Manager, Cyber Risk Management

ABOUT THE DEPARTMENT

The University of Southern California (USC) is advancing its cybersecurity posture with a renewed focus on resilience cyber risk management and threat-informed defense. As a world-class research institution USC is building a culture of security that supports its academic and research mission in a rapidly evolving threat landscape.

This role sits within a newly restructured cybersecurity organization thats leading this transformation. Youll join a team focused on scalable proactive defense strategies incident preparedness and operational excellenceworking alongside experts who are deeply committed to service innovation and impact.

If youre driven by purpose thrive in complexity and want to help shape the future of cybersecurity at a leading university we invite you to bring your leadership to the table.

POSITION SUMMARY

As the Manager Cyber Risk Management you will be an integral leader of the cybersecurity department while also collaborating with stakeholders across the university ecosystem and reporting to the Senior Director Cyber Governance. This is a full-time exempt position eligible for all of USCs fantastic Benefits Perks. This opportunity is remote.

The Manager Cyber Risk Management develops implements and supports cybersecurity risk management plans as well as governance and remediation strategies. Plays a crucial role in establishing that the universitys cybersecurity risk management procedures are comprehensive up-to-date and effectively mitigate risks to provide consistency and enable the departments schools and units to perform processes in a more secure manner. Manages the development enhancement and maintenance of cybersecurity policies and standards. Ensures the university complies with relevant laws regulations and standards related to cybersecurity and privacy. Collaborates with various stakeholders to align cybersecurity policies with strategic goals and operational needs. Collaborates and manages relationship with managed service providers as required to support ongoing operations across in scope capabilities. Identifies and mitigates potential risks through threat analysis and carries out assessments on the effectiveness of established strategies. Responsible for overseeing both internal/external cyber risk management third-party related risks responding to audit needs and collaborating with departments schools units and functions across the university.

The Manager Cyber Risk Management will:

• Develops implements and supports cybersecurity risk management plans as well as governance and remediation strategies. Drives the execution of second line of defense risk management plans. Provides structured consulting in cyber risk management; promotes and instills a risk-aware and action-oriented culture throughout the university. Oversees third-party management and risk policy managed services.

• Manages the development enhancement and maintenance of cybersecurity policies and standards. Drafts reviews and updates cybersecurity policies standards and guidelines in accordance with regulatory requirements and best practices. Develops and enforces cybersecurity policies that protect sensitive information (e.g. health records personal data) from cyber threats. Ensures policies and procedures are robust and effective.

• Supports university compliance with relevant laws regulations and standards related to cybersecurity and privacy (e.g. FERPA HIPAA GDPR). Collaborates with various stakeholders across the university (e.g. IT staff faculty and administration). Aligns cybersecurity policies with strategic goals and operational needs. Supports the verification that departments schools and units (DSUs) adhere to the latest security and privacy legal regulatory and contractual requirements.

• Identifies and mitigates potential risks through threat analysis. Carries out regular assessments on the effectiveness of existing governance and risk management strategies. Monitors compliance with security policies; reports on the effectiveness of the security program to the chief information security officer (CISO) and executive leadership. Collaborates with OCEC Policy change management to identify change impacts; provides communications team with information necessary to disseminate any changes or additions to policy and/or standard requirements.

• Serves as the second line of defense (works with other second line of defense e.g. Ethics & Compliance) and works with the third line of defense which includes Internal Audit (providing Assurance services) and privacy teams to gain input and maintain knowledge of the latest applicable security and privacy legal regulatory and contractual requirements as well as industry best practices and security frameworks.

• Promotes and instills a risk-aware and action oriented culture throughout the university. Keeps abreast of emerging security threats technologies and regulatory changes that may impact the universitys security posture.

• Encourages a workplace culture where all employees are valued value others and have the opportunity to contribute through their ideas words and actions in accordance with the USC Code of Ethics.

MINIMUM QUALIFICATIONS

Great candidates for the position of Manager Cyber Risk Management will meet the following qualifications:

• 5 years of experience in risk management and security frameworks.

• A bachelors degree or combined experience and education as substitute for minimum education.

• Understanding of cybersecurity principles IT systems and cybersecurity technologies.

• Working knowledge and understanding of cybersecurity fundamentals and risk-based approaches to cybersecurity (e.g. hardening of operating systems identity provisioning vendor risk management).

• Ability to analyze complex security requirements translate them into effective policies and strategies and manage the change associated with implementing new policies and procedures.

• Understanding of cybersecurity policy framework management exception handling processes and regulatory and industry controls frameworks (e.g. PCI ISO NIST).

• Excellent written and verbal communication skills for drafting policies and communicating with stakeholders.

• Ability to identify and resolve security policy-related issues.

• Demonstrated skills in managing projects (e.g. policy development implementation initiatives).

• Capacity to develop long-term strategies for cybersecurity policy management.

• Demonstrated leadership and interpersonal skills with the ability to manage complex high-performing teams and foster an environment of trust collaboration transparency and accountability.

• Ability to build consensus among stakeholders and balance security needs with operational requirements.

• Experience working with faculty researchers and physicians.

PREFERRED QUALIFICATIONS

Exceptional candidates for the position of Manager Cyber Risk Management will also bring the following qualifications or more:

• 7 years of related experience.

• Understanding of the three lines of defense risk model.

• Experience working with top down business risk management.

• Understanding of cyber threat landscape and interplay with business strategic efforts.

• CISSP GIAC CISM or any combo of ISSA/ISACA/GSEC.

In addition the successful candidate must also demonstrate through ideas words and actions a strong commitment to USCs Unifying Values of integrity excellence community well-being open communication and accountability.

SALARY AND BENEFITS

The annual base salary range for this position is $167373.57 to $194563.75. When extending an offer of employment the University of Southern California considers factors such as (but not limited to) the scope and responsibilities of the position the candidates work experience education/training key skills internal peer alignment federal state and local laws contractual stipulations grant funding as well as external market and organizational considerations.

To support the well-being of our faculty and staff USC provides benefits-eligible employees with a broad range of perks to help protect their and their dependents health wealth and future. These benefits are available as part of the overall compensation and total rewards package. You can learn more about USCs comprehensive benefits here.

Join the USC cybersecurity team within an environment of innovation and excellence.

USC is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity national origin protected veteran status disability or any other characteristic protected by law or USC policy. USC observes affirmative action obligations consistent with state and federal law. USC will consider for employment all qualified applicants with criminal records in a manner consistent with applicable laws and regulations including the Los Angeles County Fair Chance Ordinance for employers and the Fair Chance Initiative for Hiring Ordinance and with due consideration for patient and student safety. Please refer to theBackground Screening Policy Appendix Dfor specific employment screen implications for the position for which you are applying.

We provide reasonable accommodations to applicants and employees with disabilities. Applicants with questions about access or requiring a reasonable accommodation for any part of the application or hiring process should contact USC Human Resources by phone at or by email at. Inquiries will be treated as confidential to the extent permitted by law.

• Notice of Non-discrimination
• Employment Equity
• Read USCs Clery Act Annual Security Report
• USC is a smoke-free environment
• Digital Accessibility

If you are a current USC employee please apply to thisUSC job posting in Workday by copying and pasting this link into your browser: