Sr. IT Security Risk & Compliance Analyst - Remote - 140476
University of California - San Diego Medical Centers | |
United States, California, San Diego | |
Jul 17, 2026 | |
|
Reassignment Applicants: Eligible Reassignment clients should contact their Disability Counselor for assistance. This is a UC San Diego Internal Recruitment open to UCSD and UCSD Health System Staff Only The Senior IT Security Risk and Compliance Analyst performs advanced information security risk assessment, governance, compliance, policy, and assurance activities across UC San Diego Health. Supports the development, implementation, and continuous improvement of information security risk management and compliance programs by identifying, assessing, and documenting security risks, threats, vulnerabilities, and control deficiencies affecting technologies, applications, systems, vendors/3rd-parties, business processes, research environments, and information assets. Provides risk-based recommendations to strengthen the organization's overall security posture and support informed decision-making. Conducts complex security risk assessments, compliance reviews, and control evaluations; assesses control design and effectiveness, reviews supporting evidence, evaluates residual risk, and supports remediation planning. Activities include assessment of third-party providers, cloud services, new technologies, and other initiatives that introduce information security risk. Ensures alignment with University policy, industry standards, contractual obligations, and applicable regulatory requirements, including HIPAA, PCI DSS, FERPA, and related requirements. Contributes to the development, maintenance, and communication of information security policies, standards, procedures, and related governance activities. Supports audit readiness, compliance monitoring, assurance activities, and risk treatment processes through evaluation of security controls, compensating controls, exception requests, corrective actions, and risk acceptance decisions. Develops and maintains documentation supporting risk assessments, compliance reviews, governance processes, audit requests, remediation activities, and regulatory requirements. Serves as a trusted advisor to technical and business stakeholders regarding information security risks, compliance obligations, governance requirements, and remediation strategies. Communicates findings, recommendations, and risk determinations to stakeholders at multiple organizational levels and helps prioritize mitigation efforts based on risk to patient care, clinical operations, research activities, regulatory obligations, institutional objectives, and operational resiliency. Contributes to the maturity and effectiveness of the organization's information security, risk management, governance, and compliance programs. May support investigations, legal requests, eDiscovery activities, and other matters requiring a high degree of professionalism, discretion, and confidentiality. MINIMUM QUALIFICATIONS
Pay Transparency Act Annual Full Pay Range: Unclassified - No data available (will be prorated if the appointment percentage is less than 100%) Hourly Equivalent: Unclassified - No data available Factors in determining the appropriate compensation for a role include experience, skills, knowledge, abilities, education, licensure and certifications, and other business and organizational needs. The Hiring Pay Scale referenced in the job posting is the budgeted salary or hourly range that the University reasonably expects to pay for this position. The Annual Full Pay Range may be broader than what the University anticipates to pay for this position, based on internal equity, budget, and collective bargaining agreements (when applicable). | |
Jul 17, 2026