We are currently seeking a Senior Information Security Advisor to join our Governance, Risk Management, and Compliance Team, within the Office of the CISO in the Information Technology Services (ITS) department here at the University of Southern California. The Senior Information Security Advisor will be responsible for planning, designing, and executing security solutions, identifying security deficiencies by working with USC schools and units, and recommending corrective actions of identified security risks and vulnerabilities.
The ideal candidate must possess seven years of experience in Information Technology, three years of experience in Information Security and two years of Management experience.
Information Technology Services (ITS) is committed to providing information technology (IT) services and support to the university. ITS provides essential, university-wide services such as:
Enterprise information systems
University wired and wireless networks
Must have a Bachelorâs degree in Information Security, Information Technology, Information Systems Management, Computer Science, Engineering or related field(s) or equivalent demonstrated work experience
Minimum of 7 years of directly related experience in Information Technology
Minimum of 3 years of experience in Information Security
Minimum of 2 years of Management level experience
Demonstrated working knowledge of application and TCP/IP network security technologies, information security concepts, principles and components of a comprehensive information security program
Demonstrated experience in application security concepts, control frameworks and control objectives
Strong, demonstrable aptitude for and interest in information and application security.
Exceptional organizational skills to balance work and lead projects.
Demonstrable leadership and interpersonal skills with experience in mentoring team members.
Strong written communication and professional verbal communication skills.
Experienced facilitator and presenter to a large audience
Typically possesses experience GCIH/GSEC, CISM, CISA,CISSP, CRISC Certifications
Typically possesses understanding of modern security tools and controls, secure development life cycle methodologies, programming languages or other scripting languages, and web-based application architectures (IIS, Apache, etc.)
Typically possesses experience with financial industry regulations such as GLBA, PCI, and SOX
Typically possesses large complex industry related experience
Partners with the schools and units to help manage risk at an acceptable level
Aligns business, IT, and information security functions to facilitate business-relevant security improvements
Recognizes schools/unitsâ security needs and translate them into business requirements to enable the Office of the CISO to meet those needs while empowering the business.
Provide inputs to local unit strategies for the delivery of information security services to the business
Works with the local unit to develop a security plan which documents the security requirements and describes the security controls in place or planned, responsibilities and expected behavior of individuals who have access to critical systems.
Serves as a Subject Matter Expert (SME) for information security across the university, to include schools, departments, project teams and vendors. Examines technology vision, opportunities and challenges with regard to security standards and their impact on technology and reacts accordingly in alignment and support of the execution of the USC Information Security Program vision and strategy
Monitors and anticipates trends and investigates organizational objectives and needs. Provides guidance on Information security solutions.
Advises on security strategy, architecture and tools in accordance with university standards, policies, procedures and other formal guidance, ensuring security technology standards and best practices are maintained across the university
Promotes implementation of new technology, solutions and methods to improve business processes, efficiency, effectiveness and security.
Advises on methods to mature information security risk management processes, programs and strategies. Aligns information security activities with regulatory requirements and internal risk management policies.
Identifies security gaps and deficiencies by supporting risk assessments and recommends corrective action of identified vulnerabilities and weaknesses. Leads the planning and remediation of identified security risks.
Interfaces with peers and senior leadership and communicates at all levels. Provides guidance to less experienced Information Security team members
Presents to senior leaders and large audiences. Facilitates regular security governance meetings with IT leaders and Senior Business Officers to drive risk remediation and adoption of security services across the schools and units.
Recruits, screens, hires, trains and directly supervises all assigned staff. Evaluates employee performance and provides guidance and feedback. Counsels, disciplines and/or terminates employees as required. Oversees onboarding and orientation of new employees to ensure that duties, responsibilities, work requirements and performance standards are clearly understood. Assesses staff development needs. Promotes staff participation in educational opportunities and activities. Schedules, assigns and prioritizes workloads. Sets appropriate deadlines. Monitors employee performance on day-to-day basis. Ensures timely completion of unit's work
Maintains awareness and knowledge of current changes within legal, regulatory, and technology environments which may affect operations. Ensures senior management and staff are informed of any changes and updates in a timely manner. Establishes and maintains appropriate network of professional contacts. Maintains membership in appropriate professional organizations and publications. Attends meetings, seminars and conferences and maintains continuity of any required or desirable certifications, if applicable
Bachelorâs Degree in Information Security, Information Technology, Information Systems Management, Computer Science, or Engineering
GCIH/GSEC, CISM, CISA,CISSP, and CRISC Certifications
Understanding of modern security tools and controls, secure development life cycle methodologies, programming languages or other scripting languages, and web-based application architectures (IIS, Apache, etc.)
Experience with industry regulations such as FERPA, HIPAA, GLBA, PCI, and SOX application protocols such as MS-SQL, LDAP, and SSO, data protection controls, and applied use of cryptography
Experience with defense in depth, trust levels, privileges and Permissions as well as experience in application penetration testing
Experience with ISO 27001
Large complex industry related experience
Minimum EducationBachelor's DegreeCombined education/experience as substitute for minimum educationMinimum Experience:7 yearsCombined education/experience as substitute for minimum experienceMinimum Field of Expertise:Bachelorâs degree in Information Security, Information Technology, Information Systems Management, Computer Science, Engineering or related field(s) or equivalent demonstrated work experience. 5+ years of IT experience that includes at least 3 years in information security and 2 years in management. Strong working knowledge of Windows-based platforms, application and TCP/IP network security technologies, information security concepts, principles and components of a comprehensive information security program. Demonstrated experience in Application Security concepts, Control frameworks and control objectives. Strong, demonstrable aptitude for and interest in information and application security. Exceptional organizational skills to balance work and lead projects. Demonstrable leadership and interpersonal skills with experience in mentoring team members. Strong written communication and professional verbal communication skills. Experienced facilitator and presenter.
Internal Number: REQ20082803
USC is the leading private research university in Los Angeles—a global center for arts, technology and international business. With more than 47,500 students, we are located primarily in Los Angeles but also in various US and global satellite locations. As the largest private employer in Los Angeles, responsible for $8 billion annually in economic activity in the region, we offer the opportunity to work in a dynamic and diverse environment, in careers that span a broad spectrum of talents and skills across a variety of academic and professional schools and administrative units. As a USC employee and member of the Trojan Family—the faculty, staff, students, and alumni who make USC a great place to work—you will enjoy excellent benefits, including a variety of well-being programs designed to help individuals achieve work-life balance.