UCSD Layoff from Career Appointment: Apply by 05/20/19 for consideration with preference for rehire. All layoff applicants should contact their Employment Advisor.

Special Selection Applicants: Apply by 05/30/19. Eligible Special Selection clients should contact their Disability Counselor for assistance.

This position will remain open until filled.

The Senior Risk and Policy Analyst drives the implementation and enhancement of security processes across the organization by conducting and managing the required IT security risk assessment program to reduce information security risk, address threats and vulnerabilities to information assets, monitor compliance to policy, and improve the overall security posture of the University. Ensure compliance with regulatory requirements reducing likelihood of breaches and sanctions.

The Senior Risk and Policy Analyst serves as technical lead on external security audits and accreditation processes and conducts internal security audits on customer networks/systems. The position provides recommendations for security controls and ensures remediation of any deficiencies to ensure compliance with campus policy and regulatory requirements such a PCI, HIPAA, FERPA, etc. The senior analyst ensures that our risk assessment and vulnerability management programs meet regulatory requirements as well as university policy by aligning process with industry best practices.

The position applies advanced IT security concepts and campus, medical center or Office of the President objectives to resolve broad and/or highly complex issues where analysis of situations or data requires an in-depth evaluation of variable factors. Selects methods, techniques and evaluation criteria to obtain results. IT security Risk Assessments and adherence to organizational information security policies are required elements for HIPAA compliance. Assessments are used to identify threats and vulnerabilities to information systems and prioritize remediation activities.

Auditing compliance with implementing security controls is required to ensure that the risks are being managed to the degree that university policy requires. This is a fundamental component of an Information Security Program and drives the security improvement activities across the organization. Significant fines have been associated with not having through documented risk assessments and compliance programs in place by OCR.

• A Bachelor's Degree in healthcare information technology, computer science, or related area; and/or equivalent combination of experience/training.

• Five (5+) or more years of relevant experience in information security reviews of technologies using common information security best practices and organizational policies as the benchmark to assess against.

• Professional experience and proven success, monitoring, detecting, protecting and maintaining the security of data, systems and networks using IT security systems and tools.

• Demonstrated healthcare experience.
• Experience at auditing systems and configurations for compliance to organization policies and best practices.
• Experience with building and improving a risk assessment and/or vulnerability management program.

• Must be able to work various hours and locations based on business needs.
• Employment is subject to a criminal background check and pre-employment physical.
• Must be able to work various hours, days, shifts, on-call and various locations based on the 24-hour Medical Center's business needs.