Under the general guidance of the Chief Information Security Officer, the Security Analyst will be a technical leader with a high degree of knowledge in the overall field of Information Security. Plan, perform and implement information security compliance assessment including the independent analysis of results. Perform monitoring, audits and consulting, and information security training (both on-line and in-person in front of small and large groups). Serve as part of the Computer Incident response team, lead internal investigations and coordinate responses to external investigations and audits.
Appropriately identify information security risks across the UCLA Health System and David Geffen School of Medicine. Work with Privacy staff to assist in identifying privacy risks. Develop and execute effective compliance, audit or work programs. Identify and analyze internal controls, identify ways to improve security. Document findings, assess and advise on the appropriateness of corrective action plans, and track remediation progress. Provide summary reports to management.
Serve as an information security resource for IT staff, faculty and physicians. Analyze proposed systems, projects and software for potential information security and privacy issues. Analyze network scans and follow up with users on issues. Research and evaluate new and emerging information security technology.
Information Security Compliance Assessment, Audit and Monitoring
Plan and perform information security compliance projects, identify associated compliance gaps, risks and opportunities in client departments and operations.
Design, distribute, collect assessment surveys; enter results into database and summarize results.
Perform walk-throughs and onsite inspections.
Document issues, assess appropriateness of and advise on corrective action plans, and track remediation.
Advise and work with the ISS risk assessment team on standard assessments of new projects.
Provide reports to management on information security compliance status.
Information Security Compliance Response and Prevention
Lead investigation of incidents, review logs, correlate events, document findings, interface with forensic and ISS teams.
Coordinate responses to external investigations and audits including production of requested documentation and other materials.
Information Security Consultant
Serve as an information security resource for IT staff, faculty and physicians on a wide range of applications, platforms and protocols such as Microsoft Windows, IIS, SQL Server, Linux, Mac OS, (Linux), mobile device encryption, firewalls, routers, switches, DHCP, HTTP, HTTPS, FTP, SMTP, DICOM, application vulnerability scanning, etc.
Research and identify Information Security best practices.
Analyze proposed systems, projects and software for potential information security and privacy issues.
Analyze network scans and follow up with users on issues.
Research and evaluate new and emerging information security technology.
Assist Chief Information Security Officer in responding to any security incidents and other issues as required.
Training and Training Content Development and Administration
Perform information security-related training as necessary for all areas of the university (faculty, staff students).
Research and develop content for presentations, security bulletins, information security web pages and other training materials.
Make recommendations for information security strategies and assessments, audit and monitoring plan implementation in compliance with laws, regulations, contractual requirements and university policy.
Understand university culture and incorporate this understanding into recommendations and proposals so they will achieve greatest results while building or maintaining agreement or consensus.
Actively continue professional education and maintain and expand professional competencies.
5+ years of Information Security experience.
CISSP or equivalent Information Security certification preferred.
Expert knowledge of information security issues and best practices
Expert analytical skills to evaluate current security practices, identify compliance gaps, and propose remediation
Experience in information security auditing or general compliance experience
Knowledge of HIPAA Privacy and Security regulations; PCI Data Security Standards; NIST, ISO and other security standards
Location/Region: Westwood, CA