Digital Risk Governance, Analytics, and Advisory Services Manager - REMOTE IN CA

For UCOP internal applicants, please login to the internal candidate gateway at: Jobs at UCOP

UC OFFICE OF THE PRESIDENT

At the University of California (UC), your contributions make a difference. A world leader producing Nobel and Pulitzer Prize recipients with over 150 years of groundbreaking research transforming the world. Choose a career where you can leverage your knowledge, skills and aspirations to inspire and support some of the greatest minds in the world, and those who will follow in their footsteps. Working at the University of California is being part of a unique institution, and a vibrant and diverse community. At the University of California, Office of the President, we propel our mission through impactful work locally, in government centers and systemwide. We are passionate people, serving the greater good.

The University of California, one of the largest and most acclaimed institutions of higher learning in the world, is dedicated to excellence in teaching, research and public service. The University of California Office of the President is the headquarters to the 10 campuses, six academic medical centers and three national laboratories and enrolls premier students from California, the nation and the world. Learn more about the UC Office of the President

Department Overview
The UC Chief Information Security Office supports systemwide locations to address timely and pervasive issues such as identity theft, supplier security, cyber metrics, advisory services, data security breaches, data leakage, cyber security, and system outages across organizations of various sizes and industries, with the goal of enabling ongoing, secure, and reliable operations across the enterprise. We maintain an innovative, inclusive, and supportive work environment.

Position Summary
The Digital Risk Governance, Analytics, and Advisory Services Manager is responsible for developing and leading a comprehensive program to support the protection of the university's sensitive data, systems, and infrastructure. This role requires a deep understanding of higher education cybersecurity challenges, including compliance with FERPA, HIPAA, and other relevant regulations. The Manager will collaborate with stakeholders to manage a comprehensive cyber metrics program, collaborate with internal and external auditors, compliance and privacy initiatives, and provide guidance related to supplier contracts and regulatory activities. The Manager will advocate for, and ensure the program has, necessary resources to achieve the programs objectives and outcomes.

Key Responsibilities

50% Advisory Services - Serve as a liaison between digital risk, Legal, Risk Services, Ethics, Compliance, and Audit Services, procurement, policy, and privacy teams, promoting cross-functional collaboration. Provide thought leadership and liaising for cyber legislation that supports UC's digital security objectives. Manage the review, negotiations, and revisions of supplier contracts including Data Security appendices and HIPAA Business Associate Agreements respective to information security requirements. Foster strong relationships with location stakeholders to advance the program objectives.

20% Analytics and Reporting - Manage a comprehensive cyber metrics program across UC. Collect and report on systemwide digital risk efforts and performance measurements.

15% Workforce management - Leads a team of Digital Risk Governance, Analytics, and Advisory Services professionals, overseeing management of staff, budget, and relationships. Provides guidance, mentoring, and dynamic leadership to a diverse team within the unit, focusing on the goals and objectives of the Digital Risk Governance, Analytics, and Advisory Services program. Sets clear role expectations and prioritizes assignments for team members while maintaining an effective and collaborative team environment. Additionally, the role includes mentoring, developing talent, directing team activities, and partnering with cross-functional teams.

15% Governance - Develop and implement a strategic Digital Risk Governance, Analytics, and Advisory program aligned with the university's mission and goals to support customers and stakeholders. Manage relationships with external cybersecurity consultants to conduct assessments and provide recommendations.

Experience
Required Qualifications

• Min 10 years of relevant IT work experience inclusive of at least 5 years of experience in Information Security.

Skills and Abilities
Required Qualifications

• Exceptional ability to engage stakeholders and ensure effective communication.
• Comprehensive knowledge of supplier contract review processes related to information security.
• Outstanding ability to provide leadership support for strategic management programs.
• Exceptional ability to collect and report on systemwide digital security materials.
• Proven ability to develop and present reports to executives.
• Proven ability to coordinate cross-functional teams for audits and assessments.
• Extensive experience serving as a liaison between multiple teams.
• Demonstrated business acumen and problem-solving skills.
• Experience in federal and state legislation review, Requests for Comment, and advising on prospective legislation related to areas of cyber security.
• Broad knowledge of information technology security functional areas and as it relates to student data; health information; and management of IT resources and applications.
• Demonstrated understanding of privacy and security regulations and best practices, including federal and state laws, policies and standards.
• Extensive knowledge concerning a wide range of privacy / security regulations relevant to higher education and / or medical center and patient information.
• Demonstrated communication skills with project teams, stakeholders, and external contacts including both technical and non-technical audiences.
• Demonstrated interpersonal skills to work with both technical and non-technical personnel at various levels in organization.
• Strong ability to influence, gain consensus and buy-in from various stakeholders across UC.
• Demonstrated experience managing technical staff.
• Experienced in leading change management activities and managing their impact within the department.
• Broad knowledge of technical concepts and principles of data communications, computer hardware, products, software, and services.
• Demonstrated oral and written communication skills, including the ability to effectively present technical topics to large groups with potentially varied levels of technical sophistication.

Education
Required Qualifications

• Bachelor's degree in related area and / or equivalent experience / training OR equivalent experience / training

Preferred Qualifications

• Advanced degree preferred.

Licenses and Certifications
Preferred Qualifications

• CISSP, CISM, & CRISC
• ITIL Foundation

Travel Requirements
5% occasional travel to other UC locations.

Job Title
IT Security Analyst 5

Job Code
000662

Salary Grade
Grade 27

Payscale:
$198,000 - $220,000

Benefits: For information on the comprehensive benefits package offered by the University visit: Benefits of Belonging

ADDITIONAL INFORMATION

California residents, or those willing to relocate to CA, who wish to work onsite, hybrid, or remote, will be considered. Not eligible for Visa sponsorship or transfer.

HOW TO APPLY

Please be prepared to attach a cover letter and resume with your application.

APPLICATION REVIEW DATE

The first review date for this job is March 21, 2025. The position will be open until filled.

CONDITIONS OF EMPLOYMENT

Background Check Process: Successful completion of a background check is required for this critical position. Background check process at UCOP

Smoke Free Work Environment: The University of California, Office of the President, is smoke & tobacco-free as of January 1, 2014. UC Smoke & Tobacco Free Policy

As a condition of employment, you will be required to comply with the University of California Policy on Vaccination Programs, as may be amended or revised from time to time. Federal, state, or local public health directives may impose additional requirements.

As a condition of employment, the finalist will be required to disclose if they are subject to any final administrative or judicial decisions within the last seven years determining that they committed any misconduct, are currently being investigated for misconduct, left a position during an investigation for alleged misconduct, or have filed an appeal with a previous employer.

• "Misconduct" means any violation of the policies or laws governing conduct at the applicant's previous place of employment, including, but not limited to, violations of policies or laws prohibiting sexual harassment, sexual assault, or other forms of harassment, discrimination, dishonesty, or unethical conduct, as defined by the employer.
  • UC Sexual Violence and Sexual Harassment Policy
  • UC Anti-Discrimination Policy for Employees, Students and Third Parties
  • APM - 035: Affirmative Action and Nondiscrimination in Employment

EEO STATEMENT

The University of California, Office of the President, is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age or protected veteran status. For the University of California's Affirmative Action Policy please visit: https://policy.ucop.edu/doc/4010393/PPSM-20. For the University of California's Anti-Discrimination Policy, please visit: https://policy.ucop.edu/doc/1001004/Anti-Discrimination.

The University of California, Office of the President, strives to make this job board accessible to any and all users. If you have comments regarding the accessibility of our website or need assistance completing the application process, please contact us at: Accessibility or email the Human Resource Department at: epost@ucop.edu.