We are currently seeking an Information Security Officer to join the USC Libraries and the USC Shoah Foundation within Information Technology Services. The Information Security Officer is responsible for oversight and maintenance of information security systems, network architectures, and other pertinent security solutions to safeguard the organization’s critical assets. This role will serve as liaison to the Office of the CISO (OCISO) to ensure that industry best practices and USC security policies and standards are clearly communicated and translated to local processes and operational controls.
The Information Security Officer will also work with the OCISO to identify and manage risks, improve security awareness, and enable the organization to comply with contractual and regulatory requirements (e.g. SOC2, ISO, etc..). Other responsibilities include safeguarding critical data on networks and systems and ensuring that they are adequately secured and protected to prevent unauthorized access.
The successful candidate must have at least 5-7 years of experience within IT or Information Security. He/she should also possess extensive knowledge on network security technologies and attack strategies. The candidate should also have experience working with the Governance, Risk & Compliance (GRC) function to support and coordinate governance processes such as risk management, compliance, policy exceptions, and security awareness.
The USC Shoah Foundation Institute was founded by Steven Spielberg in 1994 and has collected, cataloged, digitized and preserves 53,000 interviews of Holocaust survivors and witnesses. The Institute houses nearly 53,000 audio-visual testimonies conducted in 63 countries and in 40 languages.
The USC Libraries actively support the discovery, creation, and preservation of knowledge. We develop collections and services that support and encourage the academic endeavors of faculty, students, and staff; build a community of critical consumers of information; and help develop engaged world citizens. USC has 23 libraries and information centers and the USC Digital Library.
- Must have a Bachelor’s Degree or combined experience/education as substitute for advanced education
- Minimum of 5-7 years of directly related work experience in IT or Information Security
- Possesses extensive working knowledge of network security solutions and strategies, including network security concepts and attack strategies.
- Demonstrated working knowledge of application frameworks, security concepts and strategies
- Experience with Security Architecture design
- Experience with network and system security technologies and solutions (e.g. firewall, IDS/IPS, file integrity, network anomaly detection, etc.)
- Experience working with GRC to support governance processes such as risk management, compliance, policy exceptions, and security awareness.
- Working knowledge and understanding of Regulatory Compliance and Information Security control measures as defined in SOC2 and ISO 27001
- Ability to locally design, evaluate and document standards, guidelines, and procedures and lead teams in accomplishing process review and improvement based on USC policies and standards
- Strong understanding of information security across all security domains and the relationship between threats and vulnerabilities and how they translate into risks
- Strong analytical thinking and strong decision-making skills
- Ability to effectively communicate with individuals at all levels
- Typically possesses 5-7 years of experience in IT or Information Security
- Typically possesses 5 years of experience in network security and architecture design
- Typically possesses experience in Governance, Risk Management and Regulatory Compliance domains
- Typically possesses one or more of the following Certifications: CISSP, CCNA, CCENT, GSEC, MCSA, CISM
- Ability to work in a fast-paced environment while balancing and prioritizing multiple projects
- Manages and administers firewall policy and rule changes
- Runs reports and supports security devices such as Lancope, Tripwire, ObserveIT, Sourcefire, Fortinet, etc…
- Acts as a liaison between USC Shoah and the OCISO to support, implement, and enforce governance processes, information security policies, standards, and methodologies.
- Participates and coordinates risk management activities with the OCISO by reporting identified risks and locally driving remediation with key stakeholders.
- Assists USC Shoah with contractual and regulatory audits (e.g. SOC2, ISO) through findings analysis and remediation with the guidance of the OCISO.
- Translates USC information security policies and standards requirements into local procedures and guidelines to implement security controls and operational processes.
- Supports the communication of OCISO programs for security awareness and training.
- Assists OCISO in identifying USC Shoah critical data and assets to implement recommended security controls based on USC policies and standards
- Develops requirements for application, system and network architectures so they meet or exceed compliance requirements, industry best-practices, and USC policies and standards.
- Works closely with the Systems and Network teams to integrate security solutions into the infrastructure
- Provides feedback on security standards and configuration baselines.
- Recommends security solutions based on knowledge of best practices
- Supports processes to integrate security architecture with change management and systems development (SDLC/IDLC)
- Maintains awareness and knowledge of current changes within legal, regulatory, and technology environments which may affect operations. Ensures senior management and staff are informed of any changes and updates in a timely manner.
- Performs other related duties as assigned or requested. The university reserves the right to add or change duties at any time
- Master’s Degree
- 5-7 years of experience in IT or Information Security
- 5 years of experience in firewall management and network security
- One or more of the following Certifications: CISSP, CCNA, CCENT, GSEC, MCSA, CISM
- Experience in Higher Education