COVID-19 Vaccination Information

Across UPMC, our guiding principle is to always prioritize the safety of our employees, patients, and members. UPMC believes that vaccination is important, helps protect all, and advocates that everyone who can be vaccinated should be vaccinated.

UPMC complies with all governmental requirements related to local, state, and federal COVID-19 vaccination for employment. The Jan. 13 Supreme Court of the United States decision that the Centers for Medicare & Medicaid Services federal COVID-19 vaccine mandate will move forward requires UPMC to ensure employees either get vaccinated or receive a requested medical or religious exemption.

If you are not yet vaccinated, we urge you to get a vaccine now. You can schedule your COVID-19 vaccination through UPMC or visit a non-UPMC provider or UPMC Urgent Care location.

Proof of vaccination is not required upon hire; however, employees will be responsible for ensuring post-hire compliance by getting vaccinated or requesting a medical or religious exemption.

For more information about UPMC’s response to COVID-19, please visit

Search Our Jobs

   Current UPMC employees must apply in HR Direct

IT Risk Analyst - Senior

  • Job ID: 585250664
  • Status: Full-Time
  • Regular/Temporary: Regular
  • Hours:
  • Shift: Day Job
  • Facility: Corporate Information Services
  • Department: HPLAN Arch,Sec,TechMgmt
  • Location: Work From Home
  • Union Position: No
  • Salary Range: $40.06 to $65.02 / hour


The Information Technology (IT) Risk Analyst supports the to UPMC Health Plan Integrated Security and Risk Management program and will assist in the development and execution of a FAIR-Based Risk Quantification Program. The role will require a combination of facilitation, analysis, technical, information security, and business skills and candidates will be expected to contribute risk quantification and risk management thought leadership to the IT Risk Management Team. WORK FROM HOME OPPORTUNITY!! 



  • Thorough understanding of the FAIR methodology for Quantifying Information Risk and ability to educate entry level team members on FAIR.
  • Facilitate the development, implementation and maintenance of UPMC Health Plan Integrated Security and Risk Management program
  • Build strong, collaborative partnerships with internal key risk partners and, as required, external risk quantification industry partners.
  • Formulate, execute and manage the use of FAIR risk quantification analyses.
  • Identify areas of internal and external primary/ secondary loss, threat event and susceptibility data/ information.
  • Guide the development, application and maintenance of FAIR-based models, standard analysis scenarios and risk quantification tools/ techniques.
  • Facilitate risk quantification meetings and working group sessions.
  • Facilitate the formal and informal risk quantification/ FAIR training and socialization efforts development and delivery.
  • Build and manage excellent relationships with business owners and IT contacts to elicit their input and feedback on risk initiatives.
  • Facilitate IT Risk Assessments and reporting of results to ISD and Operational Executive Management Leadership
  • Provide service to IT client community, patients, families and visitors, while protecting the integrity and confidentiality of all data and information through physical and electronic measures.
  • Ensure that all applicable UPMC Policies and Standards are strictly adhered to in the execution of their duties.
  • In the course of professional activities, conducts themselves in accordance with the highest standards of moral, ethical and legal behavior.
  • Maintain current knowledge of security techniques and technologies.
  • Fulfill departmental requirements in terms of providing work coverage and administrative notification during periods of personal illness, vacation, or education.
  • Security Administration, Management, and Governance - Understand the various components of an effective IT security program and relate them to the organization's business process requirements. Compare plans for implementing IT security program elements to ensure that they effectively address program objectives. Participate in or perform with supervision tests of security safeguards in accordance with the established test plan and procedures, and document results.



  • 4-year academic degree that includes courses in computer science, management information systems, cyber security, data analysis, statistics OR has acquired Core IT skills and knowledge via practical experience.
  • Typically has 5+ years work experience in IT Risk and Compliance, Information Security, Red Team/ Pen Testing, Threat/ Statistical Modeling or Information Technology Audit.
  • Familiarity/ experience with using FAIR quantitative risk analysis methodologies.
  • Extensive information security expertise and in-depth knowledge of security techniques and controls across all computer platforms.
  • Expertise of key technology concepts such as access control, asset lifecycle management, encryption, business continuity, vulnerability management, and third-party vendor risk.
  • Display strong subject matter expertise in risk quantification, management, governance and development of risk appetite.
  • Capable of analyzing, simplifying and expressing complex problems.
  • Strong and demonstrated facilitation, collaboration and relationship-building experience
  • Organized self-starter; versatile and capable of performing work with minimal management oversight.
  • Strong oral and written communication skills to work effectively with employees at all levels of the organization.
  • Ability to multi-task, strong attention to detail, self-motivated willingness to take initiative and ownership.
  • High level critical thinking, problem-solving skills and the ability to be highly productive, both working alone and as part of a team.

Licensure, Certifications, and Clearances:
The candidate must become certified in the Factor Analysis of Information Risk (FAIR) within 2 years of being hired, or reclassified due to transfer, promotion, or reorganization.

UPMC is an Equal Opportunity Employer/Disability/Veteran

Total Rewards

More than just competitive pay and benefits, UPMC’s Total Rewards package cares for you in all areas of life — because we believe that you’re at your best when receiving the support you need: professional, personal, financial, and more.

Our Values

At UPMC, we’re driven by shared values that guide our work and keep us accountable to one another. Our Values of Quality & Safety, Dignity & Respect, Caring & Listening, Responsibility & Integrity, Excellence & Innovation play a vital role in creating a cohesive, positive experience for our employees, patients, health plan members, and community. Ready to join us? Apply today.

   Current UPMC employees must apply in HR Direct

Security Alert

We are aware of scams targeting UPMC and other large companies that involve individuals posing as employees to illegitimately conduct interviews and extend false employment offers and payments to gain access to candidates' personal information. Please note that UPMC will not communicate with candidates through third-party email services like Gmail or Yahoo. While some interviews may take place via a video conferencing service, UPMC Talent Acquisition will not conduct interviews via Skype or Google Hangouts. UPMC will never ask for or disburse funds during the recruitment process. If you are hired into a role with a sign-on bonus or similar incentive, funds will be paid to you by UPMC after your start date.

If you suspect you have been a victim of a fraudulent UPMC job offer, please report the attempt using this form.