The Senior IT Risk Analyst collaborates with the Health Science IT community and leadership to conduct comprehensive analysis of highly complex on premise and cloud-based IT infrastructure, systems and applications to identify and classify potential and actual risk to data, business and IT infrastructure. While working to update/improve upon UCLA Health’s security risk assessment process and recommending appropriate appropriate remediation strategies, the Senior IT Risk Analyst conducts detailed risk assessments, including meeting with clients and vendors, to ensure all projects and initiatives meet all necessary policies, standards, and regulations. In addition, this individual will evaluate, develop, and recommend new information security assessment tools/techniques, and conduct vendor assessments to determine product security compliance when required by the UC procurement process. This is all done to support the clinical, academic, research, and administrative functions within UCLA Health Sciences.

Job Qualifications:

· Bachelor’s degree in Computer Science, Engineering, Information Systems (or similar) highly desired OR 5+ years of relevant professional experience in Information Security or IT Risk Management, preferably in healthcare
· Relevant information security certifications preferred (e.g., CISSP, CISA, CISM, CRISC, or GIAC)
· Proficient knowledge of hardware/software architecture and domains in IT operations with a focus on governance, risk and compliance.
· An understanding of communications and network vulnerabilities.
· Knowledge of personal computer and mobile architectures, OS and applications.
· Analytical ability to focus on specific details or subsystems, their vulnerabilities and linkages.
· Experience with IT audits.
· Project management skills with risk management.
· Understanding of legal and regulatory compliance standards and requirements against data and IT, including HIPAA, FERPA, Payment Card Industry Data Security Standard (PCIDSS), ISO27001, NIST and COBIT.
· Knowledge of products which protect systems, such as Intrusion Prevention Systems (host- and network-based), Firewalls, Security Event Management Systems, port scanning and vulnerability identification, monitoring and logging mechanisms, etc.

UCLA is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.