Under the general direction of the Deputy Chief Information Security Officer (DCISO), the Information Security Analyst assesses and manages security and data protection solutions that support the mission of the University, and protects the confidentiality, integrity and availability of information assets owned by or entrusted to UC Davis. The Information Security Analyst assures that campus departments and third-party vendors meet the University’s information assurance (IA) and security requirements, participates in information security assessments, supports the Information Security Office (ISO) risk and compliance programs, and prepares/maintains various security reports and dashboards. The Information Security Analyst identifies risks and escalates issues to campus Units, the Chief Information Security Officer, DCISO and other members of the ISO team, and maintains the strict confidentiality of materials acquired or used in support of an assessment.
Candidates must already possess authorization to work in the United States to be considered.
To see IET job postings, please visit https://iet.ucdavis.edu/jobs

MINIMUM QUALIFICATIONS - FOR FULL CONSIDERATION, APPLICANTS ARE ENCOURAGED TO UPLOAD LICENSE AND/OR CERTIFICATION IF REQUIRED OF THE POSITION

• Bachelor’s degree in related area and/or equivalent experience/training.
• Experience reviewing and/or assessing information security reports, advisories, bulletins, or other relevant intelligence.
• Experience with common productivity software such as Microsoft Visio and Excel.
• Experience coordinating several simultaneous activities with strict deadlines and complex scheduling requirements.
• Knowledge of the Risk Management Framework (RMF) requirements and current industry methods for conducting information security assessments.
• Knowledge of information assurance (IA) principles and requirements related to confidentiality, integrity, availability, authentication, and non-repudiation. Knowledge of supply chain security/risk management policies, requirements and procedures.
• Oral, written and interpersonal communication skills to work with both technical and non-technical personnel at various levels in the organization and skills to generate and provide project reports as requested by clients and management.

PREFERRED QUALIFICATIONS

• Information security certification (e.g., CRISC, CISSP, CISA, GIAC or PCI).
• Experience as an information security or IT professional with applicable information security experience.
• Knowledge of information security frameworks and standards such as ISO, NIST, NERC, DoD, and regulations related to information security such as PCI, HIPAA, FISMA, SB 1386, etc.

SPECIAL REQUIREMENTS – PLEASE CONTACT YOUR RECRUITER WITH QUESTIONS REGARDING WHICH ACTIVITIES APPLY BY POSITION

• This is a critical position, as defined by UC Policy and local procedures, and as such, employment is contingent upon clearing a criminal background check(s) and may include drug screening, medical evaluation clearance and functional capacity assessment
• N/A
  Misconduct Disclosure Requirement: As a condition of employment, the final candidate who accepts a conditional offer of employment will be required to disclose if they have been subject to any final administrative or judicial decisions within the last seven years determining that they committed any misconduct; received notice of any allegations or are currently the subject of any administrative or disciplinary proceedings involving misconduct; have left a position after receiving notice of allegations or while under investigation in an administrative or disciplinary proceeding involving misconduct; or have filed an appeal of a finding of misconduct with a previous employer.

• 70% - Risk Assessment
• 20% - Documentation
• 10% - Other Duties