The University of Southern California’s (USC’s) Information Technology Services (ITS) is currently seeking a talented and experienced Senior Information Security Advisor to join the Governance, Risk Management, and Compliance Team, within the Office of the CISO.

The Senior Information Security Advisor is responsible for planning, designing, and executing security solutions, benchmarking technology strategies, leading the selection and implementation of technology solutions, identifying security deficiencies, and recommending corrective action of identified vulnerabilities. Responsibilities include overseeing the creation and publication of internal controls, ensuring the development and maintenance of adequate compliance resources and training opportunities, and fostering a risk and compliance-focused culture within the division.

The ideal candidate must possess five years of experience in Information Technology, three years of experience in Information Security, and two years of Management experience with demonstrated experience providing information security guidance to Senior IT leadership.

THE TEAM

The ITS vision aligns strategy, business, and services; affirms ITS cultural values; empowers cross-functional teamwork; embraces world-class best practices; and promotes innovation, excellence, agility, and efficiency. To achieve this vision, ITS is committed to providing a modern technology infrastructure that is resilient and delivers the performance necessary to meet the demands of a growing customer base, training in the latest technologies for its highly productive and motivated workforce, outstanding customer experience, and technology services that are aligned with the university’s mission to provide exceptional learning opportunities for students. ITS is creating a workplace where employees can develop cutting-edge skills, take pride in the services they provide, and have access to the roles and career paths that align to their abilities and potential.

We are looking for top talent to join us on our journey.

ITS CULTURE

USC’s ITS organization represents a diverse and talented team, committed to supporting a collaborative culture and delivering secure and innovative IT services, core to the mission of USC. ITS values accountability, excellence, and commitment to exceptional customer experience. ITS strives for a supportive and inclusive culture that encourages employees to do their best work every day and where individuals are recognized and celebrated for their contributions.

ABOUT USC

USC is the leading private research university in Los Angeles—a global center for arts, technology, and international business. With more than 47,500 students, we are located primarily in Los Angeles but also in various US and global satellite locations. As the largest private employer in Los Angeles, responsible

for $8 billion annually in economic activity in the region, we offer the opportunity to work in a dynamic and diverse environment, in careers that span a broad spectrum of talents and skills across a variety of academic and professional schools and administrative units. As a USC employee and member of the Trojan Family—the faculty, staff, students, and alumni who make USC a great place to work—you will enjoy excellent benefits, including a variety of well-being programs designed to help individuals achieve work-life balance.

MINIMUM REQUIREMENTS

The candidate for the position of Senior IS Advisor must meet the following qualifications:

• Bachelor’s degree in Information Security, Information Technology, Information Systems Management, Computer Science, Engineering or related field(s) or equivalent demonstrated work experience
• Minimum of 5 years of IT experience
• Minimum of 3 years of experience in Information Security (Info Sec) and 2 years of experience in a management role
• Strong working knowledge of Windows-based platforms, application and TCP/IP network security technologies, information security concepts, principles and components of a comprehensive information security program
• Demonstrated experience in Application Security concepts, Control frameworks and control objectives
• Strong, demonstrable aptitude for and interest in information and application security
• Exceptional organizational skills to balance work and lead projects.
• Demonstrable leadership and interpersonal skills with experience in mentoring team members
• Strong written communication and professional verbal communication skills. Experienced facilitator and presenter.
• Experienced facilitator and presenter to a large audience

PREFERRED REQUIREMENTS

The ideal candidate for the position of Senior IS Advisor meets the following qualifications:

• Bachelor’s degree in Information Security, Information Technology, Information Systems Management, Computer Science, Engineering or related field(s)
• 7-10 years of experience in IT; 5 or more years of Information Security experience
• Relevant professional certifications or working towards attainment such as: GCIH/GSEC, CISM, CISA, CISSP, CRISC.
• Demonstrated experience in providing information security guidance to senior IT Leadership.
• Advanced knowledge of common web technologies, enterprise, and network architecture.

