Associate Information Security Analyst - GRC

UHS•Tredyffrin Township, PA

12h

About The Position

One of the nation’s largest and most respected providers of hospital and healthcare services, Universal Health Services, Inc. (UHS) has built an impressive record of achievement and performance. Growing steadily since its inception into an esteemed Fortune 500® corporation, annual revenues during 2025 were $17.4 billion. In 2026, UHS was again recognized as one of Fortune World’s Most Admired Companies™ and in 2025, was listed in Forbes ranking of America’s Largest Public Companies. Headquartered in King of Prussia, PA, UHS has approximately 101,500 employees and continues to grow through its subsidiaries. Operating acute care hospitals, behavioral health facilities, outpatient facilities and ambulatory care access points, an insurance offering, a physician network and various related services located in 40 U.S. states, Washington, D.C., Puerto Rico and the United Kingdom. For additional information visit www.uhs.com. The Corporate Information Services Department is seeking a dynamic and talented Associate Information Security Analyst – GRC. As a member of the Cybersecurity team, the Associate Information Security Analyst – GRC supports and assists with the implementation, maintenance, and governance of UHS information security controls designed to protect the confidentiality, integrity and availability of UHS and affiliates Information Services assets. This role contributes to the Governance, Risk, and Compliance (GRC) objectives by supporting risk management activities, compliance initiatives, security control implementation, and ongoing monitoring of security operations. Monitors and tracks the resolution of security-related maintenance, remediation, and enhancement issues assigned by the UHS Customer Support Center or more senior members of the Information Security Team. With guidance, this role assists in implementing and documenting security controls, ensuring alignment with UHS policies, regulatory requirements, and industry best practices. Provides technical support to UHS entities, meet deadlines, and shares knowledge and experience with other members of team.

Requirements

This position requires a Bachelor’s degree in Computer Science, or Information Systems, with a concentration in cybersecurity highly preferred.
No working experience is required, up to one year of Information Technology or Systems experience would enhance the skills and abilities necessary to perform this job.
An Associate’s Degree in Computer Science or Information Systems, with a concentration in cybersecurity AND one year of relevant Information Technology or Systems experience may be considered in lieu of the Bachelor’s degree.
Basic understanding of the following or similar information security technologies: Active Directory Intrusion detection/prevention systems (IDS/IPS) Web filtering Vulnerability scanners/remediation Encryption technologies for data at rest and data in transit Mobile device and removable media protection or management systems Forensic analysis Security Information and Event Management (SIEM) systems Common Vulnerabilities and Exposures (CVE) database Anti-Virus Device Control
Basic knowledge of information security governance frameworks and best practices (e.g., NIST, ISO, CIS, HIPAA).
Basic understanding of risk management, vulnerability management, and compliance monitoring.
Basic knowledge of general IS standards and quality methods and metrics.
Basic knowledge of project management methods.
Basic understanding of incident response lifecycle (detect, analyze, contain, remediate).
Basic knowledge of security penetration testing and ethical hacking best practices.
Exposure to threat intelligence and log analysis concepts.
Has a general familiarity with business practices, concepts and terminology sufficient to support the security applications or systems and communicate effectively with colleagues.
Able to prioritize multiple tasks and be details oriented.
Excellent communication, interpersonal and project management skills
Travel Requirements: Minimal

Responsibilities

Regularly meets with users, vendors, and IS staff to support the development or modification of security and compliance-related system specifications.
Assists with the implementation and ongoing operation of security controls aligned with UHS policies, standards, and regulatory requirements.
Researches and resolves technical security-related tickets.
Adheres to appropriate UHS Project Management standards.
Ensures strict adherence to work plans, reporting all serious deviations to management.
Assists with the training of users in operating procedures for security solutions.
Researches and resolves tickets including major security solution implementations and upgrades.
Monitor security alerts and dashboards daily
Assist with phishing analysis and user-reported security issues
Perform initial triage and severity assessment of security events.
Assists with risk and vulnerability assessments by gathering evidence, validating remediation actions, and updating risk registers or tracking systems.
Assists with Vendor and Third-Party Risk Management.
Adheres to UHS Service Level and Change Management Policies.
Provides on-call support as scheduled.
Establishes and maintains regular communications with user community.
Maintains Service Excellence principles.
Prepares and submits status reports to supervisor as required.
Keeps management well informed of activities, needs, problems.
Performs other tasks as required by management.