Livingston HealthCare
Information Security Analyst
Livingston HealthCare, Livingston, Montana, United States, 59047
Responsible for monitoring, assessing, and enhancing the security posture of Livingston HealthCare’s information systems, networks, and data assets. This role ensures that the organization’s security controls, compliance obligations, and risk management practices align with healthcare regulatory requirements, industry frameworks, and internal security policies. The analyst collaborates with IT, clinical, administrative, and third-party partners to identify threats, respond to security incidents, and implement proactive measures to protect the confidentiality, integrity, and availability of systems supporting patient care.
Schedule:
1.0FTE (40 hours)
Mon-Fri
Occasional After-Hours or Weekend Work
Compensation:
$28.37/hr + DOE
Robust Benefits Package
ESSENTIAL FUNCTIONS, DUTIES, AND RESPONSIBILITIES: Security Monitoring and Incident Response
a. Monitor security tools, alerts, logs, and system events to identify potential threats or anomalous activity.
Lead or support security incident response activities, including triage, containment, eradication, recovery, documentation, and post-incident review.
Coordinate with internal teams and external partners (e.g., Microsoft 365, security vendors) to validate and remediate alerts.
Vulnerability and Risk Management
Conduct regular vulnerability scans, review results, and collaborate with system owners to prioritize remediation.
Maintain vulnerability management processes and track remediation activities across enterprise assets.
Support risk assessments, control evaluations, and mitigation planning.
Governance, Compliance, and Policy Support
Assist in maintaining compliance with regulatory standards including HIPAA and HiTech.
Contribute to the development, review, and enforcement of information security policies, procedures, and standards.
Participate in internal and external audits by providing evidence, documentation, and technical explanations.
Secure System and Application Lifecycle Support
Review new software, devices, integrations, and cloud services for security risks prior to implementation.
Assess vendor security posture and ensure appropriate safeguards in Business Associate Agreements.
Support configuration hardening, endpoint security, and secure deployment practices.
Identity, Access, and Data Protection
Assist with administration and review of identity and access controls across systems, including Microsoft 365 and on-premises resources.
Support data loss prevention (DLP), email security, encryption, and privileged access management efforts.
Monitor access logs and conduct periodic access audits.
Security Awareness and Training
Contribute to the development and delivery of security awareness programs, phishing simulations, and targeted training initiatives.
Provide guidance to staff on secure practices and emerging threats.
Operational and Technical Support
Assist with deployment and management of enterprise security tools such as EDR, SIEM, DLP, vulnerability scanners, and MFA solutions.
Maintain security documentation, asset inventories, and operational records.
Collaborate with IT Operations on patch management, endpoint configuration, and network security improvements.
Supports other duties as assigned ADDITIONAL RESPONSIBILITIES:
Assists with the production of accurate and timely Information Security risk exposure reports.
Facilitates the preparation of the annual Security Risk Assessment.
Maintains professional and technical knowledge in field of expertise.
Ensures that newly proposed Information Technology complies with Information Security requirements
QUALIFICATIONS (Required):
Bachelor’s degree in Information Security, Information Technology, Computer Science, or related field; or equivalent combination of education and experience.
Minimum 2–4 years of experience in information security, IT infrastructure, or system administration roles; healthcare experience preferred.
Working knowledge of cybersecurity principles, security operations, and threat landscapes.
Familiarity with HIPAA Security Rule, and healthcare regulatory environments.
Hands-on experience with tools such as EDR/XDR, SIEM, vulnerability scanners, and Microsoft 365 security capabilities.
Strong analytical, investigative, and technical problem-solving skills.
Ability to communicate security concepts clearly to both technical and non-technical audiences.
Ability to manage competing priorities and adapt to rapidly changing threats
ADDITIONAL DESIRABLE QUALIFICATIONS:
Security-related certifications such as Security+, CySA+, SSCP, CEH, or similar.
Higher-level certifications (e.g., CISSP, CISM) are advantageous but not required.
#J-18808-Ljbffr
Schedule:
1.0FTE (40 hours)
Mon-Fri
Occasional After-Hours or Weekend Work
Compensation:
$28.37/hr + DOE
Robust Benefits Package
ESSENTIAL FUNCTIONS, DUTIES, AND RESPONSIBILITIES: Security Monitoring and Incident Response
a. Monitor security tools, alerts, logs, and system events to identify potential threats or anomalous activity.
Lead or support security incident response activities, including triage, containment, eradication, recovery, documentation, and post-incident review.
Coordinate with internal teams and external partners (e.g., Microsoft 365, security vendors) to validate and remediate alerts.
Vulnerability and Risk Management
Conduct regular vulnerability scans, review results, and collaborate with system owners to prioritize remediation.
Maintain vulnerability management processes and track remediation activities across enterprise assets.
Support risk assessments, control evaluations, and mitigation planning.
Governance, Compliance, and Policy Support
Assist in maintaining compliance with regulatory standards including HIPAA and HiTech.
Contribute to the development, review, and enforcement of information security policies, procedures, and standards.
Participate in internal and external audits by providing evidence, documentation, and technical explanations.
Secure System and Application Lifecycle Support
Review new software, devices, integrations, and cloud services for security risks prior to implementation.
Assess vendor security posture and ensure appropriate safeguards in Business Associate Agreements.
Support configuration hardening, endpoint security, and secure deployment practices.
Identity, Access, and Data Protection
Assist with administration and review of identity and access controls across systems, including Microsoft 365 and on-premises resources.
Support data loss prevention (DLP), email security, encryption, and privileged access management efforts.
Monitor access logs and conduct periodic access audits.
Security Awareness and Training
Contribute to the development and delivery of security awareness programs, phishing simulations, and targeted training initiatives.
Provide guidance to staff on secure practices and emerging threats.
Operational and Technical Support
Assist with deployment and management of enterprise security tools such as EDR, SIEM, DLP, vulnerability scanners, and MFA solutions.
Maintain security documentation, asset inventories, and operational records.
Collaborate with IT Operations on patch management, endpoint configuration, and network security improvements.
Supports other duties as assigned ADDITIONAL RESPONSIBILITIES:
Assists with the production of accurate and timely Information Security risk exposure reports.
Facilitates the preparation of the annual Security Risk Assessment.
Maintains professional and technical knowledge in field of expertise.
Ensures that newly proposed Information Technology complies with Information Security requirements
QUALIFICATIONS (Required):
Bachelor’s degree in Information Security, Information Technology, Computer Science, or related field; or equivalent combination of education and experience.
Minimum 2–4 years of experience in information security, IT infrastructure, or system administration roles; healthcare experience preferred.
Working knowledge of cybersecurity principles, security operations, and threat landscapes.
Familiarity with HIPAA Security Rule, and healthcare regulatory environments.
Hands-on experience with tools such as EDR/XDR, SIEM, vulnerability scanners, and Microsoft 365 security capabilities.
Strong analytical, investigative, and technical problem-solving skills.
Ability to communicate security concepts clearly to both technical and non-technical audiences.
Ability to manage competing priorities and adapt to rapidly changing threats
ADDITIONAL DESIRABLE QUALIFICATIONS:
Security-related certifications such as Security+, CySA+, SSCP, CEH, or similar.
Higher-level certifications (e.g., CISSP, CISM) are advantageous but not required.
#J-18808-Ljbffr