At UPMC, we are committed to keeping our community safe and healthy as the COVID-19 pandemic unfolds. As our team continues to provide Life Changing Medicine to our patients, our recruiters will continue to fill positions throughout this time. Interviews and other processes may be modified to protect the safety of our candidates and employees. Thank you for your patience.

For more information about UPMC's response to COVID-19, please visit

UPMC Life Changing Medicine
Search Our Jobs

   Current UPMC employees must apply in HR Direct

Information Security Analyst - Senior

  • Job ID: 206183294
  • Status: Full-Time
  • Regular/Temporary: Regular
  • Hours:
  • Shift: Day Job
  • Facility: Corporate Information Services
  • Department: ISD System Security
  • Location: 2000 Mary St, Pittsburgh PA 15203
  • Union Position: No
  • Salary Range: $38.22 to $62.05 / hour


Under the general direction of the management team and senior staff, the Information Security Analyst - Senior supports the Information Security Group's efforts to develop secure systems and networks through the identification and implementation of automated tools, development and execution of security processes, procedures, advanced security techniques, and reporting.

As the Information Security Analyst - Senior, you will work to perform and assist in system wide HIPPA assessments. You will also assist in performing annual HITRUST/ SOC2 assessments. You will assist in third party vendor risk assessments and help with developing and maintaining ISD policies and standards. You will work with a mentor to understand internal processes, security tools and organizational structures. You will be assigned projects and will work with their mentor on these projects.

  • Business Continuance: Evaluates the adequacy of security environments and the capability of security strategies, architectures, and safeguards to maintain the integrity of those security environments. Prepares recommendations for system approval decisions. Evaluates organizational IT security plans to ensure that they appropriately address the security requirements of each system.
  • Security Technology Design, Development: Evaluate conflicting functional requirements (e.g., the level of audit trail that can be incorporated without adversely affecting system performance) and select for implementation those requirements that will provide the highest level of security at the minimum cost consistent with applicable UPMC strategies, policies and external laws and regulations. Lead the evaluation, design, development, and modification of safeguards to correct vulnerabilities identified during system implementation.
  • Promote/teach IT security awareness, basics and literacy, and training to IT and non-IT employees commensurate with their responsibilities.
  • Disaster Recovery: Independently defines, designs, and develops backup/restore, server and network technologies and protocols.
  • Project Management Skills: Works with project manager to develop realistic work estimates, financial budgets, and project schedules. Assists and mentors others involved with project planning and execution. Measures progress toward goals and revises work plan accordingly. Reviews project deliverables for accuracy and provides assistance and mentoring to others. Proactively apprises management of issues effecting project status and offer solutions to solve the issues.
  • Security Administration, Management, and Governance: Determine whether a security breach is indicative of a violation of law that requires specific legal action (e.g., unauthorized access and alteration of data) and forward evidence to the Federal Bureau of Investigation for investigation. Monitor and evaluate the effectiveness of IT security procedures and safeguards to ensure they provide the intended level of protection. Take action as necessary should the level of protection fall below the established minimum. Analyze IT security incidents or patterns of incidents to determine if remedial actions are needed to correct vulnerabilities and maintain the acceptable level of risk. Evaluate application and infrastructure designs for compliance with hardening standards, monitoring and compliance, incident response, and disaster recovery requirements. Independently evaluate and approve development specifications and developer work in progress to ensure that security safeguards are appropriately installed for the system being developed, modified, or installed.
  • Business Continuance: Designs and develops tests for security safeguard performance under abnormal, unusual, probable, and/or illegal circumstances. Independently evaluates the performance of security controls (to include hardware, software, firmware, and telecommunications as appropriate) to ensure that the residual risk is within an acceptable range. Identifies IT security program implications of new technologies or technology upgrades.


  • Typically has a 4-year academic degree and 5+ years of information security or equivalent practical work experience.
  • Demonstrates and applies thorough understanding of information technology tools, best practices, and concepts.  
  • Completes on-going training on-the-job, through courses, self-study, certifications and/or advanced degrees to maintain and enhance technical and business capabilities.
  • Maintains current knowledge of security techniques and technologies and applies that knowledge to mitigate risk. 
  • Participates in an On-Call Team rotation.

Licensure, Certifications, and Clearances:
CompTIA Network+, Security+ and CISSP certifications are preferred

UPMC is an Equal Opportunity Employer/Disability/Veteran

Total Rewards

More than just competitive pay and benefits, our Total Rewards package cares for you in all areas of life. Designed to help you achieve your goals, Total Rewards support our belief that you’re at your best when you’re receiving the support you need in all areas of life: professional, personal, financial, and more.

Our Values

No matter where we work or what we do, we’re driven by common values that guide our work and keep us accountable to one another. UPMC’s values of Quality & Safety, Dignity & Respect, Caring & Listening, Responsibility & Integrity, Excellence & Innovation play a vital role in creating a cohesive, positive, experience for our employees, patients, health plan members, and community. Ready to join us? Apply today.

   Current UPMC employees must apply in HR Direct

Talent Network