Conduct information security risk assessments for UCSF information systems, affiliate organizations, and vendors and oversee information security risk management processes, including scoping, intake, review, reporting, risk remediation, and risk acceptance. Review system design and security controls against NIST Cybersecurity Framework, PCI-DSS, NIST 800-53, ISO 27001/2, and other standard security frameworks. Establish and maintain effective risk assessment and risk management practices, following NIST 800-30, 800-37, and 800-39 guidance. Develop risk management reporting methodologies and support management visibility of risk management program and UCSF risk profile. Consult with internal customers and external vendors on UCSF security compliance requirements, including UC policy and regulatory requirements such as HIPAA and PCI-DSS. Collaborate with UCSF Privacy Office, legal, risk management, and procurement departments, and a variety of healthcare providers, faculty, researchers, business managers, technical staff, and outside vendors.
The University of California, San Francisco (UCSF) is a leading university dedicated to promoting health worldwide through advanced biomedical research, graduate-level education in the life sciences and health professions, and high-quality patient care. It is the only UC campus in the 10-campus system dedicated exclusively to the health sciences.