Location: Austin, TX (78716)
Company: UCSF Medical Center
Industry: IT
Job Type: Full Time
Posted: 5 days ago

Conduct information security risk assessments for UCSF information systems, affiliate organizations, and vendors and oversee information security risk management processes, including scoping, intake, review, reporting, risk remediation, and risk acceptance. Review system design and security controls against NIST Cybersecurity Framework, PCI-DSS, NIST 800-53, ISO 27001/2, and other standard security frameworks. Establish and maintain effective risk assessment and risk management practices, following NIST 800-30, 800-37, and 800-39 guidance. Develop risk management reporting methodologies and support management visibility of risk management program and UCSF risk profile. Consult with internal customers and external vendors on UCSF security compliance requirements, including UC policy and regulatory requirements such as HIPAA and PCI-DSS. Collaborate with UCSF Privacy Office, legal, risk management, and procurement departments, and a variety of healthcare providers, faculty, researchers, business managers, technical staff, and outside vendors.

Department Description

The UCSF IT Security group's responsibilities include, but are not limited to:

Establishing policies and standards for information security

Providing guidance and conducting risk assessments of systems and solutions

Outreach and security awareness training and education

Incident response and forensic analysis

E-Discovery service

Endpoint security solutions, such as encryption and anti-virus

Issue digital certificates

Required Qualifications

Bachelor's degree in computer science or related field, or equivalent work experience

Minimum 5+ years of related experience

7+ years direct experience with information security principles and operations

5+ years direct experience conducting information security risk assessments

Must possess, or be able to obtain one of the following within 9 months of employment on the team:




Advanced understanding of standard security control frameworks, including NIST Cybersecurity Framework, NIST 800-53, and ISO 27001/2

Advanced understanding of HIPAA regulatory specifications and PCI-DSS compliance requirements.

Advanced understanding of standard risk assessment and risk management frameworks, including NIST 800-30, 800-37, and 800-39

Advanced understanding of IT security domains, including access control; application development security; business continuity and disaster recovery planning; cryptography; information security governance and risk management; legal regulations, investigations and compliance; operations security; and physical and environmental security

Ability to advise and influence IT system architects, technical project teams, and high-level business managers.

Strong understanding of risk management concepts, metrics, and reporting methodologies

Experience with governance, risk, and compliance (GRC) tools

Experience with business process improvement practices

Utilization of a structured change-management and request tracking environment

Understanding of business processes surrounding security and IT technical implementations

Participation in new system deployments, upgrades, and system and software installations

System and network diagnostics

Demonstrated ability to learn new technologies with minimal support and guidance

Strong ethical foundation for business practices and promotion of workplace integrity

Self-driven education to stay abreast of security developments and threats

Team-oriented; active participant in team and project meetings

Diligent notification of management and co-workers of ongoing activities and possible security exposures

Solutions-driven, vendor-neutral technology outlook

Priority-driven time management for diverse projects across multiple customers and environments

Independent thinker; must be able to prioritize work and plan future activities

Detail-focused, adherent to procedures

Strong communications skills, both written and oral, with the ability to interact effectively at all levels of responsibility and authority

Demonstrable aptitude for careers in IT security

Web Reference : AJF/359651472-202
Posted Date : Sat, 25 Jun 2022

Please note, to apply for this position you will complete an application form on another website provided by or on behalf of UCSF Medical Center. Any external website and application process is not under the control or responsibility of IT JobServe

Search for more IT Jobs