Cybersecurity Analyst in Lompoc, California at Lompoc Valley Medical Center

Salary Range: $39.06 - $53.85

Pay rates are determined based on experience and internal equity.

Position Summary:

• The Cybersecurity Analyst reports to the Director of Information Systems.
• Responsible for supporting information security operations including vulnerability scanning, security monitoring, incident response support, compliance documentation, and access reviews.
• Performs assigned security tasks within established procedures and escalates findings to the as appropriate.
• Works effectively under deadlines and maintains professional, respectful working relationships with patients, families, medical and nursing staff, and co-workers.

District Responsibility:

• Supports the District mission and values.
• Demonstrates respect, professionalism and courtesy to all patients, visitors, other providers and co-workers, as delineated in the LVMC “Commitment to Care”.
• Constantly use C-I-CARE principles when communicating with others.
• Participates in performance improvement activities.
• Engages in ongoing professional development.

Position Duties/Responsibility:

• Perform recurring vulnerability scans across servers, endpoints, and network infrastructure; document findings and escalate for remediation coordination.
• Track remediation status from security risk assessments and audit findings in the risk register; flag overdue items for follow-up.
• Support security incident documentation including privacy breaches, unauthorized access, malware detections, and phishing events.
• Assist with periodic access reviews across clinical and administrative systems including EHR, practice management, and Active Directory; document findings and submit for evaluation.
• Monitor security tooling for alerts; perform initial triage and escalate per established incident response procedures.
• Assist with vendor risk documentation including tracking BAA status and supporting security questionnaire completion as directed.
• Administer and monitor Microsoft 365 tenant security.
• Participate in disaster response and incident response activations as assigned, including ransomware response team duties.
• Support HIPAA Security Rule compliance activities including audit control documentation, patch management tracking, and encryption validation as directed.
• Perform other duties as assigned.

Position Qualifications:

• Education: Associate's degree in information technology, cybersecurity, or related field, or equivalent combination of education and experience. Bachelor's degree preferred.
• Experience: Minimum three years in information technology in a hands-on technical role. Prior exposure to security tools, compliance activities, or security operations preferred. Healthcare IT experience preferred.
• Certifications: CompTIA Security+ or equivalent required.
• Skills/Ability:
  • Strong communication skills, both written and verbal, with the ability to convey technical security concepts to non-technical audiences.
  • Knowledge of state and federal regulations including HIPAA Security Rule, HIPAA Privacy Rule, and California health data privacy requirements.
  • Safety requirements including safe handling and protection of sensitive data, PHI, and security findings.
  • Quality improvement principles applied to information security processes and incident reduction.
  • Maintain records in an organized manner, including incident documentation, vulnerability tracking, risk register entries, and compliance evidence that must withstand regulatory scrutiny.
  • Maintain the department's CMS and California state accreditation requirements related to information security and data protection.
  • Establishes and maintains effective, positive working relations with departmental employees, hospital staff, medical staff and patients.
  • Assures safe practices and techniques are used in the department, including secure handling of credentials, access controls, and endpoint protection.
  • Communicates policies to hospital employees including security awareness, acceptable use, and incident reporting procedures.
• LVMC reserves the right to modify the minimum requirements depending on the needs of the organization.