Information Security Analyst

Job Description

Job DescriptionSalary:

Title: Information Security Analyst
Location: CA
Start Date - End Date: 10/13/2025 - 04/17/2026

Job Description:
Under general direction, this position:
Analyzes information security practices to ensure alignment with industry standards
and guidelines.
Identifies, investigates, and resolves security breaches detected by security
solutions.
Contributes to the creation and maintenance of security policies, standards,
guidelines, and procedures.
Leads and delivers staff training on information security and breach prevention.

What You Will Do:
Staying current on information security trends, news and security standards,
especially those related to the healthcare industry
Participating in the development of security standards and best practices for the
organization
Participating in the evaluation, design and implementation of new information
security solutions to protect the organization's computer networks from cyber
attacks
Assessing the efficacy of existing security measures and processes to ensure that
these measures and processes meet Health Insurance Portability and
Accountability Act (HIPAA) and Federal Information System Controls Audit Manual
(FISCAM) security standards and making recommendations for improvement
Recommending security enhancements to management and senior ITS staff
Analyzing software and systems requirements and providing objective advice on the
level of security risks and remediation options
Monitoring computer networks for security issues in order to reduce the risk of
security incidents
Leading investigation of security breaches and other cyber security incidents in
collaboration with the Information Security Manager and the infrastructure team
Documenting security breaches and assessing the damage caused
Collaborating with the infrastructure team to ensure security measures and
software to protect systems and information infrastructure, including firewalls and
data encryption programs, are up to date
Conducting system vulnerability audits and assessments on a proactive basis and
collaborating with the infrastructure team to perform tests and uncover network
vulnerabilities
Managing efforts with vendors on annual security audit, including pen testing
Assisting with developing and documenting preventive measures to ensure system
security
Staying informed of best practices and new developments in the field, analyzing
applicability, making related recommendations, and developing written
documentation of adopted practices
Documenting computer security procedures, and tests
Assisting with the development of policies, procedures, standards, and guidelines
related to information security
Developing information, training materials and presentations to educate the
organization about information security management, data security, and prevention
of breaches
Assisting staff with the installation and utilization of new security products and
procedures
Conferring with staff regarding issues such as computer data access needs,
security violations, and programming changes
Monitoring systems and providing frequent training to staff regarding how to detect
and avoid phishing attempts
Reviewing any violations of security procedures and providing remedial training to
staff, as needed
Performs other duties as assigned

You Will Be Successful If:
In-depth knowledge of HIPAA and FISCAM security guidelines.
Strong understanding of firewalls, proxies, SIEM, antivirus, and IDPS concepts.
Proficiency with operating systems, virtualization, and security systems.
High proficiency in Windows-based PC systems and Microsoft Office Suite.
Working knowledge of penetration testing, patch management, and security
frameworks (NIST, ISO 27001, COBIT).
Familiarity with project management principles and customer service practices.
Awareness of emerging security technologies such as AI, IoT, and blockchain.
Strong analytical, problem-solving, and decision-making skills.
Clear and concise writing and communication skills, with ability to present
technical content to non-technical audiences.
Experience creating training materials and leading staff training.
Ability to manage multiple priorities, meet deadlines, and adapt to shifting needs.
Leadership ability to facilitate meetings, resolve issues, and guide staff.
Strong collaboration skills and diplomacy across teams and levels of the
organization.
Willingness to respond to after-hours information security incidents.

What You Will Bring:
Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field.
8 years of professional level information technology experience
3 years of experience performing information security functions in a health care environment (a Master?s degree may substitute for two years of the required
experience); or an equivalent combination of education and experience may be
qualifying
Experience working in the health care industry
Certification as a Certified Information Systems Security Professional (CISSP)
issued by the International Information System Security Certification Consortium
(ISC2), Certified Information Security Manager (CISM) issued by the Information
Systems Audit and Control Association (ISACA), and/or Certified Ethical Hacker
(CEH) issued by the Council of E-commerce Consultants (EC-Council), or
equivalent