JobForProf
UCSD

Sr. IT Security Risk & Compliance Analyst - Remote

The University of California, San Diego

INFORMATION SERVICESPosted July 17, 2026Job ID: 140476

About this position

Position Description

The Senior IT Security Risk and Compliance Analyst performs advanced information security risk assessment, governance, compliance, policy, and assurance activities across UC San Diego Health. Supports the development, implementation, and continuous improvement of information security risk management and compliance programs by identifying, assessing, and documenting security risks, threats, vulnerabilities, and control deficiencies affecting technologies, applications, systems, vendors/3rd-parties, business processes, research environments, and information assets. Provides risk-based recommendations to strengthen the organization's overall security posture and support informed decision-making. Conducts complex security risk assessments, compliance reviews, and control evaluations; assesses control design and effectiveness, reviews supporting evidence, evaluates residual risk, and supports remediation planning. Activities include assessment of third-party providers, cloud services, new technologies, and other initiatives that introduce information security risk. Ensures alignment with University policy, industry standards, contractual obligations, and applicable regulatory requirements, including HIPAA, PCI DSS, FERPA, and related requirements. Contributes to the development, maintenance, and communication of information security policies, standards, procedures, and related governance activities. Supports audit readiness, compliance monitoring, assurance activities, and risk treatment processes through evaluation of security controls, compensating controls, exception requests, corrective actions, and risk acceptance decisions. Develops and maintains documentation supporting risk assessments, compliance reviews, governance processes, audit requests, remediation activities, and regulatory requirements. Serves as a trusted advisor to technical and business stakeholders regarding information security risks, compliance obligations, governance requirements, and remediation strategies. Communicates findings, recommendations, and risk determinations to stakeholders at multiple organizational levels and helps prioritize mitigation efforts based on risk to patient care, clinical operations, research activities, regulatory obligations, institutional objectives, and operational resiliency. Contributes to the maturity and effectiveness of the organization's information security, risk management, governance, and compliance programs. May support investigations, legal requests, eDiscovery activities, and other matters requiring a high degree of professionalism, discretion, and confidentiality.

Qualifications

Nine (9) years of related experience, education/training, OR a Bachelor's degree in a related area plus five (5) years of related experience/training. Related experience includes advanced information security risk assessment, compliance, governance, security assurance, control evaluation, or technical security activities within complex organizational environments. Advanced interpersonal skills sufficient to work effectively with both technical and non-technical personnel at various levels in the organization. Advanced experience using IT security systems and tools. Knowledge of department processes and procedures. Demonstrated skills applying security controls to computer software and hardware. Demonstrated skill at administering complex security controls and configurations to computer hardware, software and networks. Advanced knowledge of data encryption technologies and experience selecting and applying appropriate data encryption technologies. Advanced knowledge of IT security. Broad knowledge of other areas of IT. Demonstrated knowledge of secure hardware, software and network design techniques. Demonstrated skill at analyzing and preventing security incidents of high complexity. In-depth knowledge of computer hardware, software and network security issues and approaches. Advanced experience in incident response and digital forensics including reporting.