Data Security Compliance Analyst

DO-CA-OP-Admin-SOM_Tech

Full Time

81784BR

Job Summary

Applies skills as a seasoned, experienced IT security professional with a full understanding of industry practices, governmental regulations and campus, medical center or Office of the President policies and procedures to resolve a wide range of complex issues. Demonstrates competency in recommending methods and techniques to obtain results.

This position will be a member of the School of Medicine (SOM) Research Cybersecurity Team and Data Security Compliance Program (DSCP). This role is critical in ensuring the School of Medicine meets various cybersecurity requirements, including HIPAA, NIST 800-171, FISMA, CMMC, UC Electronic Information Security policy, and other requirements as specified by our research sponsors. As a member of the Research Cybersecurity Team, the analyst will serve as a consultative subject matter expert, guiding faculty, researchers, and staff in the secure use of technologies and compliance with cybersecurity requirements from research sponsors. The analyst will stay updated on the latest secure technologies available at UCSF to provide guidance to researchers on their application. Cybersecurity requirements from research sponsors are highly variable. The analyst will interpret these complex requirements and work collaboratively with our research community to navigate them effectively.

Guided by our Data Security Compliance Program Manager, the analyst will also implement standard operating procedures and engage in cybersecurity projects to identify, assess, mitigate, and monitor cybersecurity risks within the School of Medicine. Examples include ensuring compliance with cybersecurity training, guiding external risk assessments and remediation efforts, and addressing security vulnerabilities within the School of Medicine. The analyst must comprehend the diverse IT environments and technology needs of the School of Medicine. This role emphasizes compliance, risk management, and documentation activities rather than the use of technical cybersecurity tools.

THIS POSITION IS A 1-YEAR CONTRACT APPOINTMENT.

The final salary and offer components are subject to additional approvals based on UC policy.

Your placement within the salary range is dependent on a number of factors including your work experience and internal equity within this position classification at UCSF. For positions that are represented by a labor union, placement within the salary range will be guided by the rules in the collective bargaining agreement.

The salary range for this position is $103,800 - $156,000 (Annual Rate).

To learn more about the benefits of working at UCSF, including total compensation, please visit: https://ucnet.universityofcalifornia.edu/compensation-and-benefits/index.html

Department Description

UCSF School of Medicine Technology Services (SOM Tech) is an internal technology and program incubation group responsible for many innovations and services across the school, campus, and health system. We focus on newer technologies and practices, collaborate and build community in new ways, and provide user-centered solutions. With capabilities in advocacy and security, design and solution discovery, business process, and software engineering, we use a variety of methodologies including design thinking and human-centered design, lean product management, agile and automation technology builds, financial modeling, program development, and change management.

SOM Tech champions, supports, and is committed to building a fair, equitable, inclusive, and diverse department of multidisciplinary professionals from different backgrounds and life experiences. We believe this strengthens our ability to meaningfully engage and creatively solve complex problems.

SOM Tech is a unit of the School of Medicine Dean's Office. UCSF's School of Medicine is consistently ranked among the nation's top medical schools and strives to advance human health through a fourfold mission of education, research, patient care and public service.

Required Qualifications

• Bachelor's degree in related area and / or equivalent experience / training.
• Minimum 3 years of work experience in data security compliance, risk management, audit, or related discipline.
• Experience with fundamental cybersecurity concepts and common frameworks, such as NIST Cybersecurity Framework, ISO 27001, SOC 2, HIPAA, etc.
• Experience creating cybersecurity documentation such as policies and procedures, runbooks, risk assessment reports, audit workpapers, etc.
• Knowledge of common security controls and processes in enterprise IT infrastructure environments.
• Demonstrated skills applying security controls to computer software and hardware.
• Interpersonal skills sufficient to work effectively with both technical and non-technical personnel at various hierarchical and technical levels in the organization.
• Ability to follow and be accountable for department processes and procedures.
• Ability to assess cybersecurity risks within the business.

Preferred Qualifications

• Relevant cybersecurity certification (e.g. CompTIA Security+, ISC2 Certified in Cybersecurity (CC), CISA, CISSP)Experience reviewing contractual language, such as data use agreements or business associate agreements.
• Experience working in academic, healthcare IT, or a heterogeneous IT environment

About UCSF

The University of California, San Francisco (UCSF) is a leading university dedicated to promoting health worldwide through advanced biomedical research, graduate-level education in the life sciences and health professions, and excellence in patient care. It is the only campus in the 10-campus UC system dedicated exclusively to the health sciences. We bring together the world's leading experts in nearly every area of health. We are home to five Nobel laureates who have advanced the understanding of cancer, neurodegenerative diseases, aging and stem cells.

Pride Values

UCSF is a diverse community made of people with many skills and talents. We seek candidates whose work experience or community service has prepared them to contribute to our commitment to professionalism, respect, integrity, diversity and excellence - also known as our PRIDE values.

In addition to our PRIDE values, UCSF is committed to equity - both in how we deliver care as well as our workforce. We are committed to building a broadly diverse community, nurturing a culture that is welcoming and supportive, and engaging diverse ideas for the provision of culturally competent education, discovery, and patient care. Additional information about UCSF is available at diversity.ucsf.edu

Join us to find a rewarding career contributing to improving healthcare worldwide.

Equal Employment Opportunity

The University of California San Francisco is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.

Organization

Campus

Job Code and Payroll Title

007338 IT SCRTY ANL 3

Job Category

Clinical Systems / IT Professionals

Bargaining Unit

99 - Policy-Covered (No Bargaining Unit)

Employee Class

Contract

Percentage

100%

Appointment End Date

18-Oct-2025

Location

San Francisco, CA

Campus

Minnesota Street (SF)

Work Style

Hybrid

Shift

Days

Shift Length

8 Hours

Additional Shift Details

M-F; 8am - 5pm (654 Minnesota St.; Requiring in-person attendance at our 654 Minnesota St. office on specified days)