Sr. IT Security Analyst - IT - Information Security

UCSF Medical Center   •  

San Francisco, CA

Industry: Patient Care


8 - 10 years

Posted 300 days ago

This job is no longer available.

Job Summary

  • Conduct information security risk assessments for UCSF information systems, affiliate organizations, and vendors and oversee information security risk assessment process, including scoping, intake, review, and approvals
  • Review system design and security controls against NIST Cybersecurity Framework, NIST 800-53, ISO 27001/2, and other standard security frameworks
  • Establish and maintain effective risk assessment and risk management practices, following NIST 800-30, 800-37 and 800-39 guidance
  • Develop risk management reporting methodologies and support management visibility of risk management program and UCSF risk profile
  • Consult with internal customers and external vendors on UCSF security compliance requirements, including UC policy and regulatory requirements such as HIPAA. Collaborate with UCSF Privacy Office, legal, risk management and procurement departments, and a variety of providers, faculty, researchers, business managers, technical staff, and outside vendors

Required Qualifications

  • Seven years direct experience with information security principles and operations
  • Five years direct experience conducting information security risk assessments
  • Bachelor’s degree in computer science or related field, or equivalent work experience
  • Advanced understanding of standard security control frameworks, including NIST Cybersecurity Framework, NIST 800-53, and ISO 27001/2
  • Advanced understanding of HIPAA regulatory specifications and compliance requirements
  • Advanced understanding of standard risk assessment and risk management frameworks, including NIST 800-30, 800-37, and 800-39
  • Advanced understanding of IT security domains, including access control; application development security; business continuity and disaster recovery planning; cryptography; information security governance and risk management; legal regulations, investigations and compliance; operations security; and physical and environmental security
  • Ability to advise and influence IT system architects, technical project teams, and high-level business managers
  • Strong understanding of risk management concepts, metrics, and reporting methodologies
  • Experience with governance, risk, and compliance (GRC) tools
  • Experience with business process improvement practices
  • Utilization of a structured change-management and request tracking environment
  • Understanding of business processes surrounding security and IT technical implementations
  • Participation in new system deployments, upgrades, and system and software installations
  • System and network diagnostics
  • Demonstrated ability to learn new technologies with minimal support and guidance
  • Strong ethical foundation for business practices and promotion of workplace integrity
  • Self-driven education to stay abreast of security developments and threats
  • Team oriented; active participant in team and project meetings 
  • Diligent notification of management and co-workers of ongoing activities and possible security exposures
  • Solutions-driven, vendor-neutral technology outlook
  • Priority-driven time management for diverse projects across multiple customers and environments
  • Independent thinker; must be able to prioritize work and plan future activities 
  • Detail-focused, adherent to procedures
  • Strong communications skills, both written and oral, with ability to interact effectively at all levels of responsibility and authority
  • Demonstrable aptitude for careers in IT security
  • The flexibility to orient and work at all UCSF Medical Center locations

Preferred Qualifications

  • N/A


  • Must possess, or be able to obtain one of the following within nine months of employment on the team:
    • CompTIA Security+
    • CRISC
    • CISA or CISM

Living Pride Standards

Service Excellence

  • Demonstrates service excellence by following the Everyday PRIDE Guide with the UCSF Medical Center standards and expectations for communication and behavior. These standards and expectations convey specific behavior associated with the Medical Center’s values: Professionalism, Respect, Integrity, Diversity and Excellence, and provide guidance on how we communicate with patients, visitors, faculty, staff, and students, virtually everyone, every day and with every encounter. These standards include, but are not limited to: personal appearance, acknowledging and greeting all patients and families, introductions using AIDET, managing up, service recovery, managing delays and expectations, phone standards, electronic communication, team work, cultural sensitivity and competency.   
  • Uses effective communication skills with patients and staff; demonstrates proper telephone techniques and etiquette; acts as an escort to any patient or family member needing directions; shows sensitivity to differences of culture; demonstrates a positive and supportive manner in which patients / families/ colleagues perceive interactions as positive and supportive. Exhibits team work skills to positively acknowledge and recognize other colleagues, and uses personal experiences to model and teach Living PRIDE standards. 
  • Exhibits tact and professionalism in difficult situations according to PRIDE Values and Practices
  • Demonstrates an understanding of and adheres to privacy, confidentiality, and security policies and procedures related to Protected Health Information (PHI) or other sensitive and personal information.
  • Demonstrates an understanding of and adheres to safety and infection control policies and procedures.
  • Assumes accountability for improving quality metrics associated with department/unit and meeting organizational/departmental targets.