UCR Jobs

General Information

Job Description	IT SECURITY SUPV 2	Working Title	Information Security Risk Manager
Job Code	005937	Grade	25
Department Name	IT Cybersecurity - D02046	Department Head	Josh Bright
Supervisor	Dewight Kramer	Effective Date	09/19/2022

Position(s) Directly Supervised

Job Code	Title	FTE
007338	IT SCRTY ANL 3	2.0
000661	IT SCRTY ANL 4	1.0

Generic Scope

Provides direct supervision typically to professionals or skilled technical employees. Functions as advisor to unit and administration. Analyzes and resolves problems, interprets policies (e.g., fiscal management, HR, contracts and grants, resource management in defined areas) and demonstrates solid subject matter knowledge. Exercises judgment within defined procedures and policies to determine appropriate action. Supervises staff to assure accountability and stewardship of department resources (operational, financial, and human) in compliance with departmental goals and objectives.

Provides direct supervision typically to professionals or skilled technical employees. Functions as advisor to unit and administration. Analyzes and resolves problems, interprets policies (e.g., fiscal management, HR, contracts and grants, resource management in defined areas) and demonstrates solid subject matter knowledge. Exercises judgment within defined procedures and policies to determine appropriate action. Supervises staff to assure accountability and stewardship of department resources (operational, financial, and human) in compliance with departmental goals and objectives.

Custom Scope

Receives assignments in the form of objectives with goals and the process by which to meet goals. Provides direction to staff according to established policies and management guidance. Administers policies that directly affect subordinate staff. Recommends changes to department policies and practices. Identifies risks and responds accordingly. Provide priority setting and work flow analysis.

Receives assignments in the form of objectives with goals and the process by which to meet goals. Provides direction to staff according to established policies and management guidance. Administers policies that directly affect subordinate staff. Recommends changes to department policies and practices. Identifies risks and responds accordingly. Provide priority setting and work flow analysis.

Department Custom Scope

The Information Security Office (ISO) Risk Manager oversees core information security functions in the risk, compliance and outreach areas for the university. The ISO Risk Manager is responsible for establishing and maintaining an enterprise-wide information security risk management program to support the adequate protection of university's information assets. This position is responsible for leading a team and a program for identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise. This includes the establishment of formal guidelines for secure technologies, architectures, and programs, such as: GRC tool, vendor risk assessments, PCI compliance, unit/department risk assessments, etc. This position will work with the CISO and other ISO managers to develop, manage, and report on risk metrics at all levels within the university. It will also proactively work with business units to implement practices that meet defined policies and standards for information security. The ISO Risk Manager also oversees a variety of IT-related risk management activities, as well as outreach, and compliance activities.

The Information Security Office (ISO) Risk Manager oversees core information security functions in the risk, compliance and outreach areas for the university. The ISO Risk Manager is responsible for establishing and maintaining an enterprise-wide information security risk management program to support the adequate protection of university's information assets. This position is responsible for leading a team and a program for identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise. This includes the establishment of formal guidelines for secure technologies, architectures, and programs, such as: GRC tool, vendor risk assessments, PCI compliance, unit/department risk assessments, etc. This position will work with the CISO and other ISO managers to develop, manage, and report on risk metrics at all levels within the university. It will also proactively work with business units to implement practices that meet defined policies and standards for information security. The ISO Risk Manager also oversees a variety of IT-related risk management activities, as well as outreach, and compliance activities.

Education & Experience Requirements

Education Requirements

Degree	Requirement
Bachelor's degree or equivalent work experience with an emphasis in computer science, data processing, computer information systems, or in a related field.	Required

Experience Requirements

Experience	Requirement
6 - 10 years of related experience.	Required
Previous supervisory/managerial experience.	Preferred

License Requirements

Certification Requirements

Certification	Requirement
CISSP	Preferred
CRISC	Preferred

Educational Condition Requirements

Condition	Requirement

Key Responsibilities

Description	% Time
Responsible for supervising the daily activities of IT security analysts who plan, design, develop, implement and maintain systems and programs to insure the integrity, reliability and security of data and systems.	30
Assesses the impact on the organization caused by theft, destruction, alteration, or denial of access to information.	15
Collaborates across the central IT (ITS), Security Leads across campus, and the campus community, as well as across the UC system on developing, maintaining, and communicating information security best practices.	15
Designs and implements security policies to control access to systems.	5
Develops and implements standards for appropriate security checkpoints and encryption methods.	5
Supervises the development of methods and procedures on new assignments and provides leadership to other members of department.	5
Recommends changes to department policies and procedures to enhance effectiveness of functional area.	5
Participates in developing and monitoring operational and budget processes, staff FTE, finance, human resources and space planning.	5
Participates in the development and monitoring of policies and procedures for department or department operations.	5
Recommends hiring of new employees, salary actions, terminations, and performance ratings.	5
Required to participate in ongoing professional development, training and educations.	5

Knowledge, Skills & Abilities

Knowledge/Skill/Ability	Requirement
Advanced knowledge of the IT security function.	Required
Expert knowledge of data encryption technologies.	Required
Advanced knowledge of IT security.	Required
Excellent verbal and written communication, quantitative and analytical skills.	Required
Excellent critical thinking, persuasion/negotiation, mentoring, leadership/management and problem solving abilities.	Required
Demonstrated knowledge of secure hardware, software and network design techniques.	Required
Broad knowledge of other areas of IT.	Required
Human Resources policies and procedures. relating to management responsibilities.	Required
Demonstrated skill in managing technical staff.	Required
Knowledge of department processes and procedures.	Preferred

Special Requirements & Conditions

Special Condition	Requirement
Must pass a background check.	Required
Occasional travel for university related business meetings, conferences and/or professional development.	Required
Travel Outside of Normal Business Hours	Required

Other Special Requirements & Conditions

Level of Supervision Received

Direction

Direction

Environment

Working Environment

Remote with occasional visits to the UCR campus as necessary.

Remote with occasional visits to the UCR campus as necessary.

Other Requirements

Items Used

Standard Office Equipment Computer Printer Copier Scanner Calculator

Standard Office Equipment
Computer
Printer
Copier
Scanner
Calculator

Physical Requirements

Bend : N/A Sit : Constantly Squat : N/A Stand : Occasionally Crawl : N/A Walk : Occasionally Climb : N/A

Bend : N/A
Sit : Constantly
Squat : N/A
Stand : Occasionally
Crawl : N/A
Walk : Occasionally
Climb : N/A

Mental Requirements

Read/Comprehend : Constantly Write : Frequently Perform Calculations : Frequently Communicate Orally : Constantly Reason & Analyze : Constantly

Read/Comprehend : Constantly
Write : Frequently
Perform Calculations : Frequently
Communicate Orally : Constantly
Reason & Analyze : Constantly

Environmental Requirements

Is exposed to excessive noise : No Is around moving machinery : No Is exposed to marked changes in temperature and/or humidity : No Drives motorized equipment : No Works in confined quarters : No Dust : No Fumes : No

Is exposed to excessive noise : No
Is around moving machinery : No
Is exposed to marked changes in temperature and/or humidity : No
Drives motorized equipment : No
Works in confined quarters : No
Dust : No
Fumes : No

Critical Position

Is Critical Position: Yes

Is Critical Position: Yes

HR Employment