We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
#alert
Back to search results
New

Sr. IT Security Risk & Compliance Analyst - Remote - 140476

University of California - San Diego Medical Centers
United States, California, San Diego
Jul 17, 2026

Reassignment Applicants: Eligible Reassignment clients should contact their Disability Counselor for assistance.

This is a UC San Diego Internal Recruitment open to UCSD and UCSD Health System Staff Only

DESCRIPTION

The Senior IT Security Risk and Compliance Analyst performs advanced information security risk assessment, governance, compliance, policy, and assurance activities across UC San Diego Health. Supports the development, implementation, and continuous improvement of information security risk management and compliance programs by identifying, assessing, and documenting security risks, threats, vulnerabilities, and control deficiencies affecting technologies, applications, systems, vendors/3rd-parties, business processes, research environments, and information assets. Provides risk-based recommendations to strengthen the organization's overall security posture and support informed decision-making.

Conducts complex security risk assessments, compliance reviews, and control evaluations; assesses control design and effectiveness, reviews supporting evidence, evaluates residual risk, and supports remediation planning. Activities include assessment of third-party providers, cloud services, new technologies, and other initiatives that introduce information security risk. Ensures alignment with University policy, industry standards, contractual obligations, and applicable regulatory requirements, including HIPAA, PCI DSS, FERPA, and related requirements.

Contributes to the development, maintenance, and communication of information security policies, standards, procedures, and related governance activities. Supports audit readiness, compliance monitoring, assurance activities, and risk treatment processes through evaluation of security controls, compensating controls, exception requests, corrective actions, and risk acceptance decisions. Develops and maintains documentation supporting risk assessments, compliance reviews, governance processes, audit requests, remediation activities, and regulatory requirements.

Serves as a trusted advisor to technical and business stakeholders regarding information security risks, compliance obligations, governance requirements, and remediation strategies. Communicates findings, recommendations, and risk determinations to stakeholders at multiple organizational levels and helps prioritize mitigation efforts based on risk to patient care, clinical operations, research activities, regulatory obligations, institutional objectives, and operational resiliency. Contributes to the maturity and effectiveness of the organization's information security, risk management, governance, and compliance programs.

May support investigations, legal requests, eDiscovery activities, and other matters requiring a high degree of professionalism, discretion, and confidentiality.

MINIMUM QUALIFICATIONS
  • Nine (9) years of related experience, education/training, OR a Bachelor's degree in a related area plus five (5) years of related experience/training. Related experience includes advanced information security risk assessment, compliance, governance, security assurance, control evaluation, or technical security activities within complex organizational environments.

  • Advanced interpersonal skills sufficient to work effectively with both technical and non-technical personnel at various levels in the organization.

  • Advanced experience using IT security systems and tools.

  • Knowledge of department processes and procedures.

  • Demonstrated skills applying security controls to computer software and hardware.

  • Demonstrated skill at administering complex security controls and configurations to computer hardware, software and networks.

  • Advanced knowledge of data encryption technologies and experience selecting and applying appropriate data encryption technologies.

  • Advanced knowledge of IT security.

  • Broad knowledge of other areas of IT.

  • Demonstrated knowledge of secure hardware, software and network design techniques.

  • Demonstrated skill at analyzing and preventing security incidents of high complexity.

  • In-depth knowledge of computer hardware, software and network security issues and approaches.

  • Advanced experience in incident response and digital forensics including reporting.

PREFERRED QUALIFICATIONS
  • Advanced experience conducting and documenting security risk assessments, control evaluations, security reviews, or security assurance activities across applications, systems, cloud services, vendors, research environments, or business processes.

  • Demonstrated ability to evaluate technical, administrative, and operational security controls and determine residual risk, control gaps, and risk-based recommendations.

  • Knowledge of evidence-based assessment techniques, including review of technical artifacts, configuration documentation, vulnerability data, remediation records, access control evidence, vendor documentation, and stakeholder attestations.

  • Experience documenting and managing risk exceptions, compensating controls, corrective action plans, risk acceptance decisions, and related governance activities.

  • Knowledge of vulnerability governance practices, including risk-based prioritization, remediation tracking, exception management, corrective action validation, and residual risk documentation.

  • Experience supporting audit readiness, compliance reviews, accreditation activities, regulatory inquiries, or other assurance-related processes through preparation, review, or validation of supporting documentation and evidence.

  • Knowledge of security and compliance frameworks, regulatory requirements, and industry practices relevant to healthcare, higher education, research, and regulated environments.

  • Experience working in healthcare, academic medical centers, research environments, higher education, or similarly regulated organizations.

  • Security-related certification such as CISSP, CRISC, CISM, CISA, HCISPP, or equivalent; CISSP strongly preferred.

SPECIAL CONDITIONS
  • Must be able to work various hours and locations based on business needs.

  • Employment is subject to a criminal background check and pre-employment physical.

Pay Transparency Act

Annual Full Pay Range: Unclassified - No data available (will be prorated if the appointment percentage is less than 100%)

Hourly Equivalent: Unclassified - No data available

Factors in determining the appropriate compensation for a role include experience, skills, knowledge, abilities, education, licensure and certifications, and other business and organizational needs. The Hiring Pay Scale referenced in the job posting is the budgeted salary or hourly range that the University reasonably expects to pay for this position. The Annual Full Pay Range may be broader than what the University anticipates to pay for this position, based on internal equity, budget, and collective bargaining agreements (when applicable).

Applied = 0

(web-77cf7d65c7-4rhzf)