Job Description

Job Title: IT Risk Analyst - Associate
Job ID: 12250895
Status: Full-Time
Regular/Temporary: Regular
Shift: Day Job
Department: ISD System Security
Location: 2000 Mary St, Pittsburgh PA 15203


The Information Technology (IT) Risk Analyst supports the UPMC IT Risk Management Program within Information Assurance Services and will assist in the development and execution of a FAIR-Based Risk Quantification Program. The role will require a combination of facilitation, analysis, technical, information security, and business skills and candidates will be expected to contribute risk quantification and risk management thought leadership to the IT Risk Management Team.


  • Obtain thorough understanding of the FAIR methodology for Quantifying Information Risk.
  • Assist in the development, implementation and maintenance of IT Risk Management Program.
  • Assist in building strong, collaborative partnerships with internal key risk partners and, as required, external risk quantification industry partners.
  • Understand the methodology for the formulation, execution and management of standardized and custom FAIR risk quantification analyses.
  • Understand and contribute to the identification of internal and external primary/ secondary loss, threat event and susceptibility data/ information.
  • Understand and gain knowledge of the development, application and maintenance of FAIR-based models, standard analysis scenarios and risk quantification tools/ techniques.
  • Attend and contribute to risk quantification meetings and working group sessions.
  • Assist in communicating the benefits of the IT Risk Management Program/ FAIR training across the UPMC landscape.
  • Familiarize yourself with UPMC business owners and IT owners along with the hierarchical structure of UPMC.
  • Assist in performing IT Risk Assessments and reporting efforts.
  • Provide service to IT client community, patients, families and visitors, while protecting the integrity and confidentiality of all data and information through physical and electronic measures.
  • Review and understand all applicable UPMC Policies and Standards.
  • In the course of professional activities, conducts themselves in accordance with the highest standards of moral, ethical and legal behavior.
  • Continue to obtain current knowledge of security techniques and technologies.
  • Fulfill departmental requirements in terms of providing work coverage and administrative notification during periods of personal illness, vacation, or education.
  • Security Administration, Management, and Governance - Understand the various components of an effective IT security program and relate them to the organization's business process requirements. Compare plans for implementing IT security program elements to ensure that they effectively address program objectives. Participate in or perform with supervision tests of security safeguards in accordance with the established test plan and procedures, and document results.


  • 4-year academic degree includes courses in computer science, management information systems, cyber security, data analysis, statistics OR has acquired Core IT skills and knowledge via practical experience.
  • Requires knowledge of IT security strategy, techniques and control implementations across all existing computer platforms.
  • Understand key technology concepts such as access control, asset lifecycle management, encryption, business continuity, vulnerability management, and third-party vendor risk.
  • Strong facilitation, collaboration and relationship-building experienceStrong oral and written communication skills to work effectively with employees at all levels of the organization.
  • Ability to multi-task, strong attention to detail, and self-motivated.
  • Excellent critical thinking and problem-solving skills.

    Licensure, Certifications, and Clearances:
    The candidate must become certified in the Factor Analysis of Information Risk (FAIR) within 2 years of being hired, or reclassified due to transfer, promotion, or reorganization.

    UPMC is an Equal Opportunity Employer/Disability/Veteran

Salary Range: $27.19 to $41.26 / hour

Union Position: No

Apply Current Employee?


At UPMC, our shared goal is to create a cohesive, positive, experience for our employees, patients, health plan members, and community. If you too are driven by these values, you may be a great fit at UPMC!


UPMC provides a total rewards package that can help you achieve the goals you have for your career and your personal life. Whether you want to learn a new skill through a training course, reach personal health and wellness targets, become more involved in your community, or follow a career path that provides you with the right experience to be successful, UPMC can help you get to where you want to be.


Now more than ever, YOU can help us shape our communities and UPMC into a better place for everyone to work, study, play, and thrive.

Learn more about working here and check out our policies and recent updates.

UPMC Health Plan Named Best Places to Work for LGBTQ Equality in 2019

UPMC Ranked #1 Best Places for Women and Diverse Managers in 2019

Talent Network