CYBERSECURITY ANALYST

Under the general supervision of the Vice President of IT Services, the Cybersecurity Analyst ensures that DWIHN IT systems and processes comply with regulatory requirements and industry security standards.

PRINCIPAL DUTIES AND RESPONSBILITIES:

• Ensures that DWIHN IT systems and processes comply with regulatory requirements and industry security standards.
• Creates, implements and administers security policies and procedures.
• Provides response to security incidents.
• Provides security training.
• Mitigates risks, ensures data protection, manages audits, and reports compliance status to stakeholders.
• Ensures compliance with HIPAA (Health Insurance Portability and Accountability Act) regulations and other applicable state and federal laws governing patient data privacy and security.
• Conducts periodic risk assessments to identify potential vulnerabilities in systems and processes, recommending appropriate corrective actions.
• Assists in auditing internal systems, networks, and processes to ensure compliance with IT security policies and regulatory requirements.
• Participates in the development, documentation, and implementation of IT policies, procedures, and security controls to protect sensitive information.
• Collaborates with internal stakeholders to maintain and update the organization's Business Continuity Plan and Disaster Recovery Plan, ensuring compliance with legal and regulatory requirements.
• Conducts security control assessments and baseline testing on existing and new IT assets.
• Monitors security systems (firewalls, intrusion detection/prevention systems, etc.) for unusual activity, reports findings, and assists in incident investigations.
• Supports the incident response process, including identifying, containing, and resolving security breaches or policy violations.
• Assists in reviewing and responding to security alerts and incidents in a timely manner, ensuring adherence to response protocols.
• Conducts security awareness training for staff to ensure they understand and comply with organizational policies regarding data privacy and security.
• Maintains detailed and accurate compliance documentation, including risk assessments, audit logs, and incident reports.
• Reviews IT Asset inventory records for required compliance, Data classification, and Destruction.
• Prepares compliance reports for management, regulatory agencies, and external auditors as required.
• Assists in the preparation for internal and external audits related to IT security and compliance.
• Tracks and follows up on any corrective action plans resulting from audits or assessments.
• Works with the IT and legal teams to assess the impact of new technologies, services, or business processes on IT security and compliance.
• Researches HIPAA regulations, industry best practices, and emerging threats in IT security and implements research findings.
• Identifies opportunities for process improvements and assists in the implementation of updated practices that enhance the security and compliance posture of the organization.

• Performs related duties as assigned.

   

KNOWLEDGE, SKILLS AND ABILITIES (KSA'S):

Knowledge of DWIHN policies, procedures, and practices.

Knowledge of the DWIHN provider network and community resources.

Knowledge of systems and process design.

Knowledge of Cybersecurity principles and practices.

Knowledge of IT Compliance principles and practices.

Knowledge of HIPAA (Health Insurance Portability and Accountability Act) regulations and other applicable state and federal laws governing patient data privacy and security

Knowledge of Business Con