COVID-19 Vaccination Information

Across UPMC, our guiding principle is to always prioritize the safety of our employees, patients, and members. UPMC believes that vaccination is important, helps protect all, and advocates that everyone who can be vaccinated should be vaccinated.

UPMC continues to comply with governmental guidance related to local, state, and federal COVID-19 vaccination for employment. All employees and affiliated staff of UPMC entities are considered essential health care workers and will be accountable to follow the Centers for Medicare & Medicaid Services (CMS) federal vaccine mandate. To be compliant with the federal mandate, employees must complete the approved vaccination dosage regimen currently defined by the federal government. Compliance with the federal mandate is encouraged before hire. Medical and religious exemption requests may be submitted for consideration.

For more information about UPMC’s response to COVID-19, please visit

Search Our Jobs

   Current UPMC employees must apply in HR Direct

Information Security Analyst - Associate

  • Job ID: 210004AY
  • Status: Full-Time
  • Regular/Temporary: Regular
  • Hours:
  • Shift: Day Job
  • Facility: Corporate Information Services
  • Department: System Security IT
  • Location: 3600 Forbes Ave, Pittsburgh PA 15213
  • Union Position: No
  • Salary Range: $28.08 to $42.62 / hour



UPMC is looking to hire a full-time Associate Information Security Analyst within the IT Security Compliance Team.  This role works Monday through Friday during daylight hours.  The role is eligible to work remotely with on-site work as needed.  Minimal participation in an on-call rotation is required.

The IT Security Compliance team is responsible for guiding UPMC’s compliance efforts to align with various industry accepted security standards, such as HITRUST CSF, SOC2 Type 2, HIPAA Security Rule and PCI-DSS (Payment Card Industry- Data Security Standard), as well as UPMC’s own IT policies and standards. In addition, the team manages third party security risk assessments, helps to guide UPMC’s third parties towards HITRUST certification, manages the security plan process for on-premise UPMC systems and applications, and tracks and monitors adherence to IT configuration standards for UPMC’s server environment.  Under the general direction of the management team and senior staff, the Information Security Analyst - Associate supports the Information Security Group's efforts to develop secure systems and networks through the use of automated tools, execution of security processes and procedures,and reporting.

If you are someone who has a passion for information security and is excited to work within a close-knit team of highly knowledgeable individuals, then we encourage you to apply today! 


  • Able to establish priorities and delegate tasks to the appropriate personnel or work independently as necessary.
  • Respond to Security Incident Handling Processes.
  • Develop automated routines for account administration efficiencies.
  • Provide Security Training and Awareness Program Delivery.
  • In the course of professional activities, conducts themselves in accordance with the highest standards of moral, ethical and legal behavior.
  • Develop and maintain service levels with the various user departments and Heath System business units, and creates reports on the attainment of those levels.
  • Ensure that all applicable Policies and Standards are strictly adhered to in the execution of their duties.
  • Perform low risk testing of network and system security.
  • Maintain current knowledge of security techniques and technologies.
  • Fulfill departmental requirements in terms of providing work coverage and administrative notification during periods of personal illness, vacation, or education.
  • Execute, monitor and maintain Intrusion Detection processes and procedures.
  • Test Security Plans presented by Application and System Support Representatives.
  • Report and investigate discrepancies to policy enforcement mechanisms; works with client to resolve issues.
  • Candidate must be highly motivated to apply process improvement (CMMI) to increase product and service quality to achieve business objectives.
  • Resolve access and security issues with Data Stewards.
  • Provide support as required by ISD's Disaster Recovery Plan.
  • Ensure Security Policies are implemented on systems and networks reviewed.
  • Monitor and maintain Security Police enforcement mechanisms and processes.
  • Provide on-call support at designated times in accordance with the policies and procedures of the Health System.
  • Provide service to ISD client community, patients, families and visitors, while protecting the integrity and confidentiality of all data and information through physical and electronic measures.
  • Security Administration, Management, and Governance Understand the various components of an effective IT security program and relate them to the organization's business process requirements. Compare plans for implementing IT security program elements to ensure that they effectively address program objectives. Participate in or perform with supervision tests of security safeguards in accordance with the established test plan and procedures, and document results.


  • Typically has a 2-year academic degree and familiarity with Information Security through education or practical work experience.

  • Demonstrates and applies thorough understanding of information technology tools, best practices, and concepts.

  • Completes on-going training on-the-job, through courses, self-study, certifications and/or advanced degrees to maintain and enhance technical and business capabilities.

  • Participates in an On-Call Team rotation.

Preferred Qualifications

  • Ability to prioritize impactful vulnerabilities and reduce noise often associated with vulnerability tools.

  • Ability to combine information from multiple data sources through the use of SQL and/or Splunk syntax.

  • Experience working with Windows, Linux and/or other Unix-like variants.

  • Experience with IT Project Management 

  • Understanding of TCP, UDP, HTTP, IP and other network protocols.

  • Ability to automate and script tasks (Python, PowerShell).

  • Ability to utilize and write scripts against common web APIs (REST).

  • Experience working in a cloud environment (AWS or Azure).

  • Twistlock / Prisma Cloud experience is a plus. 

  • Experience with vulnerability analysis tools (ex. Rapid7, Nmap, AppScan, Burp).

Licensure, Certifications, and Clearances:
CompTIA Network+ and Security+ certifications are preferred

UPMC is an Equal Opportunity Employer/Disability/Veteran

Total Rewards

More than just competitive pay and benefits, UPMC’s Total Rewards package cares for you in all areas of life — because we believe that you’re at your best when receiving the support you need: professional, personal, financial, and more.

Our Values

At UPMC, we’re driven by shared values that guide our work and keep us accountable to one another. Our Values of Quality & Safety, Dignity & Respect, Caring & Listening, Responsibility & Integrity, Excellence & Innovation play a vital role in creating a cohesive, positive experience for our employees, patients, health plan members, and community. Ready to join us? Apply today.

   Current UPMC employees must apply in HR Direct