DESCRIPTION OF POSITION
The Information Security Analyst plays a key role in supporting and enhancing Morris Hospital Healthcare Centers (MHHC) Information Security Compliance Program. Working closely with the Manager of Information Security and Access Control, this role is responsible for conducting security compliance reviews across business, clinical, and infrastructure environments, as well as performing security risk assessments for both internal and external information assets. The analyst also contributes to MHHCs incident response and digital forensics efforts, helping ensure the confidentiality, integrity, and availability of enterprise information resources. This position provides actionable recommendations that balance cybersecurity risks with business objectives, enabling the organization to operate securely and effectively. Additionally, the analyst helps strengthen MHHCs overall security posture to support evolving business and clinical needs.
QUALIFICATIONS
Professional/Educational
With Bachelors Degree: 3-5+ years of experience in computing and information security, including experience with Internet technology security issues. With Associates Degree: 5-7+ years of experience in computing and information security, including experience with Internet technology security issues. With High School Diploma: 7-10+ years of experience in computing and information security, including experience with Internet technology security issues.
Experience should include demonstrated proficiency in:
• Security policy and framework development (NIST CSF, CIS Controls, etc.) • Security Awareness program support and education • Network and application vulnerability assessments • Penetration testing and remediation • Risk analysis, regulatory audit readiness, and compliance testing • Incident response and digital forensics processes
Strong proven experience with security technologies including but not limited to:
• IPS, SIEM, Web and Email Gateways, DLP solutions, Firewalls (network and application), EDR/MDR platforms, MDM, forensic toolkits, vulnerability scanning tools and log analysis platforms.
Background supporting or operating within 24/7 enterprise or mission critical environments. Healthcare cybersecurity experience strongly preferred, including familiarity with:
• Health Insurance Portability and Accountability Act security rule and HITECH PHI protection requirements • EHR systems, clinical workflows, and medical device security • OCR audit expectations and healthier care threat vectors (e.g. ransomware, downtime procedures)
Formal information security certifications preferred (i.e. CISSP, Security+, CISM, OSCP, etc.). Willingness to pursue cybersecurity certification within two years of hiring.
Solid project management skills and substantial exposure to project-based work structures, project lifecycle models, etc.
Strong leadership, communication, and collaboration skills with the ability to influence organizational culture, guide technical stakeholders, and drive security improvement initiatives independently.
Personal
Works effectively with others, possessing tact, discretion and diplomacy. Exhibits a positive, service-oriented attitude. Organized and able to handle multiple priorities. Possesses ability to work under pressure. Demonstrates leadership and teaching ability. Excellent oral and written communication skills and attention to detail.
ACTUAL PAY AND BENEFITS
Actual pay will be determined by qualifications, experience, and internal equity. Morris Hospital Healthcare Centers offers a comprehensive benefit package including:
• Medical, dental, vision plans • Paid time off • Retirement plan, including immediate 100% vesting • Life insurance • Disability coverage • Nurse residency program • Wellness program • Health club / gym membership reimbursement • Reward and recognition programs • Tuition Reimbursement • Employee Assistance Program