We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
New
University of California- Davis Health jobs

Senior Cyber Risk Analyst

University of California- Davis Health
$
vision insurance, parental leave, paid time off, paid holidays, sick time, long term disability, tuition reimbursement, remote work
United States, California, Sacramento
Feb 26, 2026
Apply for Job
Job ID
84512
Location
Sacramento
Full/Part Time
Full Time
Add to Favorite Jobs
Email this Job
Job Summary

This position functions as an advanced-level professional within the UC Career Tracks framework and exercises independent judgment on matters of institutional risk. Reporting directly to the Deputy CISO, and as an experienced cybersecurity risk expert and individual contributor, lead groups of highly skilled and experienced professionals outside of your own department and within, through information and systems risk analysis exercises on assets within their own areas of expertise. Help others discern and measure areas of probable loss. Help the care providers, researchers, students, leaders and business professionals of UC Davis Health to ensure the confidentiality, availability, and integrity (CIA) of the critical services and data that they work with daily. With little or no supervision, Interview, survey, educate, discover, calibrate, measure, calculate and report risk in both qualitative and quantitative form. Arm leaders with accurate, provable, actionable intelligence that supports decisions they must make with limited resources, so they can prioritize and treat risks before threats turn into realities.

Apply By Date: 3/7/2026 by 11:59pm

Minimum Qualifications - For full consideration, applicants are encouraged to upload license and/or certification if required of the position

  • Bachelor's degree in related area and / or equivalent experience / training
  • Seven (7) or more years of progressively responsible experience in cybersecurity, information security, or IT risk management, including at least three (3) years performing enterprise-level cybersecurity risk assessments.
  • Demonstrated experience independently leading complex, cross-functional cybersecurity risk analyses involving technical and business stakeholders at multiple organization levels.
  • Five (5) or more years of experience applying and assessing security and privacy control frameworks such as NIST Cybersecurity Framework (CSF), NIST SP800-53, NIST SP800-171, ISO 27001/27002, CIS Controls, or equivalent.
  • Three (3) or more years of experience in a regulated environment, preferably healthcare, higher education, or public sector, subject to HIPAA, HITECH, FERPA, CMS, or other federal/state information security regulations.
  • Demonstrated experience evaluating technical architectures (on-prem, cloud, SaaS, IaaS, PaaS), identifying control gaps and assessing risk to confidentiality, integrity and availability.
  • Demonstrated experience producing formal written risk reports and presenting risk findings to senior leadership, executives, or governance committees.
  • One (1) or more years experience performing risk assessments with Cyber Risk Quantification (CRQ), preferably using FAIR methodologies.
  • Demonstrated proficiency measuring the quality and maturity of cybersecurity technical controls & safeguards in healthcare-related information services, using standards such as ISO27001/2, NIST Cybersecurity Framework, and its source risk control library, SP800-53. Work experience or certification is evidence; proficiency to be verified before hire.
  • Ability to detect and discern discrepancies between attestation claims and evidence artifacts that comes with intense attention to detail. Ability to proficiently perform and communicate statistical calculations of probability, and financial calculations of loss.

