The Information Technology Risk Analyst supports the IT Risk Management Program within UPMC Enterprises (UPMCE). The candidate will identify, monitor and perform quantitative analysis against current and potential risks that may negatively affect all or a subset of Stage 2+ opportunities in the UPMC Enterprises opportunity pipeline. Support UPMC with strategic assessments and provide tactical analysis and advice for Business Units and Executive Management through the use of automated tools, execution of IT risk management processes and reporting
-4-year academic degree includes courses in computer science, management information systems, cyber security, data analysis, statistics OR has acquired Core IT skills and knowledge via practical experience.
-Requires knowledge of security issues, techniques and implications across all existing computer platforms.
-Understand key technology concepts such as access control, asset lifecycle management, encryption, business continuity, vulnerability management, and third-party vendor risk.
-Strong oral and written communication skills to work effectively with employees at all levels of the organization.
-Ability to drive conversations with teams with varied backgrounds and purpose, as well as effectively communicate to management.
-Ability to multi-task, strong attention to detail, self-motivated willingness to take initiative and ownership.
-Excellent problem-solving skills and the ability to be highly productive, both working alone and as part of a team.
-Working knowledge of a cyber risk management software platform is a plus.
Licensure, Certifications, and Clearances:
Analysts will be required to become or maintain one or more certifications, including but not limited to:Open FAIR Certification Certified in Risk and Information Systems Control (CRISC)Certified Information Systems Security Professional (CISSP)Certified Information Systems Auditor (CISA)
UPMC is an Equal Opportunity Employer/Disability/Veteran