INFORMATION SECURITY ANALYST I

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a closely related field. In lieu of a bachelor's degree, six (6) years of direct I.T. experience, with four (4) of those years being direct cybersecurity experience.
• Minimum four (4) years of experience working in a security analyst or IT role with direct exposure to enterprise security systems, incident response, or compliance operations.
• Must possess a valid Driver’s License and maintain appropriate clearance while employed.
• Must be able to successfully pass the Employee Health Program requirements and background investigation.
• Strong understanding of information security principles, technologies, and frameworks.
• Familiarity with SIEM platforms, DLP tools, and endpoint protection systems.
• Working knowledge of on-premises and cloud-based network security environments.
• Experience supporting security metrics and documentation for audits or compliance.
• Knowledge of networking fundamentals (TCP/IP, VLANs, VPNs).
• Ability to manage multiple tasks and document findings clearly and accurately.
• Ability to support hospital security initiatives in a hands-on and process-focused capacity.
• Excellent analytical, problem-solving, and organizational skills.
• Ability to communicate clearly with technical and non-technical staff.
• Ability to work independently and collaboratively within a team.
• Ability to maintain confidentiality of sensitive data and follow HIPAA and HITECH standards.
• Ability to communicate effectively in the English language, both verbally and in writing.

Nice To Haves

• Certifications such as CompTIA Security+, CySA+, Cisco Certified Network Associate (CCNA), Microsoft SC-900, or similar are preferred at hire and required within 6 to 12 months of employment.
• Hospital or healthcare-related IT experience preferred.
• Ability to speak the Navajo language and/or familiarity with the Navajo Way is strongly preferred.

Responsibilities

• Assist in the monitoring and investigation of security alerts through SIEM, endpoint protection, and email security systems.
• Support ongoing cybersecurity risk tracking and remediation coordination.
• Assist with maintaining risk registers, exception tracking, and corrective action plans.
• Assist with third-party security reviews, access reviews, and documentation related to vendor risk.
• Support cybersecurity due diligence for systems accessing sensitive data.
• Support internal audits, risk assessments, and policy compliance tracking activities.
• Assist in defining, maintaining, and improving cybersecurity performance metrics used for leadership reporting.
• Support secure handling, transmission, and storage of sensitive data in accordance with hospital data classification and protection standards.
• Assist in the development of metrics and documentation for cybersecurity reporting and executive summaries.
• Draft and maintain incident response documentation, audit logs, and post-incident reviews.
• Collaborate with the Cybersecurity Manager to coordinate technical response and communication during incidents.
• Assist in tracking security findings, remediation actions, and corrective measures through to resolution.
• Support DLP configuration reviews and tuning outbound email filtering policies.
• Assist in the planning and implementation of Privileged Access Management (PAM) controls and reviews.
• Assist with Cisco Umbrella alert management and DNS security monitoring.
• Analyze trends in endpoint security and assist in security software development.
• Support Meditech (or EHR) access privilege management and coordination with clinical access requests.
• Participate in tabletop exercises, internal training, and cybersecurity awareness campaigns.
• Ensure compliance with HIPAA, HITECH, and other federal and industry security requirements.
• Complete mandatory cybersecurity training, including HIPAA/HITECH security awareness, annual tabletop participation, and basic compliance modules.
• Participate in continuous security training and certifications aligned with departmental priorities.
• Support the ongoing development and maturation of the hospital’s cybersecurity program.
• Perform other duties as assigned to support hospital cybersecurity goals.