UCSD Layoff from Career Appointment or Special Selection: Apply by 09/02/2016 for consideration with preference for rehire. All layoff applicants should contact their Employment Advisor. Eligible ACCES or Special Selection clients should contact their Vocational Rehabilitation Counselor for Special Selection.
IT Security Analyst 4:Applies advanced IT security concepts and campus, medical center or Office of the President objectives to resolve broad and / or highly complex issues where analysis of situations or data requires an in-depth evaluation of variable factors. Selects methods, techniques and evaluation criteria to obtain results.
The Health Sciences IS Security Risk and Compliance Manager drives the enhancement of security processes across the organization by conducting and managing the required IT security risk assessment program to reduce information security risk, address threats and vulnerabilities to information assets, monitor compliance to policy, and improve the overall security posture of the University. The role is a critical component of the Information Security Program and help meet data security and privacy requirements identified under regulatory statutes such as HIPAA, HITECH and FERPA. As the manager if the IS Security Risk Program the position is an essential part of ensuring that through risk assessments are conducted that produce reports and findings which identify and classify the risks associated with protecting data and systems. Results of the assessments must include recommendations on the remediation needed in order to meet the Universities' cybersecurity goals.
The incumbent serves as technical lead on external security audits and accreditation processes and conducts internal security audits on customer networks/systems. The position provides recommendations for security controls and ensures remediation of any deficiencies to ensure compliance with campus policy and regulatory requirements such a PCI, HIPAA, FERPA, etc. The senior analyst also manages risk assessment and compliance services and the associated infrastructure, including web application assessment tools, network/endpoint vulnerability scanning, and other information protection and data loss prevention systems. The position applies advanced IT security concepts and campus, medical center or Office of the President objectives to resolve broad and / or highly complex issues where analysis of situations or data requires an in-depth evaluation of variable factors.
Bachelor's degree in health care information technology, computer science, or related area, and / or equivalent combination of experience / training.
Five (5) or more years of relevant experience.
Professional experience and proven success, monitoring, detecting, protecting and maintaining the security of data, systems and networks using IT security systems and tools.
Relevant Information Security certification such as CISSP, CISA, CISM, CCSFP.
Thorough understanding of the risk assessment requirements and demonstrated skills to conduct, analyze and document risk assessments at the enterprise level as defined in HIPAA and HITECH.
Solid understanding of information security policies, standards, industry best practices, and frameworks. (ISO 27K, NIST 800-115, PCI DSS, HIPAA, FERPA, etc.).
Expert knowledge of various platforms (Windows, Linux, Mac, Android, iOS, etc.), securing Microsoft technologies (Windows, SQL, IIS, AD) and Linux technologies (CentOS, Apache, MySQL).
Expertise in using security tools such as Qualys/Nessus, IBM Appscan, nmap, Wireshark, Metasploit, etc.
Experience in log parsing tools such as grep, awk, sed, regex and Splunk.
Advanced experience in incident response and digital forensics including reporting.
Expert knowledge of forensic processes, standards and tools such as FTK, Volatility, BackTrack, Kali Linux, etc.
Knowledge of networking technology (WAN/LAN, TCP/IP, OSI model, etc.) and public-key infrastructure (PKI).
Must pass drug screen.
Must pass a background check.
Must pass physical and TB test.
Must be able to work various hours and locations based on business needs.