"Alerted.org

Purpose:

The Information Technology (IT) Risk Analyst supports the Integrated Security and Risk Management team within the UPMC Insurance Services Division; they will develop and execute incident response plans, facilitate the analysis and remediation of cybersecurity incidents, and assist in the analysis, development, and execution of various cybersecurity and third-party risk assessments. The role will require a combination of facilitation, analysis, technical, information security, and business skills. Fully Remote Opportunity!! Must be willing to work Eastern Time.

Responsibilities:

• Facilitate the development, implementation, and maintenance of IT Cybersecurity Incident Response Plans.

• Facilitate analysis and remediation of cybersecurity incidents.

• Facilitate the development, implementation and maintenance of the IT Risk Management Program and various risk analysis and GRC tools.

• Build strong, collaborative partnerships with internal key risk partners.

• Identify areas of internal and external primary/ secondary loss, threat event and susceptibility data/ information.

• Gain expertise on UPMC’s relationships with third parties and the data that is being shared/processed with those third parties.

• Gain expertise in UPMC’s utilization of IT infrastructure, associated controls, and policies to inform IT Risk Management activities.

• Build and manage excellent relationships with business owners and IT contacts to elicit their input and feedback on risk initiatives.

• Facilitate Cybersecurity Risk Assessments and reporting of results to IT and Operational Executive Management Leadership

• Provide service to IT client community, patients, families and visitors, while protecting the integrity and confidentiality of all data and information through physical and electronic measures.

• Ensure that all applicable UPMC Policies and Standards are strictly adhered to in the execution of their duties.

• In the course of professional activities, conducts themselves in accordance with the highest standards of moral, ethical and legal behavior.

• Maintain current knowledge of security techniques and technologies.

• Fulfill departmental requirements in terms of providing work coverage and administrative notification during periods of personal illness, vacation, or education.

+ 4-year academic degree that includes courses in computer science, management information systems, cyber security, data analysis, statistics OR has acquired Core IT skills and knowledge via practical experience.

+ 3 to 5 years' work experience in IT Risk and Compliance, Information Security, Red Team/ Pen Testing, Threat/ Statistical Modeling or Information Technology Audit.

+ Extensive information security expertise and in-depth knowledge of security techniques, Governance, Risk and Compliance (GRC) tools, third party relationships, security techniques and controls across all computer platforms.

+ Expertise of key technology concepts such as access control, asset lifecycle management, encryption, business continuity, vulnerability management, and third-party vendor risk.

+ Display strong subject matter expertise in risk quantification, management, governance and development of risk appetite.

+ Capable of analyzing, simplifying and expressing complex problems.

+ Strong and demonstrated facilitation, collaboration, and relationship-building experience.

+ Organized self-starter; versatile and capable of performing work with minimal management oversight.

+ Strong oral and written communication skills to work effectively with employees at all levels of the organization.

+ Ability to multi-task, strong attention to detail, self-motivated willingness to take initiative and ownership.

+ High level critical thinking, problem-solving skills and the ability to be highly productive, both working alone and as part of a team.

Top 3 Skills Needed:

1. Incident response experience

2. Cybersecurity knowledge / experience

3. IT Risk Management

Preferred:

1. Healthcare experience

2. Someone who served in a lead incident response role would be a differentiator

3. Military Cyber Security experience

Licensure, Certifications, and Clearances:

UPMC is an Equal Opportunity Employer/Disability/Veteran