At the University of California, Berkeley, we are committed to creating a community that fosters equity of experience and opportunity, and ensures that students, faculty, and staff of all backgrounds feel safe, welcome and included. Our culture of openness, freedom and belonging make it a special place for students, faculty and staff.
The University of California, Berkeley, is one of the world's leading institutions of higher education, distinguished by its combination of internationally recognized academic and research excellence; the transformative opportunity it provides to a large and diverse student body; its public mission and commitment to equity and social justice; and its roots in the California experience, animated by such values as innovation, questioning the status quo, and respect for the environment and nature. Since its founding in 1868, Berkeley has fueled a perpetual renaissance, generating unparalleled intellectual, economic and social value in California, the United States and the world.
We are looking for equity-minded applicants who represent the full diversity of California and who demonstrate a sensitivity to and understanding of the diverse academic, socioeconomic, cultural, disability, gender identity, sexual orientation, and ethnic backgrounds present in our community. When you join the team at Berkeley, you can expect to be part of an inclusive, innovative and equity-focused community that approaches higher education as a matter of social justice that requires broad collaboration among faculty, staff, students and community partners. In deciding whether to apply for a position at Berkeley, you are strongly encouraged to consider whether your values align with our Guiding Values and Principles, our Principles of Community, and our Strategic Plan.
The Information Security Office (ISO) coordinates the risk management process for UC Berkeley's information systems and directs campus-wide efforts to adequately secure Institutional data. ISO is led by the Chief Information Security Officer and consists of five teams: Policy and Outreach, Security Operations, Development and Engineering, Identity Management, and Security Assessments. This position is part of the Security Assessments team and reports to the Security Assessments Supervisor.
The Office of the CIO and Information Services & Technology (OCIO/IST) believe in and foster a workplace environment where people can bring their diverse skills, perspectives and experiences toward achieving our goals through a process of critical inquiry, discovery, innovation, while simultaneously committing to making positive contributions towards the betterment of our world.
In addition, members of the OCIO/IST community have created and endorse the following values for our organization to augment and amplify the campus principles:
We champion diversity. We act with integrity. We deliver. We innovate.
Diversity, Inclusion, and Belonging are more than just suggestions for us. They are the guiding principles underlying how we come together, develop leaders at all levels of the organization, and create an environment that unites us. We affirm the dignity of all individuals, call upon our leaders to address critical issues with integrity and intention, respect our differences as well as our commonalities, and strive to uphold a just community free from discrimination and hate.
Application Review Date
The First Review Date for this job is: 3/23/2022
Position Overview The Information Security Analyst (ISA) will perform security assessments of:
Units (divisions and departments)
IT systems and services
The ISA will also provide consulting services to campus stakeholders. The primary focus is to support units in managing information security risk and achieving alignment with external compliance requirements and information security policies. External compliance requirements include but are not limited to:
California State Committee for the Protection of Human Subjects (CPHS)
Payment Card Industry Data Security Standard (PCI-DSS)
Health Insurance Portability and Accountability Act (HIPAA)
Conduct security assessment services in accordance with standard approaches.
Determine whether security controls are implemented to manage risk to an acceptable level.
Document evidence gathered, results of procedures performed, and findings identified.
Communicate assessment results and make recommendations through meetings and assessment reports.
Provide advice and guidance on classifying data and information systems.
Provide advice and guidance on adherence to information security policy, standards, and guidelines.
Participate in workgroups in support of establishing and maintaining information security policies, standards, and guidelines.
Work independently or as a part of a team on projects to further ISO's strategic priorities.
Team up with other campus security analysts to analyze emerging threats and development of risk action plans.
Gather information, analyze, and resolve security tickets on a periodic analyst rotation (during normal business hours).
Minimum of 1-2 years of experience in information security (e.g., IT/security audit, IT risk assessment, security administrator, security analyst/engineer, compliance analyst, security consultant, or penetration tester).
Ability to assess risk and evaluate the design and implementation of administrative, physical, and technical security controls.
Excellent written and oral communication skills, including the ability to compose concise and accurate assessment reports as well as the ability to articulate key points to both technical and non-technical audiences.
Demonstrated ability to:
Quickly understand diverse and complex business environments
Interface with a variety of personalities
Contribute within a team of security professionals, as well as the capability to work independently with only general direction
General knowledge of:
Risk and security control assessment methodologies and practices
Exception management practices
Information security standards such as ISO 27001, and CIS Critical Security Controls, NIST CSF, and NIST 800-53
Information security laws and regulations (e.g., PCI DSS and HIPAA)
Information and information system classification models
Information security technologies and methods to design and implement security controls (e.g., basic cryptographic principles, common secure communications protocols, host security, network security, etc.)
Salary & Benefits
Salary commensurate with experience. For information on the comprehensive benefits package offered by the University visit:
Please submit your cover letter and resume as a single attachment when applying.
This position is eligible for full-remote work (telecommuting) based on candidate availability and business needs.
Conviction History Background
This is a designated position requiring fingerprinting and a background check due to the nature of the job responsibilities. Berkeley does hire people with conviction histories and reviews information received in the context of the job responsibilities. The University reserves the right to make employment contingent upon successful completion of the background check.
Equal Employment Opportunity
The University of California is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status. For more information about your rights as an applicant see:
The University of California was chartered in 1868 and its flagship campus - envisioned as a "City of Learning" - was established at Berkeley, on San Francisco Bay. Today the world's premier public university and a wellspring of innovation, UC Berkeley occupies a 1,232 acre campus with a sylvan 178-acre central core. From this home its academic community makes key contributions to the economic and social well-being of the Bay Area, California, and the nation.