JOB OVERVIEW The IT Security Analyst will conduct information security risk assessments for UCSF information systems, affiliate organizations, and vendors and assist with the management of the information security risk assessment process, including scoping, intake, review, and approvals. Review system design and security controls against NIST Cybersecurity Framework, NIST 800-53, ISO 27001/2, and other standard security frameworks. Establish and maintain effective risk assessment and risk management practices, following NIST 800-30, 800-37 and 800-39 guidance.
Consult with internal customers and external vendors on UCSF security compliance requirements, including UC policy and regulatory requirements such as HIPAA. Collaborate with UCSF Privacy Office, legal, risk management and procurement departments, and a variety of providers, faculty, researchers, business managers, technical staff, and outside vendors.
INFORMATION TECHNOLOGY The UCSF Information Technology (IT) Security group’s responsibilities include, but are not limited to:
• Establishing policies and standards for information security • Proving guidance and conducting risk assessments of systems and solutions • Outreach and security awareness training and education • Incident response and forensic analysis • E-Discovery service • Endpoint security solutions, such as encryption and anti-virus • Issue digital certificates.
ABOUT UCSF The University of California, San Francisco (UCSF) is a leading university dedicated to promoting health worldwide through advanced biomedical research, graduate-level education in the life sciences and health professions, and excellence in patient care. It is the only campus in the 10-campus UC system dedicated exclusively to the health sciences.
REQUIRED QUALIFICATIONS • Bachelor's degree in related area and / or equivalent experience / training •Must possess, or be able to obtain one of the following within 9 months of employment on the team: • CompTIA Security+ • CISSP or HCISSP • CRISC • CISA or CISM
• Five+ years of direct experience with information security principles and operations • Two+ years of direct experience conducting information security risk assessments • Advanced understanding of standard security control frameworks, including NIST Cybersecurity Framework, NIST 800-53, and ISO 27001/2 • Advanced understanding of HIPAA regulatory specifications and compliance requirements • Advanced understanding of standard risk assessment and risk management frameworks, including NIST 800-30, 800-37, and 800-39 • Intermediate understanding of IT security domains, including access control; application development security; business continuity and disaster recovery planning; cryptography; information security governance and risk management; legal regulations, investigations and compliance; operations security; and physical and environmental security • Ability to advise IT system architects, technical project teams, and high-level business managers • Strong understanding of risk management concepts, metrics, and reporting methodologies • Experience with governance, risk, and compliance (GRC) tools • Understanding of business processes surrounding security and IT technical implementations • Demonstrated ability to learn new technologies with minimal support and guidance • Strong ethical foundation for business practices and promotion of workplace integrity • Self-driven education to stay abreast of security developments and threats • Team oriented; active participant in team and project meetings • Diligent notification of management and co-workers of ongoing activities and possible security exposures • Solutions-driven, vendor-neutral technology outlook • Priority-driven time management for diverse projects across multiple customers and environments • Independent thinker; must be able to prioritize work and plan future activities • Detail-focused, adherent to procedures • Strong communications skills, both written and oral, with ability to interact effectively at all levels of responsibility and authority • Demonstrable aptitude for careers in IT security
LICENSE / CERTIFICATION •Must possess, or be able to obtain one of the following within 9 months of employment on the team: • CompTIA Security+ • CISSP or HCISSP • CRISC • CISA or CISM
JOB REQUIREMENTS: The University of California San Francisco is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.
To apply for this position, please copy and paste the following link into your browser address bar: https://ucsfedu.contacthr.com/70041351