INFORMATION SECURITY ANALYST I

About the position Under the direct supervision of the Cybersecurity Manager, the Information Security Analyst plays a critical role in supporting cybersecurity operations, compliance monitoring, and data protection initiatives in a hospital-oriented computer information systems (CIS) environment. This role blends hands-on tool usage with strategic process development. The analyst will assist with SIEM alert reviews, internal investigations, audit tracking, metrics reporting, and regulatory compliance efforts. This position is intended to grow into a more senior cybersecurity role as the program evolves. This list of duties and responsibilities is illustrative only of the tasks performed by this position and is not all-inclusive.

Responsibilities

• Assist in the monitoring and investigation of security alerts through SIEM, endpoint protection, and email security systems.
• Support ongoing cybersecurity risk tracking and remediation coordination.
• Assist with maintaining risk registers, exception tracking, and corrective action plans.
• Assist with third-party security reviews, access reviews, and documentation related to vendor risk.
• Support cybersecurity due diligence for systems accessing sensitive data.
• Support internal audits, risk assessments, and policy compliance tracking activities.
• Assist in defining, maintaining, and improving cybersecurity performance metrics used for leadership reporting.
• Support secure handling, transmission, and storage of sensitive data in accordance with hospital data classification and protection standards.
• Assist in the development of metrics and documentation for cybersecurity reporting and executive summaries.
• Draft and maintain incident response documentation, audit logs, and post-incident reviews.
• Collaborate with the Cybersecurity Manager to coordinate technical response and communication during incidents.
• Assist in tracking security findings, remediation actions, and corrective measures through to resolution.
• Support DLP configuration reviews and tuning outbound email filtering policies.
• Assist in the planning and implementation of Privileged Access Management (PAM) controls and reviews.
• Assist with Cisco Umbrella alert management and DNS security monitoring.
• Analyze trends in endpoint security and assist in security software development.
• Support Meditech (or EHR) access privilege management and coordination with clinical access requests.
• Participate in tabletop exercises, internal training, and cybersecurity awareness campaigns.
• Ensure compliance with HIPAA, HITECH, and other federal and industry security requirements.
• Complete mandatory cybersecurity training, including HIPAA/HITECH security awareness, annual tabletop participation, and basic compliance modules.
• Participate in continuous security training and certifications aligned with departmental priorities.
• Support the ongoing development and maturation of the hospital’s cybersecurity program.
• Perform other duties as assigned to support hospital cybersecurity goals.

Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a closely related field. In lieu of a bachelor's degree, six (6) years of direct I.T. experience, with four (4) of those years being direct cybersecurity experience.
• Minimum four (4) years of experience working in a security analyst or IT role with direct exposure to enterprise security systems, incident response, or compliance operations.
• Must possess a valid Driver’s License and maintain appropriate clearance while employed.
• Must be able to successfully pass the Employee Health Program requirements and background investigation.
• Strong understanding of information security principles, technologies, and frameworks.
• Familiarity with SIEM platforms, DLP tools, and endpoint protection systems.
• Working knowledge of on-premises and cloud-based network security environments.
• Experience supporting security metrics and documentation for audits or compliance.
• Knowledge of networking fundamentals (TCP/IP, VLANs, VPNs).
• Ability to manage multiple tasks and document findings clearly and accurately.
• Ability to support hospital security initiatives in a hands-on and process-focused capacity.
• Excellent analytical, problem-solving, and organizational skills.
• Ability to communicate clearly with technical and non-technical staff.
• Ability to work independently and collaboratively within a team.
• Ability to maintain confidentiality of sensitive data and follow HIPAA and HITECH standards.
• Ability to communicate effectively in the English language, both verbally and in writing.

Nice-to-haves

• Certifications such as CompTIA Security+, CySA+, Cisco Certified Network Associate (CCNA), Microsoft SC-900, or similar are preferred at hire and required within 6 to 12 months of employment.
• Hospital or healthcare-related IT experience preferred.
• Ability to speak the Navajo language and/or familiarity with the Navajo Way is strongly preferred.

Apply tot his job Apply To this Job