Principal IT Risk Specialist, Academic & Research Program (flex -hybrid)

Description

The Principal IT Risk Specialist for Academic & Research Programs at UCLA Health Sciences plays a central role in the risk assessment lifecycle for both new and existing solutions.

The responsibilities include, but are not limited to, the following :

• Performing risk assessments and developing risk management tactics and strategies while sustaining a thorough understanding of the IT needs within the academic and research community.
• Building strong relationships and developing collaborative solutions that align with stakeholders' needs.
• Acting as a crucial link between the academic and research community, business relationship managers, IT security, and vendors.
• Effectively communicating and creating alignment amongst various stakeholders.
• Operating within both structured and unstructured environments and various levels of process maturity.
• Ensuring the timely delivery of risk assessments in academic medical school environments to protect sensitive data and critical systems and infrastructure.

This role involves regular engagement with academic and research customers, IT technical teams, and vendors, enforcing compliance with UCLA Health Sciences' policies, procedures, HIPAA / FERPA standards, and all other relevant regulations.

In addition, the specialist must display thoughtful decision-making skills, meticulously weighing the risk and business impact of each choice.

They should also be proficient at conveying the rationale behind their decisions to a diverse audience, including both technical and non-technical individuals.

Being well-organized and committed to keeping all information current and accurately managed is also a significant part of this role.

This is a flex-hybrid role which will require you to be onsite at least 10% of the time or as required by operational need;

there are no reimbursements for travel to the 'home office' location. Each employee must complete a Flex Work Agreement with their manager which will outline arrangement parameters and aids both parties in fully understanding expectations.

Arrangements are regularly evaluated and are subject to termination.

Salary offers are determined based on various factors including, but not limited to, qualifications, experience, and equity.

The full salary range for this position is $124,600 - $289,400 annually. The budgeted salary or hourly range that the University reasonably expects to pay for this position is approximately $165,000 - $180,000 annually.

Qualifications

For a complete understanding of this opportunity, and what will be required to be a successful applicant, read on.

• Requires ability to travel to business site regularly.
• Physical effort required : walking, standing, bending, reaching, lifting and / or carrying objects that may weigh up to 20 lbs.
• moderate dexterity and the regular application of basic skills (calculator, keyboard, hand tools, eye / hand coordination);

environment may be fast-paced and stressful.

• Bachelor's degree in Computer Science, Engineering, Information Systems (or similar) OR 5+ years of relevant professional experience in Information Security or IT Risk Management, preferably in healthcare.
• In-depth knowledge of research IT needs at an academic medical center and familiarity with vendors and purchasing processes.
• Relevant information security certifications preferred (e.g., CISSP, CISA, CISM, CRISC, or GIAC).
• Proven experience in cyber risk assessments, preferably within the healthcare or educational sector.
• Demonstrated skill in establishing and maintaining cooperative working relationships.
• A strong sense of customer service and attention to detail.
• Ability to work independently, setting goals and priorities.
• Confidence to follow up and champion critical findings, follow through and deliver timely results.
• Understanding of IRB protocols and grant processes for research projects.
• Strong understanding of IoT / IoMT devices and their security implications.
• Excellent communication skills, both written and verbal, with the ability to effectively communicate technical concepts to diverse audiences.
• Strong interpersonal skills and the ability to collaborate and build partnerships with various stakeholders.
• Analytical mindset with the ability to think critically and assess complex cyber risks.
• Strong problem-solving skills and the ability to provide practical recommendations for risk mitigation.
• Proficient knowledge of hardware / software architecture and domains in IT operations with a focus on governance, risk, and compliance.
• Ability to understand large, complex systems.
• An understanding of communications and network vulnerabilities.
• Knowledge of personal computer and mobile architectures, OS, and applications.
• Understanding of legal and regulatory compliance standards and requirements against data and IT, including HIPAA, FERPA, Payment Card Industry Data Security Standard (PCIDSS), ISO27001, NIST, and COBIT.
• Knowledge of products which protect systems, such as Intrusion Prevention Systems (host- and network-based), Firewalls, Security Event Management Systems, port scanning and vulnerability identification, monitoring and logging mechanisms, etc.
• Familiarity with multiple software types at the application and enterprise levels.
• Possess the verbal and written communication skills to work effectively with technical and non-technical personnel at various levels in the organization;

ability to use standard English grammar and punctuation.

Proficient in Microsoft Office product suite (MS Outlook, Word, PowerPoint, and Excel).

J-18808-Ljbffr

Remote working / work at home options are available for this role.