Risk and Compliance Analyst

Who We Are Founded in 1965, UC Irvine is a member of the prestigious Association of American Universities and is ranked among the nation's top 10 public universities by U.S. News & World Report. The campus has produced five Nobel laureates and is known for its academic achievement, premier research, innovation and anteater mascot. Led by Chancellor Howard Gillman, UC Irvine has more than 36,000 students and offers 224 degree programs.

It's located in one of the world's safest and most economically vibrant communities and is Orange County's second-largest employer, contributing $7 billion annually to the local economy and $8 billion statewide. To learn more about UC Irvine, visit (Use the "Apply for this Job" box below). The UC Irvine Office of Information Technology (OIT) is responsible for supporting the IT needs of faculty, students, and staff. Our mission is to provide information technology leadership, services, and innovative solutions to promote the research, education, and community service goals of the University.

The IT Security Risk & Compliance team is responsible for leading the development, implementation and evaluation of campus-wide information security risk management processes and policy. This team also leads campus-wide information security education, training, and awareness programs. Your Role on the Team Under the general supervision of the Supervisor, IT Security Risk and Compliance, the Risk and Compliance analyst applies skills as a seasoned, experienced IT security professional with a full understanding of industry practices, governmental regulations and campus, or Office of the President policies and procedures to resolve a wide range of complex issues.

Demonstrates competency in recommending methods and techniques to obtain results. Conducts supplier security risk reviews for UCI. Provides guidance and training to stakeholders on supplier risk management policies and procedures. What It Takes to be Successful Total Compensation In addition to the salary range listed below, we offer a wealth of benefits to make working at UCI even more rewarding.

These benefits may include medical insurance, sick and vacation time, retirement savings plans, and access to a number of discounts and perks. Please utilize the links listed here to learn more about our compensation practices and benefits. The expected pay range for this recruitment is $85,400- $121,100 (Annual).

Required:

Basic skill at reading and interpreting supplier security documentation. Ability to follow department processes and procedures. Interpersonal skills sufficient to work effectively with both technical and non-technical personnel at various levels in the organization. Experience using IT security systems and tools. Knowledge of data encryption techniques. Experience analyzing supplier policies and procedures. Knowledge of other areas of IT, department processes and procedures.

Demonstrated skills applying security controls to computer software and hardware. Experience in reviewing security incidents and related reports of suppliers and provides recommendations to departments. Demonstrated knowledge of administering complex security controls and configurations to computer hardware, software and networks. Knowledge of computer hardware, software and network security issues and approaches. Demonstrated experience selecting and applying appropriate data encryption technologies.

Demonstrated knowledge of supplier risk management methodologies (TPRM). Demonstrated experience with using information security frameworks and standards (e.g., NIST 800-53, ISO
27001/27002, HIPAA, GDPR). Adhere to OIT's cultural values:
Collaboration, Respect, Trust, Transparency, Quality, Inclusiveness, Customer Centricity, and Learning and Growth. Bachelor's degree in related area and / or equivalent experience / training 3-5 years of experience in information security, especially in supplier security risk reviews. A minimum of 3 years of experience reviewing supplier security documentation such as SOC 2 Type II reports, high level system architecture diagrams, information security policies, etc.

Preferred:
Demonstrated experience using HECVAT. Knowledge of PCI-DSS and UC IS-3.

Experience with using GRC and tracking tools such as One Trust, Service Now, and Trello. Special

Conditions:

May be required to work after hours, as needed. Conditions of Employment:
The University of California, Irvine (UCI) seeks to provide a safe and healthy environment for the entire UCI community. As part of this commitment, all applicants who accept an offer of employment must comply with the following conditions of employment:
Background Check and Live Scan Employment Misconduct
* Legal Right to work in the United States Vaccination Policies Smoking and Tobacco Policy Drug Free Environment
* Misconduct Disclosure Requirement:
As a condition of employment, the final candidate who accepts a conditional offer of employment will be required to disclose if they have been subject to any final administrative…