Vacancy expired!
DescriptionPurpose:The Information Technology (IT) Risk Analyst supports the UPMC IT Risk Management Program within Information Assurance Services and will assist in the development and execution of a FAIR-Based Risk Quantification Program. The role will require a combination of facilitation, analysis, technical, information security, and business skills and candidates will be expected to contribute risk quantification and risk management thought leadership to the IT Risk Management Team.Responsibilities:
Obtain thorough understanding of the FAIR methodology for Quantifying Information Risk.
Assist in the development, implementation and maintenance of IT Risk Management Program.
Assist in building strong, collaborative partnerships with internal key risk partners and, as required, external risk quantification industry partners.
Understand the methodology for the formulation, execution and management of standardized and custom FAIR risk quantification analyses.
Understand and contribute to the identification of internal and external primary/ secondary loss, threat event and susceptibility data/ information.
Understand and gain knowledge of the development, application and maintenance of FAIR-based models, standard analysis scenarios and risk quantification tools/ techniques.
Attend and contribute to risk quantification meetings and working group sessions.
Assist in communicating the benefits of the IT Risk Management Program/ FAIR training across the UPMC landscape.
Familiarize yourself with UPMC business owners and IT owners along with the hierarchical structure of UPMC.
Assist in performing IT Risk Assessments and reporting efforts.
Provide service to IT client community, patients, families and visitors, while protecting the integrity and confidentiality of all data and information through physical and electronic measures.
Review and understand all applicable UPMC Policies and Standards.
In the course of professional activities, conducts themselves in accordance with the highest standards of moral, ethical and legal behavior.
Continue to obtain current knowledge of security techniques and technologies.
Fulfill departmental requirements in terms of providing work coverage and administrative notification during periods of personal illness, vacation, or education.
Security Administration, Management, and Governance - Understand the various components of an effective IT security program and relate them to the organization's business process requirements. Compare plans for implementing IT security program elements to ensure that they effectively address program objectives. Participate in or perform with supervision tests of security safeguards in accordance with the established test plan and procedures, and document results.
Qualifications
4-year academic degree includes courses in computer science, management information systems, cyber security, data analysis, statistics OR has acquired Core IT skills and knowledge via practical experience.
Requires knowledge of IT security strategy, techniques and control implementations across all existing computer platforms.
Understand key technology concepts such as access control, asset lifecycle management, encryption, business continuity, vulnerability management, and third-party vendor risk.
Strong facilitation, collaboration and relationship-building experienceStrong oral and written communication skills to work effectively with employees at all levels of the organization.
Ability to multi-task, strong attention to detail, and self-motivated.
Excellent critical thinking and problem-solving skills. Licensure, Certifications, and Clearances: The candidate must become certified in the Factor Analysis of Information Risk (FAIR) within 2 years of being hired, or reclassified due to transfer, promotion, or reorganization. UPMC is an Equal Opportunity Employer/Disability/Veteran
REQNUMBER: 12250895