Principal IT Risk Specialist, Academic & Research Program (flex -hybrid)
UCLA
Application
Details
Posted: 20-Sep-24
Location: Los Angeles, California
Salary: Open
Categories:
Operations
Internal Number: 142607636
Description
The Principal IT Risk Specialist for Academic & Research Programs at UCLA Health Sciences plays a central role in the risk assessment lifecycle for both new and existing solutions.
The responsibilities include, but are not limited to, the following:
performing risk assessments and developing risk management tactics and strategies and sustaining a thorough understanding of the IT needs within the academic and research community.
building strong relationships and developing collaborative solutions that align with the stakeholders' needs
acts as a crucial link between academic and research community, business relationship managers, IT security, and vendors
effectively communicate and create alignment amongst various stakeholders
operate within both structured and unstructured environments and various levels of process maturity
ensuring the timely delivery of risk assessments in academic medical school environments to protect sensitive data and critical systems and infrastructure.
This role involves regular engagement with academic and research customers, IT technical teams, and vendors, enforcing compliance with UCLA Health Sciences' policies, procedures, HIPAA/FERPA standards, and all other relevant regulations. In addition, the specialist must display thoughtful decision-making skills, meticulously weighing the risk and business impact of each choice. They should also be proficient at conveying the rationale behind their decisions to a diverse audience, including both technical and non-technical individuals. Being well-organized and committed to keeping all information current and accurately managed is also a significant part of this role.
This is a flex-hybrid role which will require you to be onsite at least 10% of the time or as required by operational need; there are no reimbursements for travel to "home office" location. Each employee must complete a Flex Work Agreement with their manager which will outline arrangement parameters and aids both parties in fully understanding expectations. Arrangements are regularly evaluated, and are subject to termination.
Salary offers are determined based on various factors including, but not limited to, qualifications, experience, and equity. The full salary range for this position is $124,600 - $289,400 annually. The budgeted salary or hourly range that the University reasonably expects to pay for this position is approximately $165,000 - $180,000 annually.
Qualifications
Requires ability to travel to
business site regularly
Physical effort required:
walking, standing, bending, reaching, lifting and/or carrying objects that may
weigh up to 20 lbs.; moderate dexterity and the regular application of basic
skills (calculator, keyboard, hand tools, eye/hand coordination); environment
may be fast paced and stressful
Bachelor's degree in Computer Science, Engineering, Information Systems (or
similar) OR 5+ years of relevant professional experience in Information
Security or IT Risk Management, preferably in healthcare
In-depth knowledge of research IT needs at an
academic medical center and familiarity with vendors and purchasing processes
Relevant information security certifications preferred (e.g., CISSP, CISA,
CISM, CRISC, or GIAC)
Proven experience in cyber risk assessments,
preferably within the healthcare or educational sector
Demonstrated skill in establishing and maintaining cooperative working
relationships.
A strong sense of customer service and attention to detail
Ability to work independently, setting goals and priorities.
Confidence to follow-up and
champion critical findings, follow through and deliver timely results.
Understanding of IRB protocols and grant processes
for research projects.
Strong understanding of IoT/IoMT devices and their
security implications.
Excellent communication skills, both written and
verbal, with the ability to effectively communicate technical concepts to
diverse audiences.
Strong interpersonal skills and the ability to
collaborate and build partnerships with various stakeholders.
Analytical mindset with the ability to think
critically and assess complex cyber risks.
Strong problem-solving skills and the ability to
provide practical recommendations for risk mitigation.
Proficient knowledge of hardware/software architecture and domains in IT
operations with a focus on governance, risk and compliance.
Ability to understand large, complex systems.
An understanding of communications and network vulnerabilities.
Knowledge of personal computer and mobile architectures, OS and
applications.
Understanding of legal and regulatory compliance standards and requirements
against data and IT, including HIPAA, FERPA, Payment Card Industry Data
Security Standard (PCIDSS), ISO27001, NIST and COBIT.
Knowledge of products which protect systems, such as Intrusion Prevention
Systems (host- and network-based), Firewalls, Security Event Management
Systems, port scanning and vulnerability identification, monitoring and logging
mechanisms, etc.
Familiarity with multiple software types at the application and enterprise
levels.
Possess the verbal and written communication skills to work effectively
with technical and non-technical personnel at various levels in the
organization; ability to use standard English grammar and punctuation.
Proficient in Microsoft Office product suite (MS
Outlook, Word, PowerPoint, and Excel).
At UCLA Health, you can help heal humankind, one patient at a time by improving health, alleviating suffering and delivering acts of kindness. As you do, you’ll achieve great things in your life and your career. We’re a world-class health organization with four hospitals consistently recognized among the nation’s very best as well as an internationally-renowned medical school, primary and specialty care clinics and much more. Within our dynamic, innovative and growing organization, you’ll find exceptional opportunities to make the most of your abilities in a supportive, empowering and inclusive environment. If you embrace our values of Integrity, Compassion, Respect, Teamwork, Excellence and Discovery we invite you to see all you can accomplish at UCLA Health.