IT Security Analyst 3

Overview:

UCI Health is the clinical enterprise of the University of California, Irvine, and the only academic health system based in Orange County. UCI Health is comprised of its main campus, UCI Medical Center, a 459-bed, acute care hospital in in Orange, Calif., four hospitals and affiliated physicians of the UCI Health Community Network in Orange and Los Angeles counties and ambulatory care centers across the region. Listed among America's Best Hospitals by U.S. News & World Report for 23 consecutive years, UCI Medical Center provides tertiary and quaternary care and is home to Orange County's only National Cancer Institute-designated comprehensive cancer center, high-risk perinatal/neonatal program and American College of Surgeons-verified Level I adult and Level II pediatric trauma center, gold level 1 geriatric emergency department and regional burn center. UCI Health serves a region of nearly 4 million people in Orange County, western Riverside County and southeast Los Angeles County.

To learn more about UCI Health, visit

Responsibilities:

Position Summary:

The data security analyst will play a leading role in driving information security analysis, vulnerability remediation and performing risk assessments. This role is a key business enabler to provide information security risk analysis and strategic recommendations for the ongoing improvement of Information Security for the UCI School of Medicine, Health Research and UCI Health as needed. In this role, you will be engaging with program employees, researchers, stakeholders, and executives to ensure appropriate and up-to-date security management.

Remote Work:

This position will be predominantly work from home but is required to work onsite depending on the needs of the School of Medicine from the Irvine or Orange Campus locations.

Qualifications:

Required Qualifications:

• Understanding of security baselines and configuration standards for healthcare IT systems
• Must possess the skill, knowledge and ability essential to the successful performance of assigned duties
• Must demonstrate customer service skills appropriate to the job
• Excellent written and verbal communication skills in English
• Ability to review contractual language and Business Associate Agreements
• Ability to review and interpret vulnerability assessment reports and prioritize findings based on risk
• Ability to recommend risk mitigation strategies and controls based on risk assessment findings
• Ability to maintain a work pace appropriate to the workload
• Ability to deliver clear, actionable, and timely risk reports tailored for both technical staff and non-technical stakeholders
• Ability to conduct security awareness training and compliance & management
• Ability to assess levels of risk
• Ability to analyze, support and maintain numerous proactive risk program
• 5+ years working in a heterogeneous IT environment
• 5+ years in academic and healthcare IT environments
• 2+ years of experience in data security assessment and audit

Preferred Qualifications:

• Understanding of cloud security risks and controls for platforms such as Microsoft Azure, AWS, or Google Cloud
• Knowledge of risk management frameworks and methodologies such as NIST RMF, NIST CSF, ISO 27001, or FAIR
• Knowledge of medical center and academic IT environments
• Knowledge of HIPAA/HITECH, NIH, FISMA, CMS, CPHS, dbGaP, PCI-DSS and other State and Federal data security requirements and regulations
• Industry certifications such as Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), HealthCare Information Security and Privacy Practitioner (HCISPP), Security+, or related GRC credentials
• Familiarity with enterprise IT environments and common technology risks
• Experience with GRC platforms or risk management tools (e.g., ServiceNow GRC, Archer, LogicGate)

Total Rewards

We offer a wealth of benefits to make working at UCI even more rewarding. These benefits may include medical insurance, sick and vacation time, retirement savings plans, and access to a number of discounts and perks. Please utilize the links listed here to learn more about our compensation practices and benefits.

Conditions of Employment:

The University of California, Irvine (UCI) seeks to provide a safe and healthy environment for the entire UCI community. As part of this commitment, all applicants who accept an offer of employment must comply with the following conditions of employment:

• Background Check and Live Scan
• Employment Misconduct*
• Legal Right to Work in the United States
• Vaccination Policies
• Smoking and Tobacco Policy
• Drug Free Environment

Exercise the utmost discretion in managing sensitive information learned in the course of performing their duties. Sensitive information includes but is not limited to employee and student records, health and patient records, financial data, strategic plans, proprietary information, and any other sensitive or non-public information learned during the course and scope of employment. Understands that sensitive information should be shared on a limited basis and actively takes steps to limit access to sensitive information to individuals who have legitimate business need to know. Ensure that sensitive information is properly safeguarded. Follow all organizational policies and laws on data protection and privacy. This includes secure handling of physical and digital records and proper usage of IT systems to prevent data leaks. The unauthorized or improper disclosure of confidential work-related information obtained from any source on any work-related matter is a violation of these expectations.

• Misconduct Disclosure Requirement: As a condition of employment, the final candidate who accepts a conditional offer of employment will be required to disclose if they have been subject to any final administrative or judicial decisions within the last seven years determining that they committed any misconduct; received notice of any allegations or are currently the subject of any administrative or disciplinary proceedings involving misconduct; have left a position after receiving notice of allegations or while under investigation in an administrative or disciplinary proceeding involving misconduct; or have filed an appeal of a finding of misconduct with a previous employer.

The following additional conditions may apply, some of which are dependent upon business unit or job specific requirements.

• California Child Abuse and Neglect Reporting Act
• E-Verify
• Pre-Placement Health Evaluation

Details of each policy may be reviewed by visiting the following page:

Closing Statement:

The University of California is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age, protected veteran status, or other protected categories covered by the UC Anti-Discrimination Policy.

We are committed to attracting and retaining a diverse workforce along with honoring unique experiences, perspectives, and identities. Together, our community strives to create and maintain working and learning environments that are inclusive, equitable, and welcoming.

UCI provides reasonable accommodations for applicants with disabilities upon request. For more information, please contact UCI's Employee Experience Center (EEC) at or at , Monday - Friday from 8:30 a.m. - 5:00 p.m.