities.
• Ability to understand data analytics and dashboarding.

PREFERRED QUALIFICATIONS

• Bachelor’s degree in information security, information science, computer science, or related field.
• 7 or more years’ experience in information security or risk management.
• Strong understanding of applicable and accepted audit and risk frameworks (e.g., COBIT, NIST, ISO) and government guidelines and laws (e.g., FERPA, HIPAA).
• Experienced in presenting to management.
• Strong interviewing skills and ability to adapt communication style based on stakeholder preferences.
• In-depth experience in system hardening, analysis, and vulnerability management.
• Proficient in Windows, Linux, and Mac OS.
• Experienced in Federated or decentralized environments.

THE ITS TEAM

The ITS vision aligns strategy, business, and services; affirms ITS cultural values; empowers cross-functional teamwork; embraces world-class best practices; and promotes innovation, excellence, agility, and efficiency. To achieve this vision, ITS is committed to providing a modern technology infrastructure that is resilient and delivers the performance necessary to meet the demands of a growing customer base, training in the latest technologies for its highly productive and motivated workforce, outstanding customer experience, and technology services that are aligned with the university’s mission to provide exceptional learning opportunities for students. ITS is creating a workplace where employees can develop cutting-edge skills, take pride in the services they provide, and have access to the roles and career paths that align to their abilities and potential.  We are looking for top talent to join us on our journey.

ITS CULTURE

USC’s ITS organization represents a diverse and talented team, committed to supporting a collaborative culture and delivering secure and innovative IT services that are core to the mission of the university. We are also committed to creating and maintaining meaningful partnerships across the university. At ITS, we act with integrity in the pursuit of excellence; embrace diversity, equity, and inclusion; promote well-being; engage in open two-way communication, and are accountable for living our values. ITS strives for a supportive and inclusive culture that encourages employees to do their best work every day and where individuals are recognized and celebrated for their contributions.

ABOUT USC

USC is the leading private research university in Los Angeles—a global center for arts, technology, and international business. With more than 47,500 students, we are located primarily in Los Angeles but also in various US and global satellite locations. As the largest private employer in Los Angeles, responsible for $8 billion annually in economic activity in the region, we offer the opportunity to work in a dynamic and diverse environment, in careers that span a broad spectrum of talents and skills across a variety of academic and professional schools and administrative units. As a USC employee and member of the Trojan Family—the faculty, staff, students, and alumni who make USC a great place to work—you will enjoy excellent benefits, including a variety of well-being programs designed to help individuals achieve work-life balance. USC values diversity and is committed to equal opportunity in employment.

Come join the USC ITS team and work as a trusted partner in shaping an environment of innovation and excellence. Apply today!

The annual base salary range for this position is $130,000 - $150,000. When extending an offer of employment, the University of Southern California considers factors such as (but not limited to) the scope and responsibilities of the position, the candidate’s work experience, education/training, key skills, internal peer equity, federal, state, and local laws, contractual stipulations, grant funding, as well as external market and organizational considerations.

MINIMUM QUALIFICATIONS Candidates for the position of Information Security Risk Performance Lead must meet the following qualifications: • Bachelor’s degree; however, combined education/experience as substitute for minimum education• 5 years of directly related experience in Information Security or Risk Management• Experience in performance management, audit, assessment and/or internal controls• Experience with legal and regulatory requirements and industry security frameworks• Experience performing information security risk assessments and risk analysis• Demonstrated strong understanding of regulatory requirements (such as: GLBA, PCI, FERPA, HIPAA, etc.)• Demonstrated understanding of information security across all security domains and the relationship between threats, vulnerabilities, and information value in the context of risk management• Demonstrated understanding of processes, internal control risk management, information security controls, and how they interact together• Ability to communicate and present security risk concisely and effectively in relation to enterprise risk based on the appropriate level of management and stakeholder groups• Demonstrated leadership and problem-solving skills• Ability to work closely with business leaders in a high pressure, fast paced, highly collaborative environment with multiple deadlines and competing priorities• Ability to understand data analytics and dashboarding

Return to Search Results