Preferred Qualifications

  • The Open Group OpenFAIR
  • ISC2 CISSP
  • HCCA CHPC
  • CompTIA Security+
  • ISACA CRISC
  • ISC2 HCISPP
  • Training on OpenFAIR Cyber Risk Quantification
  • Training on 3rd party Risk Management
  • Training on Systems Risk Assessment Methodologies
  • Training on Cybersecurity audit controls frameworks, and performing effective audits against them.
  • Training on Research compliance, particularly Human Subject Research
  • Training on Healthcare Privacy Compliance
  • Eight (8) or more years of experience in cybersecurity risk, security architecture, compliance, or governance roles.
  • Demonstrated experience leading enterprise risk governance programs or contributing significantly to institutional risk committees.
  • Experience implementing or operationalizing Cyber Risk Quantification (CRQ) methodologies such as OpenFAIR.
  • Experience supporting healthcare research environments, including IRB, human subjects research, clinical trials, or regulated biomedical systems.
  • Experience performing security risk assessments of modern cloud-native environments (containerization, Kubernetes, serverless architectures).
  • Experience mentoring junior analysts or providing technical leadership without direct supervisory authority.
  • Experience supporting incident response investigations from a risk and impact analysis perspective.
  • Demonstrated experience showing the ability to present complex principles to mixed audiences.
  • Experience reviewing privacy and information security risk of third-party service contracts, preferably interacting directly with transactional attorneys.
  • Knowledge of Cyber Risk Quantification, especially OpenFAIR.
  • Understanding of disaster recovery and business continuity principles.
  • Preferred understanding of technical risks associated with changes to firewall rules.
  • Preferred ability to discern and articulate technical risks frequently present in modern cloud workloads, such as docker containers and Kubernetes, and the differences in risks between on-prem, SAAS and IAAS solutions.
  • Deep, applied understanding of controls standards such as ISO 27001/2, NIST SP800-53, or NIST SP800-171.

Key Responsibilities

  • 30% - Lead groups of leaders and staff from other departments through risk analysis exercises and processes
  • 25% - Assess Risk Based on Expert Risk Analysis
  • 25% - Deliver actionable, accurate risk intelligence on areas of specialized expertise
  • 20% - Risk Governance Support, program improvements, and other duties as assigned

Department Overview

The UC Davis Health Cybersecurity team is dedicated to safeguarding institutional data, critical infrastructure, and operational technology within the UC Davis Health System organization. Taking a proactive and comprehensive approach to protecting the organization from cyber risks. Employing best practices, robust security controls, and education of the workforce, to strengthen the overall security posture and resilience of the enterprise.

POSITION INFORMATION

  • Salary or Pay Range: $8,533.33 - $16,866.67
  • Salary Frequency: Monthly
  • Salary Grade: 249
  • UC Job Title: IT SCRTY ANL 4 TX
  • UC Job Code: 006365
  • Number of Positions: 1
  • Appointment Type: Staff: Career
  • Percentage of Time: 100%
  • Shift (Work Schedule): M-F
  • Location: UCDHAS Building (HSP165)
  • Union Representation: TX-Technical Professionals
  • Benefits Eligible: Yes
  • This position is hybrid (mix of on-site and remote work)

Benefits

Outstanding benefits and perks are among the many rewards of working for the University of California. UC Davis offers a full range of benefits, resources and programs to help you bring your best self to work, as well as to help you and your family achieve your health, wellness, financial and career goals. Learn more about the benefits below and eligibility rules by visiting either our handy Benefits Summary for UC Davis Health Employees or Benefits Summary for UC Davis Employees and our Benefits Page.

If you are represented by a union, benefits are negotiated between the University of California (UC) and your union and finalized in a contract. Read your bargaining unit's employment contract, stay abreast of current negotiations and learn about collective bargaining at UC: https://ucnet.universityofcalifornia.edu/labor/bargaining-units/index.html

  • High quality and low-cost medical plans to choose from to fit your family's needs
  • UC pays for Dental and Vision insurance premiums for you and your family
  • Extensive leave benefits including Pregnancy and Parental Leave, Family & Medical Leave
  • Paid Holidays annually as stipulated in the UC Davis Health Policies or Collective Bargaining Agreement
  • Paid Time Off/Vacation/Sick Time as stipulated in the UC Davis Health Policies or Collective Bargaining Agreement
  • Continuing Education (CE) allowance and Education Reimbursement Program as stipulated in the UC Davis Health Policies or Collective Bargaining Agreement
  • Access to free professional development courses and learning opportunities for personal and professional growth
  • WorkLife and Wellness programs and resources
  • On-site Employee Assistance Program including access to free mental health services
  • Supplemental insurance offered including additional life, short/long term disability, pet insurance and legal coverage
  • Public Service Loan Forgiveness (PSFL) Qualified Employer & Student Loan Repayment Assistance Program for qualified roles
  • Retirement benefit options for eligible roles including Pension and other Retirement Saving Plans. More information on our retirement benefits can be found here

