Security Risk Analyst Jobs in California (NOW HIRING)

Payroll Title:
IT SCRTY ANL 3 TX Department:
INFORMATION SERVICES Hiring Pay Scale
$105,000 - $132,000 / Year Worksite:
Towne Centre Drive Appointment Type:
Career Appointment Percent:
100% Union:
TX Contract Total Openings:
1 Work Schedule:
Days, 8 hrs/day, Monday-Friday
#139800 IT Security Risk and Compliance Analyst - Hybrid
Filing Deadline: Thu 6/11/2026
Apply Now
UC San Diego values and welcomes people from all backgrounds. If you are interested in being part of our team, possess the needed licensure and certifications, and feel that you have most of the qualifications and/or transferable skills for a job opening, we strongly encourage you to apply.
UCSD Layoff from Career Appointment : Apply by 05/26/26 for consideration with preference for rehire. All layoff applicants should contact their Employment Advisor.
Reassignment Applicants : Eligible Reassignment clients should contact their Disability Counselor for assistance.
This position has recently been accreted by UPTE TX union and will be a part of that union moving forward.
This position will work a hybrid schedule which includes a combination of working both onsite at Towne Centre Drive (San Diego, CA) and remote.
DESCRIPTION
The IT Security Risk and Compliance Analyst executes processes across the organization to conduct the required IT security risk assessment and compliance program to reduce information security risk, address threats and vulnerabilities to information assets, monitor compliance to policy, and improve the overall security posture of the University.
The role performs security risk assessments and internal security audits/reviews, supports external audits and accreditation activities, and operates the governance components of the vulnerability management program. This includes vulnerability analysis, risk based prioritization, remediation tracking, validation of remediation effectiveness, and documentation of risk acceptance where remediation is deferred. The position provides recommendations for security controls and ensures follow through through established governance processes to meet campus policy and regulatory requirements such as HIPAA, PCI, FERPA, and related standards.
The incumbent maintains clear, audit ready decision records and evidence artifacts that support internal and external audits, regulatory oversight, and legally mandated information requests. This includes documentation of risk assessments, vulnerability decisions, compensating controls, governance approvals, secure handling of sensitive data, access constraints, and defensible evidence production for legal hold and eDiscovery matters. These activities are required elements of HIPAA compliance and are used to prioritize remediation based on risk, including patient safety and operational resiliency impacts where applicable. Thorough, documented risk assessments and compliance programs are foundational components of the Information Security Program and drive security improvement activities across the organization.
MINIMUM QUALIFICATIONS

• Seven (7) years of related experience, education/training, OR a Bachelor's degree in related area plus three (3) years of related experience/training. Related experience: experience performing security risk assessments and/or internal security reviews to ensure that security controls meet policy and/or regulatory requirements, including evaluating control design and effectiveness. This may include experience in areas such as IT security risk and compliance (GRC), IT audit, vendor/third-party risk assessments, security consulting or assessment roles, or technical security roles with responsibility for evaluating control effectiveness and producing audit-ready documentation.
• Ability to follow department processes and procedures.
• Interpersonal skills sufficient to work effectively with both technical and non-technical personnel at various levels in the organization.
• Experience using IT security systems and tools.
• Knowledge of data encryption techniques.
• Knowledge of other areas of IT, department processes and procedures.
• Demonstrated skills applying security controls to computer software and hardware.
• Experience in incident response and digital forensics including data collection, examination and analysis.
• Demonstrated skill at administering complex security controls and configurations to computer hardware, software and networks.
• Knowledge of computer hardware, software and network security issues and approaches.
• Demonstrated experience selecting and applying appropriate data encryption technologies.

PREFERRED QUALIFICATIONS

• Exposure to vulnerability management programs, including risk based prioritization, remediation tracking, validation of remediation effectiveness, and documentation of risk acceptance.
• Ability to apply security risk assessment practices to third party/vendor reviews, including evaluation of evidence, identification of risks, and documentation of findings and conditions.
• Familiarity with legal hold and eDiscovery workflows, including secure handling of sensitive exports and defensible evidence production.
• Familiarity with external security audits/accreditations and internal security audit/review processes.
• Comfort operating in regulated environments (healthcare and/or research) and with applicable compliance drivers (e.g., HIPAA, PCI, FERPA, campus policy requirements).
• Skilled in documenting risk exceptions/acceptances, compensating controls, and governance routing/approvals.
• Strong cross functional advisory skills with technical and non technical stakeholders.

SPECIAL CONDITIONS

• Must be able to work various hours and locations based on business needs.
• Employment is subject to a criminal background check and pre-employment physical.

Pay Transparency Act
Annual Full Pay Range: Unclassified - No data available (will be prorated if the appointment percentage is less than 100%)
Hourly Equivalent: Unclassified - No data available
Factors in determining the appropriate compensation for a role include experience, skills, knowledge, abilities, education, licensure and certifications, and other business and organizational needs. The Hiring Pay Scale referenced in the job posting is the budgeted salary or hourly range that the University reasonably expects to pay for this position. The Annual Full Pay Range may be broader than what the University anticipates to pay for this position, based on internal equity, budget, and collective bargaining agreements (when applicable).
Apply Now
If employed by the University of California, you will be required to comply with our Policy on Vaccination Programs, which may be amended or revised from time to time. Federal, state, or local public health directives may impose additional requirements.
If applicable, life-support certifications (BLS, NRP, ACLS, etc.) must include hands-on practice and in-person skills assessment; online-only certification is not acceptable.
UC San Diego Health is the only academic health system in the San Diego region, providing leading-edge care in patient care, biomedical research, education, and community service. Our facilities include two university hospitals, a National Cancer Institute-designated Comprehensive Cancer Center, Shiley Eye Institute, Sulpizio Cardiovascular Center, the only Burn Center in the county, and dozens of outpatient clinics. We invite you to join our team!
Applications/Resumes are accepted for current job openings only. For full consideration on any job, applications must be received prior to the initial closing date. If a job has an extended deadline, applications/resumes will be considered during the extension period; however, a job may be filled before the extended date is reached.
To foster the best possible working and learning environment, UC San Diego strives to cultivate a rich and diverse environment, inclusive and supportive of all students, faculty, staff and visitors. For more information, please visit UC San Diego Principles of Community .
The University of California is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age, protected veteran status, or other protected status under state or federal law.
For the University of California's Anti-Discrimination Policy, please visit: https://policy.ucop.edu/doc/1001004/Anti-Discrimination
UC San Diego is a smoke and tobacco free environment. Please visit smokefree.ucsd.edu for more information.
UC San Diego Health maintains a marijuana and drug free environment. Employees may be subject to drug screening.
Misconduct Disclosure Requirement: As a condition of employment, the final candidate who accepts an offer of employment will be required to disclose if they have been subject to any final administrative or judicial decisions within the last seven years determining that they committed any misconduct; or have filed an appeal of a finding of substantiated misconduct with a previous employer.
a. "Misconduct" means any violation of the policies governing employee conduct at the applicant's previous place of employment, including, but not limited to, violations of policies prohibiting sexual harassment, sexual assault, or other forms of harassment, or discrimination, as defined by the employer. For reference, below are UC's policies addressing some forms of misconduct:

• UC Sexual Violence and Sexual Harassment Policy
• UC Anti-Discrimination Policy
• Abusive Conduct in the Workplace