Posting Salary: Salary Commensurate with Experience
Position Summary: Uses advanced audit and compliance concepts and objectives to resolve highly complex issues. Regularly works on highly complex issues where analysis of situations or data requires an in-depth evaluation of variable factors. Works on audit and compliance projects of diverse scope where analysis of data requires evaluation of identifiable factors in developing audit and compliance findings and recommendations. Exercises judgment in selecting methods, techniques and evaluation criteria for obtaining results. Responsible for conducting and documenting a wide range of complex audit and compliance projects and assignments in an independent manner. Provides guidance to other audit and compliance professionals. Demonstrates good judgment in selecting audit and compliance methods and techniques. Normally receives little instruction on audit and compliance assignments; with general instruction provided on new or more complex audit and compliance work.
Special Conditions of Employment: Overtime Travel outside of normal business hours
Other Special Conditions of Employment:
Job Close Date:
Duty 1: Working as a member of the Cybersecurity Audit Team, supports cybersecurity audit projects that require the most complex and advanced analysis techniques, including an extensive understanding of cybersecurity technical controls, IT networks, and systems. Executes cybersecurity focused internal audit and compliance projects leveraging established standards and a broad knowledge of industry regulations and best practice frameworks including NIST, ISO, COBIT, HIPAA and other guidance.
Performs detailed evaluations of technical controls and configuration of networks and systems requiring a deep knowledge of a wide variety of IT systems, networks and security controls, including the use of specialized software such as vulnerability scanning and/or network mapping tools. Leverages extensive understanding of IT technologies, cybersecurity risks, and controls to develop effective audit approaches that identify the highest risk issues and advise leadership on the best approach for addressing the identified issues from the audit. Function:Cybersecurity Audit Team Percent: 65
Duty 2: In an advisory role, develops audit and compliance control frameworks to monitor IT production environments for potential system integrity exposure and control weaknesses. Function:Monitor IT Production Environments Percent: 25
Duty 3: Working with the cybersecurity audit specialists will develop drafts of formal written reports to communicate complex and often times highly technical audit and compliance results to all levels of management, and makes recommendations as appropriate. Function:Develop Written Reports Percent: 10
Job Requirements Bachelor's degree in related area and/or equivalent experience/training. Professional certification preferred.
Has advanced knowledge of audit and compliance function.
Also has knowledge of finance, accounting, business and systems operations.
Is able to apply appropriate policies and practices in the completion of audit and compliance assignments.
Is able to extract, verify, compile and develop recommendations related to audit and compliance results.
Has an understanding of the interrelationship of procedures and desired results.
Requires ability to present complex audit findings in a clear and concise manner, both in writing and verbally.
Familiarity and experience using network scanning and vulnerability assessment tools to evaluate system configurations, vulnerabilities, and assess them against security standards.
Knowledge and experience working with network configurations including TCP/IP and UDP networking protocols to identify vulnerabilities, and assess risk and IT controls (e.g. firewalls) effectiveness.
Familiarity and experience working with various IT security control frameworks and guidance such as NIST, CIS, ISO, CoBIT and others to evaluate cybersecurity posture of an organization.
Strong analytic and IT technical skills to evaluate highly complex and diverse IT systems while maintaining the ability to understand and relate the risks to the organization's overall security posture.
Knowledge and experience performing assessments and audits in large diverse IT organizations with multiple software and hardware environments with distributed oversight. Required
Professional specialized certification required. Prefer industry security and/or audit certification (e.g., CISSP, CISA, GIAC)
Familiarity and experience working in healthcare.
Familiarity and experience working in higher education.
Experience in IT security or IT operations. Preferred
About us The University of California, one of the largest and most acclaimed institutions of higher learning in the world, is dedicated to excellence in teaching, research and public service. The University of California Office of the President is the corporate headquarters to the ten campuses, five medical centers and three Department of Energy National Labs and enrolls premier students from California, the nation and the world.
The University of California is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, age or protected veteran status.
Copyright 2017 Jobelephant.com Inc. All rights reserved.
About University of California Office of the President
The Office of the President is the systemwide headquarters of the University of California, managing its fiscal and business operations and supporting the academic and research missions across its campuses, labs and medical centers.