Physical Demands

  • Standing - Frequent 3 to 6 Hours
  • Walking - Frequent 3 to 6 Hours
  • Sitting - Frequent 3 to 6 Hours
  • Lifting/Carrying 0-25 Lbs - Occasional Up to 3 Hours
  • Pushing/Pulling 0-25 Lbs - Occasional Up to 3 Hours
  • Bending/Stooping - Occasional Up to 3 Hours
  • Squatting/Kneeling - Occasional Up to 3 Hours
  • Keyboard use/repetitive motion - Occasional Up to 3 Hours

Environmental Demands

  • Loud noise levels - Occasional Up to 3 Hours
  • Uneven Surfaces or Elevations - Occasional Up to 3 Hours

Mental Demands

  • Sustained attention and concentration - Frequent 3 to 6 Hours
  • Complex problem solving/reasoning - Frequent 3 to 6 Hours
  • Ability to organize & prioritize - Frequent 3 to 6 Hours
  • Communication skills - Frequent 3 to 6 Hours
  • Numerical skills - Occasional Up to 3 Hours
  • Constant Interaction - Occasional Up to 3 Hours
  • Customer/Patient Contact - Occasional Up to 3 Hours
  • Multiple Concurrent Tasks - Frequent 3 to 6 Hours

Work Environment

UC Davis is a smoke and tobacco free campus effective January 1, 2014. Smoking, the use of smokeless tobacco products, and the use of unregulated nicotine products (e-cigarettes) will be strictly prohibited on any UC Davis owned or leased property, indoors and outdoors, including parking lots and residential space.

Special Requirements - Please contact your recruiter with questions regarding which activities apply by position

  • This is a critical position, as defined by UC Policy and local procedures, and as such, employment is contingent upon clearing a criminal background check(s) and may include drug screening, medical evaluation clearance and functional capacity assessment
  • This position is designated as a mandated reporter under CANRA and UC policy, and employment is contingent on compliance with applicable policies, procedures and training requirements

Misconduct Disclosure Requirement: As a condition of employment, the final candidate who accepts a conditional offer of employment will be required to disclose if they have been subject to any final administrative or judicial decisions within the last seven years determining that they committed any misconduct; received notice of any allegations or are currently the subject of any administrative or disciplinary proceedings involving misconduct; have left a position after receiving notice of allegations or while under investigation in an administrative or disciplinary proceeding involving misconduct; or have filed an appeal of a finding of misconduct with a previous employer.

A Culture of Opportunity and Belonging

At UC Davis, we're committed to solving life's most urgent challenges and building a healthier, more resilient world. We believe in growing through every challenge, continually striving to improve, and welcoming new perspectives that strengthen our community. We recognize that a vibrant and innovative organization values both individual strengths and shared purpose. The best ideas often emerge when people with different experiences come together.

As you consider joining UC Davis, we invite you to explore our Principles of Community, our Clinical Strategic Plan and strategic vision for research and education. We believe you belong here. The University of California, Davis is an Equal Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age or protected veteran status.

To view the University of California's Anti-Discrimination Policy, please visit: https://policy.ucop.edu/doc/1001004/Anti-Discrimination

Because we want you to feel seen and valued, our recruitment process at UC Davis supports openness and authenticity. Research shows that some individuals hesitate to apply unless they meet every qualification. You may be an excellent fit for this role-or the next one. We encourage you to apply even if your experience doesn't match every listed requirement. #YouBelongHere

To learn more about our background check program, please visit: https://hr.ucdavis.edu/departments/recruitment/ucd/selection/background-checks
Applied = 0
MORE JOBS LIKE THIS

(web-54bd5f4dd9-dz8tw)