The Senior Technical Security Risk Engineer collaborates with the UCLA Health Sciences IT community and leadership to conduct and promote comprehensive analyses of highly complex on premise and cloud-based IT infrastructure, and systems and applications to identify and classify potential and actual risk to data, business and IT infrastructure. In this role, you will apply your advanced, broad knowledge of an array of technologies including high performance, distributed, network and web computing environments which support clinical, academic, research, and administrative functions within UCLA Health Sciences. In collaboration with the IT Risk Analyst, you will participate in risk assessments to ensure all projects and initiatives are architected, designed, and implemented with proper technical safeguards and security best practices. You will recommend remediation strategies including risk-based prioritization of action items and identification of mitigating controls as you work to maintain and enhance the IT Risk GRC solution.
In addition, you will seek to update/improve upon UCLA Health Sciences Security risk assessment processes by evaluating, developing, and recommending new information security assessment tools/techniques. You will also inform and educate the organization, other team members, and management on the process of implementations and changes as related to IT security risk. You will seek to stay knowledgeable of current advances in all areas of information technology concerning vulnerabilities, security breaches, or malicious attacks.
Bachelor's degree in Computer Science, Engineering, Information Systems (or similar) OR 5+ years of relevant professional experience in Information Security or IT Risk Management, preferably in healthcare
Relevant information security certifications preferred (e.g., CISSP, CISA, CISM, CRISC, or GIAC)
Department of Defense 8570.01-Manual IAM level I certification preferred (e.g., CAP, CND, Cloud+, GSLC, Security+ CE)
Understanding of the Software Development Life Cycle (SDLC) including how patches are created, and supply chain attacks may occur
Understanding of how web platforms function and are secured (e.g., JBoss, Tomcat, IIS, etc.)
Understanding of network architecture and infrastructure (e.g. CCent)
Proficient knowledge of hardware/software architecture and domains in IT operations with a focus on governance, risk and compliance
Knowledge of personal computer and mobile architectures, OS and applications
Analytical ability to focus on specific details or subsystems, their vulnerabilities and linkages
Experience with GRC (Governance, Risk, and Compliance) solutions
Experience with IT audits
Project management skills, with risk management
Understanding of legal and regulatory compliance standards and requirements against data and IT, including HIPAA, FERPA, Payment Card Industry Data Security Standard (PCIDSS), ISO27001, NIST and COBIT
Knowledge of products which protect systems, such as Intrusion Prevention Systems (host- and network-based), Firewalls, Security Event Management Systems, port scanning and vulnerability identification, monitoring and logging mechanisms, etc.
UCLA is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.