Information Security Analyst

About The Position

Requirements

• Associate or Bachelor’s degree in IT, Computer Science, or related field or equivalent.
• Minimum of one(1) to three (3) years of professional experience in information security, cybersecurity operations, or IT compliance.
• Demonstrated knowledge of, NYS OHIP, and HIPAA compliance frameworks.
• Proficiency with Microsoft 365 Security & Compliance Center, Azure Security Center, and Defender for Cloud.
• Experience with SIEM platforms (e.g., Microsoft Sentinel, Splunk, LogRhythm) and associated reporting functions.
• Familiarity with security incident response, vulnerability management, and risk assessment methodologies.
• Strong written and verbal communication skills, with the ability to produce audit-ready documentation and reports

Nice To Haves

• Professional certifications such as CompTIA Security+, CISSP, CCSK, Microsoft Certified: Security Operations Analyst Associate, or HITRUST CCSFP.
• Prior experience supporting compliance efforts within a public health, nonprofit, or governmental organization.

Responsibilities

• Support and maintain compliance with OHIP PM-17 standards, NYS security requirements, HITRUST CSF, and HIPAA regulations.
• Participate in internal and external security audits, assessments, and certification readiness efforts.
• Document and maintain evidence of compliance activities, corrective action plans, and remediation tracking.
• Assist in the periodic review and revision of information security policies, standards, and procedures.
• Monitor and respond to alerts generated through the organization’s SIEM and security monitoring platforms, in coordination with the SOC.
• Investigate, triage, and document security incidents and vulnerabilities in accordance with established escalation protocols.
• Prepare and distribute regular security and compliance reports to IT leadership.
• Administer and maintain controls within the Microsoft 365 Security & Compliance Center, including data loss prevention (DLP), auditing, retention, and threat protection.
• Implement and review Azure Cloud security configurations, including conditional access, identity protection, and secure baselines.
• Monitor privileged access and ensure adherence to least-privilege and separation-of-duties principles.
• Serve as a liaison with the SOC and external vendors for incident response, threat intelligence, and log management activities.
• Collaborate with infrastructure, application, and compliance teams to align security practices with organizational objectives.

Benefits

• Hybrid Work Schedule.
• Generous Paid Time Off and Holidays.
• An attractive and comprehensive benefits package including Medical, Dental and Vision.
• Flexible Spending Accounts and Commuter Benefits.
• Company Paid Life Insurance and Disability Coverage.
• 403(b) + employer matching and discretionary company contributions.
• College Savings Plan.
• Ongoing training and continuous opportunities for professional growth and development.