General Information
Job Description | IT SECURITY SUPV 2 | Working Title | Information Security Risk Manager |
---|---|---|---|
Job Code | 005937 | Grade | 25 |
Department Name | IT Cybersecurity - D02046 | Department Head | Josh Bright |
Supervisor | Dewight Kramer | Effective Date | 09/19/2022 |
Position(s) Directly Supervised
Job Code | Title | FTE |
---|---|---|
007338 | IT SCRTY ANL 3 | 2.0 |
000661 | IT SCRTY ANL 4 | 1.0 |
Generic Scope
Provides direct supervision typically to professionals or skilled technical employees. Functions as advisor to unit and administration. Analyzes and resolves problems, interprets policies (e.g., fiscal management, HR, contracts and grants, resource management in defined areas) and demonstrates solid subject matter knowledge. Exercises judgment within defined procedures and policies to determine appropriate action. Supervises staff to assure accountability and stewardship of department resources (operational, financial, and human) in compliance with departmental goals and objectives. |
Custom Scope
Receives assignments in the form of objectives with goals and the process by which to meet goals. Provides direction to staff according to established policies and management guidance. Administers policies that directly affect subordinate staff. Recommends changes to department policies and practices. Identifies risks and responds accordingly. Provide priority setting and work flow analysis. |
Department Custom Scope
The Information Security Office (ISO) Risk Manager oversees core information security functions in the risk, compliance and outreach areas for the university. The ISO Risk Manager is responsible for establishing and maintaining an enterprise-wide information security risk management program to support the adequate protection of university's information assets. This position is responsible for leading a team and a program for identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise. This includes the establishment of formal guidelines for secure technologies, architectures, and programs, such as: GRC tool, vendor risk assessments, PCI compliance, unit/department risk assessments, etc. This position will work with the CISO and other ISO managers to develop, manage, and report on risk metrics at all levels within the university. It will also proactively work with business units to implement practices that meet defined policies and standards for information security. The ISO Risk Manager also oversees a variety of IT-related risk management activities, as well as outreach, and compliance activities. |
Education & Experience Requirements
Education Requirements
Degree | Requirement |
---|---|
Bachelor's degree or equivalent work experience with an emphasis in computer science, data processing, computer information systems, or in a related field. | Required |
Experience Requirements
Experience | Requirement |
---|---|
6 - 10 years of related experience. | Required |
Previous supervisory/managerial experience. | Preferred |
License Requirements
Certification Requirements
Certification | Requirement |
---|---|
CISSP | Preferred |
CRISC | Preferred |
Educational Condition Requirements
Condition | Requirement |
---|
Key Responsibilities
Description | % Time |
---|---|
Responsible for supervising the daily activities of IT security analysts who plan, design, develop, implement and maintain systems and programs to insure the integrity, reliability and security of data and systems. | 30 |
Assesses the impact on the organization caused by theft, destruction, alteration, or denial of access to information. | 15 |
Collaborates across the central IT (ITS), Security Leads across campus, and the campus community, as well as across the UC system on developing, maintaining, and communicating information security best practices. | 15 |
Designs and implements security policies to control access to systems. | 5 |
Develops and implements standards for appropriate security checkpoints and encryption methods. | 5 |
Supervises the development of methods and procedures on new assignments and provides leadership to other members of department. | 5 |
Recommends changes to department policies and procedures to enhance effectiveness of functional area. | 5 |
Participates in developing and monitoring operational and budget processes, staff FTE, finance, human resources and space planning. | 5 |
Participates in the development and monitoring of policies and procedures for department or department operations. | 5 |
Recommends hiring of new employees, salary actions, terminations, and performance ratings. | 5 |
Required to participate in ongoing professional development, training and educations. | 5 |
Knowledge, Skills & Abilities
Knowledge/Skill/Ability | Requirement |
---|---|
Advanced knowledge of the IT security function. | Required |
Expert knowledge of data encryption technologies. | Required |
Advanced knowledge of IT security. | Required |
Excellent verbal and written communication, quantitative and analytical skills. | Required |
Excellent critical thinking, persuasion/negotiation, mentoring, leadership/management and problem solving abilities. | Required |
Demonstrated knowledge of secure hardware, software and network design techniques. | Required |
Broad knowledge of other areas of IT. | Required |
Human Resources policies and procedures. relating to management responsibilities. | Required |
Demonstrated skill in managing technical staff. | Required |
Knowledge of department processes and procedures. | Preferred |
Special Requirements & Conditions
Special Condition | Requirement |
---|---|
Must pass a background check. | Required |
Occasional travel for university related business meetings, conferences and/or professional development. | Required |
Travel Outside of Normal Business Hours | Required |
Other Special Requirements & Conditions
|
Level of Supervision Received
Direction |
Environment
Working Environment
Remote with occasional visits to the UCR campus as necessary. |
Other Requirements
Items Used
|
Physical Requirements
|
Mental Requirements
|
Environmental Requirements
|
Critical Position
Is Critical Position: Yes |