• Strong understanding of: modern security tools and controls, secure development life cycle methodologies, programming languages or other scripting languages, web-based application architectures (IIS, Apache, etc.)
• Advanced knowledge of or demonstrated experience with defense in depth, trust levels, privileges, and permissions
• Advanced knowledge of or demonstrated experience in application penetration testing.
• Experience with industry regulations such as FERPA, HIPAA, GLBA, PCI, and SOX
• Experience with ISO 27001 or Nist 800-53
• Large complex industry-related experience

THE WORK YOU WILL DO

The Senior Information Security Advisor is responsible for planning, designing, and executing security solutions, benchmarking technology strategies, leading the selection and implementation of technology solutions, identifying security deficiencies, and recommending corrective action of identified vulnerabilities. Responsibilities include overseeing the creation and publication of internal controls, ensuring the development and maintenance of adequate compliance resources and training opportunities, and fostering a risk and compliance-focused culture within the division. This position works with IT internal support teams as well as external clients within the university to provide the highest standards of support relative to information security governance and risk management practices. Other responsibilities include providing guidance on security solutions, preparing benchmarking reports and presentations, monitoring security metrics to evaluate the efficacy of security programs, and leading security incident response activities.

The Senior IS Advisor:

• Serves as a Subject Matter Expert (SME) for information security across the university, to include schools, departments, project teams and vendors. Assists in the planning, design, and execution of appropriate technology security solutions. Examines technology vision, opportunities, and challenges with regard to security standards and their impact on technology and reacts accordingly in alignment and support of the execution of the USC Information Security Program vision and strategy
• Benchmarks technology strategies and architectures. Monitors and anticipates trends and investigates organizational objectives and needs. Provides guidance on Information security solutions and prepares benchmarking reports and presentations
• Assesses multiple project risks and complexities. Oversees project handoffs including document preparation, training and education, and support to ensure smooth transitions. Leads the selection and design of tools that allow reuse of design components and plans between similar projects
• Leads highly technical/analytical security assessments of custom web applications, mid-tier application services and backend mainframe applications, including manual penetration testing, source code and configuration review using a risk-based intelligence-led methodology. Identifies potential misuse scenarios. Advises on secure development practices

• Leads the research, evaluation, proof-of-concept, selection and implementation of technology solutions. Negotiates with vendors. Provides detailed analysis of pros and cons and build vs buy options. Facilitates flexible and scalable solutions. Ensures that the technical design considers security controls, performance, confidentiality, integrity, availability, access and total cost. Oversees working solutions or prototypes and resolves any issues that arise.
• Leads security strategy, architecture and tools in accordance with university standards, policies, procedures and other formal guidance, ensuring security technology standards and best practices are maintained across the university
• Promotes implementation of new technology, solutions and methods to improve business processes, efficiency, effectiveness and security. Oversees operational, architectural and design documentation including procedures, task lists, and roadmaps
• Matures information security risk management processes, programs and strategies. Aligns information security activities with regulatory requirements and internal risk management policies. Identifies security gaps and deficiencies by conducting risk assessments and recommends corrective action of identified vulnerabilities and weaknesses. Leads the planning, testing, tracking, remediation, and acceptance level for identified security risks. Oversees the creation and publication of internal controls. Ensures requisite compliance monitoring is in place to identify control weaknesses, compliance breaches and operational loss events. Ensures adequate compliance resources and training, fostering a risk and compliance focused culture and optimizing relations with team members and regulators.
• Leads enterprise due-diligence activities including security monitoring and security metrics to evaluate effectiveness of the enterprise security program and established controls.
• Leads security incident response activities and post-event reviews of security incidents. Ensures the clear and professional documentation of root cause and risk analysis of all findings. Reviews and leads action plans for issue resolution. Leads investigation and reports contribution of security threats and incidents.
• Leads security incident response activities and post-event reviews of security incidents. Ensures the clear and professional documentation of root cause and risk analysis of all findings. Reviews and leads action plans for issue resolution. Leads investigation and reports contribution of security threats and incidents.
• Oversees security testing projects according to a structured process, including writing test plans, test cases and test reports. Leads basic proof-of-concept exploits of vulnerabilities
• Interfaces with peers and senior leadership and communicates at all levels. Provides guidance to less experienced Information Security team members.
• Recruits, screens, hires, trains and directly supervises all assigned staff. Evaluates employee performance and provides guidance and feedback. Counsels, disciplines and/or terminates employees as required. Oversees onboarding and orientation of new employees to ensure that duties, responsibilities, work requirements and performance standards are clearly understood. Assesses staff development needs. Promotes staff participation in educational opportunities and activities. Schedules, assigns and prioritizes workloads. Sets appropriate deadlines. Monitors employee performance on day-to-day basis. Ensures timely completion of unit's work.
• Maintains awareness and knowledge of current changes within legal, regulatory, and technology environments which may affect operations. Ensures senior management and staff are informed of any changes and updates in a timely manner. Establishes and maintains appropriate network of professional contacts. Maintains membership in appropriate professional organizations and publications. Attends meetings, seminars and conferences and maintains continuity of any required or desirable certifications, if applicable