Job Description

Payroll Title:
Salary Range
Commensurate with Experience
Towne Centre Drive
Appointment Type:
Appointment Percent:
Total Openings:
Work Schedule:
Days, 8 hour shifts, Monday - Friday

As a federally-funded institution, UC San Diego Health maintains a marijuana and drug free campus. New employees are subject to drug screening.

#120110 Senior Risk and Policy Analyst - Hybrid/Remote

Filing Deadline: Mon 12/5/2022

UC San Diego values equity, diversity, and inclusion. If you are interested in being part of our team, possess the needed licensure and certifications, and feel that you have most of the qualifications and/or transferable skills for a job opening, we strongly encourage you to apply.

For the safety and well-being of the entire university community, the University of California requires, with few exceptions, that all students, faculty and staff be vaccinated against the COVID-19 virus and influenza before they will be allowed on campus or in a facility or office. For more information visit: Flu Vaccine Mandate / COVID Vaccine Policy

UCSD Layoff from Career Appointment: Apply by 11/23/22 for consideration with preference for rehire. All layoff applicants should contact their Employment Advisor.

Special Selection Applicants: Apply by 11/28/22. Eligible Special Selection clients should contact their Disability Counselor for assistance.

This position will work a hybrid schedule which includes a combination of working both onsite at Towne Center Drive and remote.


The Senior Risk and Policy Analyst drives the implementation and enhancement of security processes across the organization by conducting and managing the required IT security risk assessment program to reduce information security risk, address threats and vulnerabilities to information assets, monitor compliance to policy, and improve the overall security posture of the University.

The incumbent serves as technical lead on external security audits and accreditation processes and conducts internal security audits on customer networks/systems. The position provides recommendations for security controls and ensures remediation of any deficiencies to ensure compliance with campus policy and regulatory requirements such a PCI, HIPAA, FERPA, etc. The senior analyst ensures that our risk assessment and vulnerability management programs meet regulatory requirements as well as university policy by aligning process with industry best practices.

The position applies advanced IT security concepts and campus, medical center or Office of the President objectives to resolve broad and / or highly complex issues where analysis of situations or data requires an in-depth evaluation of variable factors. Selects methods, techniques and evaluation criteria to obtain results.

IT security Risk Assessments and adherence to organizational information security policies are required elements for HIPAA compliance. Assessments are used to identify threats and vulnerabilities to information systems and prioritize remediation activities. Auditing compliance with implementing security controls is required to ensure that the risks are being managed to the degree that university policy requires. This is a fundamental component of an Information Security Program and drives the security improvement activities across the organization. Significant fines have been associated with not having through documented risk assessments and compliance programs in place by OCR.

Analyst is also responsible for fulfilling legal requests as required in support of investigations and legal activities as directed by the proper UC authority while maintaining strict confidentiality.


  • Nine (9) years of related experience, education/training, OR a Bachelor’s degree in related area plus five (5) of related experience/training. Related experience: Risk assessment and/or information security experience.

  • Professional experience and proven success, monitoring, detecting, protecting and maintaining the security of data, systems and networks using IT security systems and tools.

  • Thorough understanding of the risk assessment requirements and demonstrated skills to conduct, analyze and document risk assessments at the enterprise level as defined in HIPAA and HITECH.

  • Advanced knowledge of IT security. Extensive expertise in security policy creation and compliance monitoring, auditing methodology, and conducting technology risk assessments.

  • Advanced experience with web application and network/endpoint vulnerability scanning and remediation, pen testing, sensitive data discovery and data loss prevention systems.*Demonstrated skill at administering complex security controls and configurations to computer hardware, software and networks.

  • Understanding of network/host firewalls, application gateways/proxies, anti-malware, patch management, disk encryption, centralized configuration, log management, system hardening practices, etc.

  • Demonstrated skills applying security controls to computer software and hardware. Solid understanding of information security policies, standards, industry best practices, and frameworks. (ISO 27K, NIST 800-115, PCI DSS, HIPAA, FERPA, etc.).

  • Advanced experience in incident response and digital forensics including reporting. Expert knowledge of forensic processes, standards and tools.

  • Broad knowledge of other areas of IT. Knowledge of networking technology.

  • Advanced knowledge of data encryption technologies and experience selecting and applying appropriate data encryption technologies.

  • Expert understanding of cryptography and strengths/weaknesses of various encryption ciphers and hash functions. J. Demonstrated skill at analyzing and preventing security incidents of high complexity.

  • Demonstrated knowledge of secure hardware, software and network design techniques.

  • Ability to give work direction, create task assignments, and give instructions to subordinate technical staff to accomplish project goals/milestones.

  • Demonstrated ability to effectively prioritize tasks, manage time, organize activities and deliver overall high productivity. Works with a high degree of autonomy.

  • Ability to function well in stressful situations, under tight deadlines, and in a generally fast-paced work environment.

  • Advanced interpersonal skills sufficient to work effectively with both technical and non-technical personnel at various levels in the organization. Ability to quickly develop knowledge of department processes and procedures.


  • Certified Information Systems Security Professional (CISSP) certification.


  • Must be able to work various hours and locations based on business needs.

  • Employment is subject to a criminal background check and pre-employment physical.

Job offer is contingent on successful engagement in the UC COVID-19 Vaccination program (fully vaccinated with documented proof or approved exception/deferral).

If applicable, life-support certifications (BLS, NRP, ACLS, etc.) must include hands-on practice and in-person skills assessment; online-only certification is not acceptable.

UC San Diego Health is the only academic health system in the San Diego region, providing leading-edge care in patient care, biomedical research, education, and community service. Our facilities include two university hospitals, a National Cancer Institute-designated Comprehensive Cancer Center, Shiley Eye Institute, Sulpizio Cardiovascular Center, the only Burn Center in the county, and and dozens of outpatient clinics. We invite you to join our team!

Applications/Resumes are accepted for current job openings only. For full consideration on any job, applications must be received prior to the initial closing date. If a job has an extended deadline, applications/resumes will be considered during the extension period; however, a job may be filled before the extended date is reached.

To foster the best possible working and learning environment, UC San Diego strives to cultivate a rich and diverse environment, inclusive and supportive of all students, faculty, staff and visitors. For more information, please visit UC San Diego Principles of Community.

UC San Diego Health is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, age, protected veteran status, gender identity or sexual orientation. For the complete University of California nondiscrimination and affirmative action policy see:

UC San Diego is a smoke and tobacco free environment. Please visit for more information.

Application Instructions

Please click on the link below to apply for this position. A new window will open and direct you to apply at our corporate careers page. We look forward to hearing from you!

Apply Online