Description The Principal IT Risk Specialist for Academic & Research Programs at UCLA Health Sciences plays a central role in the risk assessment lifecycle for both new and existing solutions.
The responsibilities include, but are not limited to, the following:
- performing risk assessments and developing risk management tactics and strategies and sustaining a thoroughunderstanding of the IT needs within the academic and research community.
- building strong relationships and developing collaborative solutions that align with the stakeholders' needs
- acts as a crucial link between academic and research community, business relationship managers, IT security, and vendors
- effectively communicate and create alignment amongst various stakeholders
- operate within both structured and unstructured environments and various levels of process maturity
- ensuring the timely delivery of risk assessments in academic medical school environments to protect sensitive data and critical systems and infrastructure.
This role involves regular engagement with academic and research customers, IT technical teams, and vendors, enforcing compliance with UCLA Health Sciences' policies, procedures, HIPAA/FERPA standards, and all other relevant regulations. In addition, the specialist must display thoughtful decision-making skills, meticulously weighing the risk and business impact of each choice. They should also be proficient at conveying the rationale behind their decisions to a diverse audience, including both technical and non-technical individuals. Being well-organized and committed to keeping all information current and accurately managed is also a significant part of this role.
This is a flex-hybrid role which will require you to be onsite at least 10% of the time or as required by operational need; there are no reimbursements for travel to "home office" location. Each employee must complete a Flex Work Agreement with their manager which will outline arrangement parameters and aids both parties in fully understanding expectations. Arrangements are regularly evaluated, and are subject to termination.
Salary offers are determined based on various factors including, but not limited to, qualifications, experience, and equity. The full salary range for this position is $124,600 - $289,400 annually. The budgeted salary or hourly range that the University reasonably expects to pay for this position is approximately $165,000 - $180,000 annually.
Qualifications - Requires ability to travel tobusiness site regularly
- Physical effort required:walking, standing, bending, reaching, lifting and/or carrying objects that mayweigh up to 20 lbs.; moderate dexterity and the regular application of basicskills (calculator, keyboard, hand tools, eye/hand coordination); environmentmay be fast paced and stressful
- Bachelor's degree in Computer Science, Engineering, Information Systems (orsimilar) OR 5+ years of relevant professional experience in InformationSecurity or IT Risk Management, preferably in healthcare
- In-depth knowledge of research IT needs at anacademic medical center and familiarity with vendors and purchasing processes
- Relevant information security certifications preferred (e.g., CISSP, CISA,CISM, CRISC, or GIAC)
- Proven experience in cyber risk assessments,preferably within the healthcare or educational sector
- Demonstrated skill in establishing and maintaining cooperative workingrelationships.
- A strong sense of customer service and attention to detail
- Ability to work independently, setting goals and priorities.
- Confidence to follow-up andchampion critical findings, follow through and deliver timely results.
- Understanding of IRB protocols and grant processesfor research projects.
- Strong understanding of IoT/IoMT devices and theirsecurity implications.
- Excellent communication skills, both written andverbal, with the ability to effectively communicate technical concepts todiverse audiences.
- Strong interpersonal skills and the ability tocollaborate and build partnerships with various stakeholders.
- Analytical mindset with the ability to thinkcritically and assess complex cyber risks.
- Strong problem-solving skills and the ability toprovide practical recommendations for risk mitigation.
- Proficient knowledge of hardware/software architecture and domains in IToperations with a focus on governance, risk and compliance.
- Ability to understand large, complex systems.
- An understanding of communications and network vulnerabilities.
- Knowledge of personal computer and mobile architectures, OS andapplications.
- Understanding of legal and regulatory compliance standards and requirementsagainst data and IT, including HIPAA, FERPA, Payment Card Industry DataSecurity Standard (PCIDSS), ISO27001, NIST and COBIT.
- Knowledge of products which protect systems, such as Intrusion PreventionSystems (host- and network-based), Firewalls, Security Event ManagementSystems, port scanning and vulnerability identification, monitoring and loggingmechanisms, etc.
- Familiarity with multiple software types at the application and enterpriselevels.
- Possess the verbal and written communication skills to work effectivelywith technical and non-technical personnel at various levels in theorganization; ability to use standard English grammar and punctuation.
- Proficient in Microsoft Office product suite (MSOutlook, Word, PowerPoint, and Excel).
#J-18808-Ljbffr
