Senior Information Security Analyst - Cloud and AI Security

UHS•Tredyffrin Township, PA

About The Position

One of the nation’s largest and most respected providers of hospital and healthcare services, Universal Health Services, Inc. (UHS) has built an impressive record of achievement and performance. Growing steadily since its inception into an esteemed Fortune 500® corporation, annual revenues during 2025 were $17.4 billion. In 2026, UHS was again recognized as one of Fortune World’s Most Admired Companies™ and in 2025, was listed in Forbes ranking of America’s Largest Public Companies. Headquartered in King of Prussia, PA, UHS has approximately 101,500 employees and continues to grow through its subsidiaries. Operating acute care hospitals, behavioral health facilities, outpatient facilities and ambulatory care access points, an insurance offering, a physician network and various related services located in 40 U.S. states, Washington, D.C., Puerto Rico and the United Kingdom. For additional information visit www.uhs.com. The Corporate Information Services Department is seeking a dynamic and talented Sr. Information Security Analyst – Cloud & AI Security. As a key member of our collaborative Cybersecurity team, the Senior Information Security Analyst will play a critical role in safeguarding UHS and affiliates information systems. In this role, you will be responsible for identifying, assessing, and mitigating security vulnerabilities in our applications, guiding secure development practices, and collaborating with development teams to embed security throughout the software development lifecycle (SDLC). Oversees the technical aspects of tasks assigned to less experienced staff or contractors on projects, systems or applications assigned. Adheres to UHS standards of service excellence, professionalism, and integrity while performing duties.

Requirements

Bachelor’s degree in Information Systems, Security and Risk Management, Computer Science, Cybersecurity, or 10+ years of increasing technical IT experience along with professional certifications (CISSP, CompTIA Security+, AZ-500) may be substituted in lieu of bachelor’s degree.
Minimum 5-8 experience within the cybersecurity field.
Knowledge of at least one major cloud platform core components and basic architecture (AWS, Azure, or Google Cloud) and their shared security model.
Understanding of Identity and Access Management (IAM), Role-Based Access Control (RBAC), multi-factor authentication and least-privilege principles in the cloud.
Exposure to OWASP Top 10 and MITRE frameworks.
Foundational understanding of the AI/ML lifecycle and security basics.
Exposure to the DREAD or STRIDE threat modeling frameworks.
Desire to grow security knowledge in cloud and AI systems.
Strong analytical and problem-solving abilities with a security-first mindset.
Eagerness to learn rapidly in a fast-evolving field (Cloud and AI change quickly).
Familiarity with risk assessment and risk management concepts or processes.
Working knowledge of various regulatory security requirements – particularly Sarbanes-Oxley (SOX), HIPAA, and HITECH.
Working knowledge of common cyber security frameworks such as HITRUST, NIST, CSC20, or others.
Able to plan, organize, manage and execute projects, working with other technical staff, to implement cyber and information security technologies or processes.
Able to prioritize multiple tasks and be detail oriented.
Excellent communication, interpersonal and project management skills
Travel Requirements: at least 10 % US travel to field locations may be necessary to complete assigned projects.

Nice To Haves

An information security certification is a plus -- to demonstrate proficiency and knowledge of information security best practices and concepts.

Responsibilities

Assists with the design and architecture of Cloud and Artificial Intelligence information security technologies within guidelines of policies, accepted best practices, and in keeping with good project management principles.
Periodically reviews deployed security technologies to ensure that the solutions continue to provide the intended protection efficiently and effectively.
Provides input to UHS Security Standards and Policies.
Provides input into the Third-Party Security Architecture Reviews.
Identifies gaps in protection and recommends solutions to remediate or mitigate the risks associated with the protection gaps.
Document findings and assist in creating reports and metrics for technical and non-technical audiences.
Stay current on the latest cloud and AI security trends.
Works with staff at all levels in the organization, vendors and contractors to ensure protections are effective, efficient and non-disruptive to the appropriate duties, rights and mission of the individuals and the organization(s).
Willing to grow into a subject matter expert (SME) for at least one technology or process and guides the efforts of 1-3 less experienced staff who assist with the assigned technology or process.
Monitors the resolution of maintenance or enhancement issues assigned by the UHS Customer Support Center.