COVID-19 Precautions
Search Our Jobs

   Current UPMC employees must apply in HR Direct

Information Security Analyst - Intermediate

  • Job ID: 370378780
  • Status: Full-Time
  • Regular/Temporary: Regular
  • Hours:
  • Shift: Day Job
  • Facility: Corporate Information Services
  • Department: System Security IT
  • Location: 3600 Forbes Ave, Pittsburgh PA 15213
  • Union Position: No
  • Salary Range: $33.54 to $51.05 / hour



UPMC is actively hiring for an Intermediate Information Security Analyst role within the IT Security Compliance team. The IT Security Compliance team is responsible for guiding UPMC’s compliance efforts to align with various industry accepted security standards, such as HITRUST CSF, SOC2 Type 2, HIPAA Security Rule and PCI-DSS (Payment Card Industry- Data Security Standard), as well as UPMC’s own IT policies and standards. In addition, the team manages third party security risk assessments, helps to guide UPMC’s third parties towards HITRUST certification, manages the security plan process for on-premise UPMC systems and applications, and tracks and monitors adherence to IT configuration standards for UPMC’s server environment.  This position works Monday through Friday during daylight hours.

This role will work under the direction of the management team and senior staff.  The Information Security Analyst supports Information Assurances Services’ efforts to develop secure systems and networks through the use of automated tools, execution of security processes and procedures, and reporting.

If you are someone who has a passion for information security and is excited to work within a close-knit team of highly knowledgeable individuals, then we encourage you to apply today! 

This is a remote position.


  • Research evolving compliance requirements under various frameworks, including HITRUST, HIPAA, NIST CyberSecurity Framework, PCI-DSS, and others.
  • Perform various security assessments (HITRUST Validated Assessments, SOC2 Type2, HIPAA Security Rule Assessments, etc.)
  • Help maintain UPMC’s Third Party Risk Management (TPRM) framework and processes.
  • Assess and monitor TPRM lifecycle activities with all third-party vendors (security assessment questionnaires, ongoing monitoring, termination, etc.), providing TPRM guidance to Business Owners, Technical Contacts and Executive Leadership.
  • Maintain UPMC Configuration Management Program by monitoring compliance to UPMC server and desktop configuration baseline standards.
  • Review and revise security policies as identified through security assessments and risk analysis reviews.
  • Assist Application and System Support representatives in the development and accreditation of Security Plans to ensure policy and best practice compliance of controls in place.
  • Provide on-call support at designated times in accordance with the policies and procedures of the Health System.
  • Ability to establish priorities and delegate tasks to the appropriate personnel or work independently as necessary.
  • Interfaces with business partners to help identify issues and resolve problems. Analyzes business requests for feasibility review, including initial cost/benefit analysis; prioritizes requests and conducts capacity planning.
  • In the course of professional activities, conducts themselves in accordance with the highest standards of moral, ethical and legal behavior
  • Develop and maintain service levels with the various user departments and Heath System business units, and creates reports on the attainment of those levels.



  • Typically has a 4-year academic degree and 2+ years of information security or equivalent practical work experience.

  • Demonstrates and applies thorough understanding of information technology tools, best practices, and concepts.

  • Completes on-going training on-the-job, through courses, self-study, certifications and/or advanced degrees to maintain and enhance technical and business capabilities.

  • Maintains current knowledge of security techniques and technologies and applies that knowledge to mitigate risk.

  • Participates in an On-Call Team rotation.

Licensure, Certifications, and Clearances:

  • CompTIA Network+ and Security+ certifications are preferred

  • Experience with GRC (Governance Risk and Compliance) toolsets.

  • Experience with security frameworks e.g., HITRUST, SOC2, HIPAA, NIST, etc.)

  • Understanding of SIEM tools (i.e. Splunk) and Microsoft tools (i.e. Power Projects, Power Apps, Power Automate, Power BI, etc.)

  • Experience working with Windows, Linux and/or other Unix-like variants.

  • Understanding of TCP, UDP, HTTP, IP and other network protocols.

  • Understanding of how to triage vulnerabilities and validate tool findings before reporting them or taking action.

  • Ability to automate and script tasks (e.g. Python, PowerShell, BASH).

  • Ability to utilize and write scripts against common web APIs (REST, SOAP).

  • Experience working in a cloud environment (AWS or Azure).

UPMC is an Equal Opportunity Employer/Disability/Veteran

Total Rewards

More than just competitive pay and benefits, UPMC’s Total Rewards package cares for you in all areas of life — because we believe that you’re at your best when receiving the support you need: professional, personal, financial, and more.

Our Values

At UPMC, we’re driven by shared values that guide our work and keep us accountable to one another. Our Values of Quality & Safety, Dignity & Respect, Caring & Listening, Responsibility & Integrity, Excellence & Innovation play a vital role in creating a cohesive, positive experience for our employees, patients, health plan members, and community. Ready to join us? Apply today.

   Current UPMC employees must apply in HR Direct