CMMC Risk and Compliance Analyst - 134236

UC San Diego is ranked the 9th best public university in the nation by U.S. News and World Report and is the largest employer based in San Diego County. Reporting to the VC-CFO, Information Technology Services (ITS) delivers Enterprise information technology services to the University of California, San Diego (UCSD) under the leadership of the campus Chief Information Officer (CIO). Information Technology Services (IT Services) uses world-class services and technologies to empower UC San Diego's mission to transform California and the world as a student-centered, research-focused, service-oriented public university. As a strategic member of the UC San Diego community, IT Services embraces innovation in their delivery of IT services, infrastructure, applications, and support. IT Services is customer-focused and committed to collaboration, continuous improvement, and accountability.

Equity, Diversity, and Inclusion are core values at UC San Diego and within Information Technology Services. Crafting a culture around these values allows us to more deeply connect with and appreciate our employees, students, and campus partners. Information Technology Services is continuously working to build a community where we all feel safe, empowered, and encouraged to bring our authentic selves to work. We do this not only because it is what's right, but because we know that diversity drives insight and innovation. We are proud to partner closely UC San Diego's Office for Equity, Diversity, and Inclusion, as their dedication to this mission helps us all to drive change.

The Office of Information Assurance (OIA), a department within ITS, is responsible for the infrastructure, policies, standards and training necessary to ensure the achievement of the security and privacy goals of the University. Collaborating closely with various campus resources and partners, the department identifies, responds to and mitigates information security/privacy risks, threats and vulnerabilities. OIA delivers a comprehensive set of enterprise security services in the areas of security policy, assessment, compliance, consulting, operations, incident response and risk management. The department is responsible for the design, deployment and administration of network, endpoint, application, and information asset protection systems. Information Security staff also work closely with the IT Infrastructure and Operations department to provide the campus-wide network/security infrastructure.

The CMMC Risk and Compliance Analyst joins a small team dedicated to the growing requirements surrounding regulated research. This will include leading a number of compliance activities related to Controlled Unclassified Information, POA&M management, supplier risk management, and data security reviews. You will perform risk assessments, develop and maintain system security plans, manage plans of actions and milestones, and help maintain compliance status. This position requires in-depth knowledge of security engineering and the ability to design compensating controls and to act as trusted counsel to staff and faulty on most domains of security.

• Employee must be available to work evenings and weekends.

• Employee must be available to travel as required.

• Drives the implementation and enhancement of security processes across the organization to reduce information security risk, address threat and vulnerabilities to information assets, monitor compliance to policy, and improve the overall security posture of the University.

• Provides recommendations for security controls and ensures remediation of any deficiencies to ensure compliance with campus policy and regulatory requirements

• Monitor compliance to policy and improve the overall security posture of the University.

• Support the development and implementation of effective and reasonable policies and practices to secure critical and sensitive data and ensure information security and compliance.

• Assist with or manage audits by UC or external auditors.

• Bachelor's degree in Computer Science, Information Security or a closely-related field AND two (2) years of related experience in information security in an enterprise environment OR six (6) years of recent, relevant experience.

• Demonstrated knowledge of IT security. Extensive experience in security policy creation and compliance monitoring, auditing methodology, and conducting technology risk assessments.

• Ability to function well in stressful situations, under tight deadlines, and in a generally fast-paced work environment.

• Demonstrated knowledge of IT security regulations such CMMC, FERPA, HIPAA, and/or PCI.

• Must be able to obtain/maintain a DOD security clearance.

• Job offer is contingent upon satisfactory clearance based on background check results.

• Employee must be able to attain federal security clearance, if needed.

If employed by the University of California, you will be required to comply with our Policy on Vaccination Programs, which may be amended or revised from time to time. Federal, state, or local public health directives may impose additional requirements.

To foster the best possible working and learning environment, UC San Diego strives to cultivate a rich and diverse environment, inclusive and supportive of all students, faculty, staff and visitors. For more information, please visit UC San Diego Principles of Community.

UC San Diego is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age or protected veteran status.

For the University of California's Affirmative Action Policy please visit: https://policy.ucop.edu/doc/4010393/PPSM-20
For the University of California's Anti-Discrimination Policy, please visit: https://policy.ucop.edu/doc/1001004/Anti-Discrimination

UC San Diego is a smoke and tobacco free environment. Please visit smokefree.ucsd.edu for more information.

Misconduct Disclosure Requirement: As a condition of employment, the final candidate who accepts a conditional offer of employment will be required to disclose if they have been subject to any final administrative or judicial decisions within the last seven years determining that they committed any misconduct; received notice of any allegations or are currently the subject of any administrative or disciplinary proceedings involving misconduct; have left a position after receiving notice of allegations or while under investigation in an administrative or disciplinary proceeding involving misconduct; or have filed an appeal of a finding of misconduct with a previous employer.

a. "Misconduct" means any violation of the policies or laws governing conduct at the applicant's previous place of employment, including, but not limited to, violations of policies or laws prohibiting sexual harassment, sexual assault, or other forms of harassment, discrimination, dishonesty, or unethical conduct, as defined by the employer. For reference, below are UC's policies addressing some forms of misconduct:

• UC Sexual Violence and Sexual Harassment Policy
• UC Anti-Discrimination Policy
• Abusive Conduct in the Workplace