Security Awareness Analyst Senior

UVA HealthCharlottesville, VA
$91,312 - $168,748Onsite

About The Position

Assist Director Information Technology Security to implement information security plan and maintain application accesses for Information Systems supported by UVa Health System Computing Services.

Requirements

  • Bachelor’s degree
  • 5-7 years relevant experience. Relevant experience may be considered in lieu of a degree.
  • CISSP or HCISPP required or actively working on and can demonstrate a plan to achieve

Nice To Haves

  • Experience leading healthcare cybersecurity programs or academic health systems.
  • Experience with phishing simulation platforms and awareness maturity metrics.
  • Familiarity with NIST CSF, HIPAA security principles, and healthcare compliance expectations.
  • Certifications such as CISSP, HCISP, CISM, CISA, Security + is preferred.

Responsibilities

  • With guidance from the GRC Director, lead the UVA Health cybersecurity awareness and training program, including annual planning, execution, and continuous improvement.
  • Develop and deliver role‑appropriate training for workforce members, including onboarding, annual refresher training, and targeted campaigns based on risk trends.
  • Design, run, and continuously refine phishing simulation campaigns; analyze results, identify systemic risk patterns, and recommend corrective actions.
  • Maintain program metrics and dashboards to demonstrate effectiveness, maturity, and risk reduction over time.
  • Ensure documentation and evidence of training completion and program effectiveness are maintained to support audits and regulatory reviews.
  • Monitor and assess emerging phishing and social engineering techniques affecting healthcare organizations.
  • Develop awareness content addressing real‑world attack scenarios (e.g., phishing, spear‑phishing, business email compromise, vishing, smishing).
  • Partner with IT Security Operations and Incident Response teams to incorporate lessons learned from security incidents into training and awareness activities.
  • Serve as a senior contributor to cybersecurity and regulatory compliance assessments by coordinating evidence collection, validating control effectiveness, and supporting remediation tracking.
  • Participate in periodic security risk assessments and governance activities aligned with UVA Health’s cybersecurity risk management practices.
  • Collaborate with Internal Audit, Compliance, and Privacy stakeholders to support internal and external audits and readiness activities.
  • Lead or co‑lead development, review, maintenance, and communication of IT security policies, standards, and procedures.
  • Ensure policies reflect UVA Health governance expectations and are aligned with healthcare regulatory requirements and recognized cybersecurity frameworks.
  • Coordinate policy lifecycle activities, including scheduled reviews, updates, approvals, and workforce communication.
  • Apply and support cybersecurity controls related to data governance, data classification, and privacy protection for sensitive health and business information.
  • Work closely with Privacy and Compliance teams to support appropriate handling of PHI and other regulated data across systems and workflows.
  • Assist in identifying risks related to data access, use, and disclosure, and support mitigation strategies consistent with UVA Health standards.
  • Act as a subject matter expert and trusted advisor for security awareness, human‑centric risk, and governance topics across the health system.
  • Influence without authority by partnering with clinical, operational, academic, and administrative stakeholders.
  • Mentor junior staff or contribute expert guidance within cross‑functional initiatives as assigned.

Benefits

  • Medical, Dental, and Vision Insurance
  • Paid Time Off, Long-term and Short-term Disability, Retirement Savings
  • Health Saving Plans, and Flexible Spending Accounts
  • Certification and education support
  • Generous Paid Time Off
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service