At Shire, we are proud and grateful to employ military veterans and thank them for their contributions to our company and our country. See where your military experience can play a role at Shire by using our military skills translator job search tool below:
Description
The Senior IT Risk Analyst at UCLA Health Sciences plays a central role in the risk assessment lifecycle for both new and existing solutions.
The responsibilities include performing risk assessments and developing risk management tactics and strategies and sustaining a thorough understanding of the IT needs for both third-party and security assessments. This understanding is achieved by building strong relationships and developing collaborative solutions that align with the stakeholders' needs.
The Analyst must also be able to operate within both structured and unstructured environments and various levels of process maturity. The Analyst is responsible for ensuring the timely delivery of third-party and security assessments to protect sensitive data, critical systems, and infrastructure. This role involves regular engagement with enterprise stakeholders, IT technical teams, and vendors, enforcing compliance with UCLA Health Sciences' policies, procedures, HIPAA/FERPA standards, and all other relevant regulations.
In addition, the Analyst must display thoughtful decision-making skills, meticulously weighing the risk and business impact of each choice. They should also be proficient at conveying the rationale behind their decisions to a diverse audience, including both technical and non-technical individuals. Being well-organized and committed to keeping all information current and accurately managed is also a significant part of this role.
This is a flex-hybrid role which will require you to be onsite at least six days a quarter or as needed by operational need. Please note that there are no reimbursements for travel to "home office" location.
Each employee must complete a FlexWork Agreement with their manager which will outline arrangement parameters and aids both parties in fully understanding expectations. Arrangements are regularly evaluated, and are subject to termination.
Salary offers are determined based on various factors including, but not limited to, qualifications, experience, and equity. The full salary range for this position is $95,900 - $222,100 annually. The budgeted salary or hourly range that the University reasonably expects to pay for this position is approximately between the minimum and $150,000 annually.
This is a one year contract role. Contracts may convert to career.Qualifications
Bachelor's degree in Computer Science, Engineering, Information Systems (or similar) OR 5+ years of relevant professional experience in Information Security or IT Risk Management, preferably in healthcare
In-depth knowledge of research IT needs at an academic medical center and familiarity with vendors and purchasing processes.
Relevant information security certifications preferred (e.g., CISSP, CISA, CISM, CRISC, or GIAC)
Proven experience in cyber risk assessments, preferably within the healthcare or educational sector.
Demonstrated skill in establishing and maintaining cooperative working relationships.
A strong sense of customer service and attention to detail
Ability to work independently, setting goals and priorities.
Confidence to follow-up and champion critical findings, follow through and deliver timely results.
Strong understanding of IoT/IoMT devices and their security implications.
Excellent communication skills, both written and verbal, with the ability to effectively communicate technical concepts to diverse audiences.
Strong interpersonal skills and the ability to collaborate and build partnerships with various stakeholders.
Analytical mindset with the ability to think critically and assess complex cyber risks.
Strong problem-solving skills and the ability to provide practical recommendations for risk mitigation.
Proficient knowledge of hardware/software architecture and domains in IT operations with a focus on governance, risk and compliance.
Ability to understand large, complex systems.
An understanding of communications and network vulnerabilities.
Knowledge of personal computer and mobile architectures, OS and applications.
Understanding of legal and regulatory compliance standards and requirements against data and IT, including HIPAA, FERPA, Payment Card Industry Data Security Standard (PCIDSS), ISO27001, NIST and COBIT.
Knowledge of products which protect systems, such as Intrusion Prevention Systems (host- and network-based), Firewalls, Security Event Management Systems, port scanning and vulnerability identification, monitoring and logging mechanisms, etc.
Familiarity with multiple software types at the application and enterprise levels.
Possess the verbal and written communication skills to work effectively with technical and non-technical personnel at various levels in the organization; ability to use standard English grammar and punctuation.
Proficient in Microsoft Office product suite (MS Outlook, Word, PowerPoint, and Excel).
UCLA Health welcomes all individuals, without regard to race, sex, sexual orientation, gender identity, religion, national origin or disabilities, and we proudly look to each person’s unique achievements and experiences to further set us apart.