IT Security Analyst 3 - IS - Data Security - FT - Day - Remote SoCal

About the position UCI Health is the clinical enterprise of the University of California, Irvine, and the only academic health system based in Orange County. UCI Health is comprised of its main campus, UCI Medical Center, a 459-bed, acute care hospital in in Orange, Calif., four hospitals and affiliated physicians of the UCI Health Community Network in Orange and Los Angeles counties and ambulatory care centers across the region. Listed among America's Best Hospitals by U.S. News & World Report for 23 consecutive years, UCI Medical Center provides tertiary and quaternary care and is home to Orange County's only National Cancer Institute-designated comprehensive cancer center, high-risk perinatal/neonatal program and American College of Surgeons-verified Level I adult and Level II pediatric trauma center, gold level 1 geriatric emergency department and regional burn center. UCI Health serves a region of nearly 4 million people in Orange County, western Riverside County and southeast Los Angeles County. To learn more about UCI Health, visit www.ucihealth.org. Position Summary: The data security analyst will play a leading role in driving information security analysis, vulnerability remediation and performing risk assessments. This role is a key business enabler to provide information security risk analysis and strategic recommendations for the ongoing improvement of Information Security for the UCI School of Medicine, Health Research and UCI Health as needed. In this role, you will be engaging with program employees, researchers, stakeholders, and executives to ensure appropriate and up-to-date security management.Remote Work:This position will be predominantly work from home but is required to work onsite depending on the needs of the School of Medicine from the Irvine or Orange Campus locations. Requirements • Understanding of security baselines and configuration standards for healthcare IT systems • Must possess the skill, knowledge and ability essential to the successful performance of assigned duties • Must demonstrate customer service skills appropriate to the job • Excellent written and verbal communication skills in English • Ability to review contractual language and Business Associate Agreements • Ability to review and interpret vulnerability assessment reports and prioritize findings based on risk • Ability to recommend risk mitigation strategies and controls based on risk assessment findings • Ability to maintain a work pace appropriate to the workload • Ability to deliver clear, actionable, and timely risk reports tailored for both technical staff and non-technical stakeholders • Ability to conduct security awareness training and compliance & management • Ability to assess levels of risk • Ability to analyze, support and maintain numerous proactive risk program • 5+ years working in a heterogeneous IT environment • 5+ years in academic and healthcare IT environments • 2+ years of experience in data security assessment and audit Nice-to-haves • Understanding of cloud security risks and controls for platforms such as Microsoft Azure, AWS, or Google Cloud • Knowledge of risk management frameworks and methodologies such as NIST RMF, NIST CSF, ISO 27001, or FAIR • Knowledge of medical center and academic IT environments • Knowledge of HIPAA/HITECH, NIH, FISMA, CMS, CPHS, dbGaP, PCI-DSS and other State and Federal data security requirements and regulations • Industry certifications such as Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), HealthCare Information Security and Privacy Practitioner (HCISPP), Security+, or related GRC credentials • Familiarity with enterprise IT environments and common technology risks • Experience with GRC platforms or risk management tools (e.g., ServiceNow GRC, Archer, LogicGate) Apply tot his job