Asian Health Services, founded in 1974, provides health, social, and advocacy services for all regardless of income, insurance status, immigration status, language, or culture. Our approach to wellbeing focuses on “whole patient health,” which is why we provide more than primary care services, including mental health, case management, nutrition, and dental care to more than 50,000 patients in English and 15 languages: Korean, Lao, Burmese, Mandarin, Cantonese, Spanish, Portuguese, French, Mien, Karen, Mongolian, Karenni, Tagalog, Khmer, and Vietnamese. We offer medical, dental, and mental health services for all ages.
Job Summary: This position plays a critical role to oversee Cybersecurity processes in a healthcare setting and produce appropriate security response and outcomes which are HIPAA compliant within an overall agency-wide cybersecurity program. Under general direction of the IT Director, the Cybersecurity Analyst is responsible for protecting an organization’s computer systems, networks, and data from security breaches and cyber threats. Their role also includes education and overseeing organization-wide cyber related trainings/education, such as monthly phishing campaigns. This role will be based in the IT department and also interact with IS Department regarding technology systems, cybersecurity tools and data with a focus on problem solving, cybersecurity analysis, detection, response and reporting utilizing cybersecurity analysis tools within a context of health information systems and standards, operational objectives, and with a goal of continuously improving AHS’ cybersecurity posture. This role collaborates with other disciplines and works at a cybersecurity systems level utilizing one’s abilities to problem solve.
Cybersecurity Management
- Conduct Security Audits
- Monitor Security Access to track, document and report security breaches
- Responsible for conducting cybersecurity-related incident investigations and threat analysis against external threat actors
- Develop and document IT tactics and procedures to mitigate risk from emerging threats and reduce attack vectors
- Research, recommend, evaluate, and implement cybersecurity solutions that identify and/or protect against potential threats with multi-departmental teams and cross-discipline expertise utilizing off-the-shelf and custom-built utilities where applicable
- Resolves complex cybersecurity issues and tracks through internal ticketing and project management systems
- Create, plan, and implement cybersecurity, incident response, and disaster recovery policies that best fit the organization’s environment and capabilities utilizing NIST and CISA guidelines
- Research and demonstrate new cybersecurity tools for the organization, including functions with AI and automated features.
- Perform system security administration on designated technology platforms, including operating systems, applications, and network security devices, under defined policies, standards, and procedures of the organization, as well as with industry best practices and vendor guidelines
- Evaluate scans, logs, and alerts from various sources such as Microsoft 365, Barracuda Email Gateway KnowBe4, and SentinelOne to pinpoint key critical vulnerabilities and apply corrective actions
- Collaborate with relevant contractors and other internal and external stakeholders
- Other duties as assigned by supervisor
Communication
- Communicate daily with the IT Director and regularly provides reports and status to the Chief Administrative Officer, other stakeholders, and operational leadership as appropriate
- Serve as a trusted partner working with staff to analyze needs and develop cross-functional solutions to enhance AHS’ cybersecurity posture, improve cybersecurity processes, detection, response, and reporting
- Other duties as assigned by supervisor
User Training
- Identifies, assesses and analyzes user training needs; develops IT training programs and materials; facilitates routine user trainings as needed
- Works in conjunction with the HR department, develops, updates and facilitates IT onboarding and off-boarding processes and procedures for new employees to align with AHS policies and guidelines.
Administrative Duties
- Meet regularly with the Information Technology department to discuss issues, project and future planning; Attends meetings and represents the IT department on committees as necessary including but not limited to IT/IS weekly meeting and monthly HIPAA Meeting
- Advise in AHS’ infrastructure systems, Business Continuity Plan and Contingency Plan by creating redundant systems, quality control measures, security review, testing and documentation.
- Generates reports related to cybersecurity education, monthly testing and trends in cybersecurity related incidents
- May also received other duties as assigned.
General Agency/AHS Duties
- Provides highest quality of customer service in accordance with the agency’s Guide to Service Excellence and Corporate Compliance Plan
- Foster an environment that promotes trust and cooperation among patients and staff
- Enforce clinic policies and procedures, including maintenance of patient confidentiality, to ensure that the principles of AHS are implemented
- Attend AHS general membership meetings, fundraisers, and other public events as required
- Participate in outreach activities, agency advocacy, and serve on ad hoc committees, as requested
- Attend AHS staff retreats
Minimum Qualifications
- Commitment to public health care services and mission of the community health care clinics
- Bachelor’s degree with equivalent experience; minimum 3-5 years of cybersecurity related experience and /or health care experience; or equivalent combination of degree in progress and pertinent healthcare experience
- Experience and understand project management with a focus on cybersecurity-related domains
- Excellent interpersonal & behavioral skills to liaison with other team members, departments, and external organizations.
- Demonstrate ability to identify and understand problems, work collaboratively with team to bring to resolution, and balance when to escalate issues in order to meet project timelines.
- Must have an up-to-date working knowledge of current cybersecurity processes, detection, and response procedures
- Demonstrate ability to work effectively with cross-functional staff, including IT, other project managers; multiple levels of leadership, business partners, and vendors.
Preferred Qualifications
- Familiarity with cybersecurity analysis platforms
- Familiarity with EHRs e.g. Epic, Dentrix is a plus, with preference given to candidates with additional experience in current state-of-the-art systems for Pharmacy, Lab systems, Optometry, and Behavioral Health (IBH and Specialty)
- Knowledge of Cybersecurity Analysis, processes, and tools and reporting
- Knowledge of operating principles, methods and limitations of cybersecurity processes tools, equipment, and software
Benefits:
Medical, Dental & Vision premiums 100% paid by AHS
Acupuncture & Chiropractic coverage
12 Vacation Days
12 Sick Days
12 Holidays + 3 Floating Holidays
3% 403(b) Employer Contribution + up to 2% Employee Match
Commuter Benefits
Flexible Spending Account (FSA) & Dependent Care Assistance
Long-Term Disability Insurance
