Chief Information Security Officer (0544U) #22813

The University of California, Berkeley, is one of the world's most iconic teaching and research institutions. Since 1868, Berkeley has fueled a perpetual renaissance, generating unparalleled intellectual, economic and social value in California, the United States and the world. Berkeley's culture of openness, freedom and acceptance‚€”academic and artistic, political and cultural‚€”make it a very special place for students, faculty and staff.
Berkeley is committed to hiring and developing staff who want to work in a high performing culture that supports the outstanding work of our faculty and students. In deciding whether to apply for a staff position at Berkeley, candidates are strongly encouraged to consider the alignment of the Berkeley Workplace Culture with their potential for success at http://jobs.berkeley.edu/why-berkeley.html.
Departmental Overview
The Office of the Chief Information Officer (OCIO) includes eight departments and functions that directly report to the Associate Vice Chancellor for Information Technology and Chief Information Officer (AVC-IT & CIO). These reporting units include more than 290 staff and 30 student employees. The AVC-IT & CIO directly manages an operating budget of approximately $80 million which includes about $35 million of recharge revenue, and $1 million in grants and contracts.
The Chief Information Security Officer (CISO) provides leadership to campus-wide committees and workgroups of campus policy-makers, senior administrators, and lead technical staff from various departments in the active analysis, discussion and development of information security policy and strategic campus technology directions. The Chief Information Security Officer directs and coordinates the campus information risk governance program and co-chairs the associated committee with the Campus Privacy Officer . Represents campus policy makers and senior administrators and provide leadership in system-wide committees developing broad information security policy, standards and practices, addressing institutional decisions on the balance of privacy and information security and guiding the acquisition of advanced security technology. Deals with a broad range of complex security, privacy and risk-related issues in information technologies and relate to the varying needs and viewpoints of the constituents that use them. Moreover, the incumbent must be able to evaluate risk, be able to act expeditiously in making decisions and understand the factors associated with decision-making in a technological environment and within the larger institutional context with competing values and objectives. The objectives are to adequately secure institutional information and campus IT resources and manage the risk of a compromise of the confidentiality, integrity, or availability of these information assets. Finally, the position oversees the direction of critical operational Campus security functions and services, such as incident response, breach management, and network intrusion detection. This position requires original thinking and judgment and the development deployment and innovative application of policy and technical solutions to protect university networks, electronic systems and data within a large public research institution.
The CISO has a dual reporting structure to both the CIO and the Deputy CIO.
Strategy ‚€“ Develop, maintain, promote and socialize across all Campus constituents a Campus information security strategy that is consistent with a public research institution. Provide broad oversight and direction to the Campus identity and access management team.
Program Management - Oversee campus information security programs (including Identity and Access Management) and activities within the unit and across the Campus to ensure effective implementation of the Campus information security strategy and critical security-related functions and services. Maintain and oversee security-related requirements for campus suppliers and partners doing business with the Campus. Manage large-scale security incident response efforts.
Policy - Manage campus information security policies, standards, procedures and guidelines are aligned with the Campus strategy, and regularly reviewed to reflect changing threat landscapes, Campus conditions, regulatory requirements, and industry best practices. Manage campuswide IT policies.
Governance ‚€“ Ensure the proper functioning of information risk governance on the Campus, obtaining senior leadership consensus on information security strategy, reporting to senior leadership the current state of the Campus information security program, and balancing information security with privacy concerns for the Campus.
Consultation - Provide expertise to senior management and executives levels on information risk.
Coordination - Manage security-related interaction with the Campus and System Legal, the Privacy, Business Contracts and Brand Protection, Office of Ethics Risk and Compliance Services, Campus Police, other law enforcement agencies, and other Risk Management offices to ensure sufficient coordination of the Campus information security risk management program.
Representation/Outreach - Serve as the campus authority and representative campus-wide, system-wide, nationally and beyond on matters related to information security.
Required Qualifications
Bachelors degree in related area and/or equivalent experience/training. Advanced degree preferred
In-depth knowledge of information technology security functional areas and as it relates to all aspects of the protection of Campus information assets and institutional data, including but not limited to personally identifiable information, education records, health records, human subjects data and financial data.
In-depth understanding of privacy and security laws (state and federal), industry standards, information security policy frameworks, as well as extensive knowledge about a wide range of privacy/security laws, regulations and standards relevant to higher education.
Proven management expertise in determining and recommending actions and affecting change across the Campus, providing a clear understanding and the information necessary for departments and individuals to carry out their responsibilities for information security risk management.
Strong understanding of identity and access management domain including associated technologies and solutions
Proven ability to balance information security needs with the organization's strategic plans, values, and other risks to formulate effective solutions
Proven strong communication skills with project teams, stakeholders, senior management, and external contacts including both technical and non-technical audiences.
High level interpersonal skills in order to work with both technical and non-technical personnel at various levels on campus.
The ability to influence, or gain acceptance from, others in sensitive situations, without damage to the relationship.
Salary & Benefits
Salary is commensurate with experience, up to $240,000.00
For information on the comprehensive benefits package offered by the University visit:
How to Apply
Please submit your cover letter and resume as a single attachment when applying.
The position will be open until filled.
Conviction History Background
This is a designated position requiring fingerprinting and a background check due to the nature of the job responsibilities. Berkeley does hire people with conviction histories and reviews information received in the context of the job responsibilities. The University reserves the right to make employment contingent upon successful completion of the background check.
Equal Employment Opportunity
The University of California is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status. For more information about your rights as an applicant see: http://www.eeoc.gov/employers/upload/poster_screen_reader_optimized.pdf
For the complete University of California nondiscrimination and affirmative action policy see:

. Apply now!

Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.