- Professional
- Optionales Büro in Bend
This position comes with a comprehensive benefits package that includes medical, dental, vision, a 403(b) retirement plan, and a generous Earned Time Off (ETO) program.
ST. CHARLES HEALTH SYSTEM
JOB DESCRIPTION
TITLE: Cybersecurity Analyst III
REPORTS TO POSITION: Manager, Security Operations
DEPARTMENT: Information Technology
DATE LAST REVIEWED: October 2025
OUR VISION: Creating America’s healthiest community, together
OUR MISSION: In the spirit of love and compassion, better health, better care, better value
OUR VALUES: Accountability, Caring and Teamwork
DEPARTMENT SUMMARY: The Information Technology department helps improve the work of our caregivers by providing efficient and reliable platforms, comprehensive training, and stellar customer service. We do this by taking pride in the integrity of our workflows, data security, and training delivery. We partner with our customers to leverage various technologies to achieve the best patient outcomes possible by implementing new hardware and software solutions, upgrading existing environments, protecting the data we store, and integrating different solutions to achieve a seamless experience.
POSITION OVERVIEW: The Cybersecurity Analyst III plays a key role in protecting St. Charles Health System (SCHS) by supporting cyber incident response, coordinating vulnerability management, and managing security awareness and education initiatives. This position supports cyber incident response activities, assisting with investigations, triage, containment, and recovery activities. The analyst leads vulnerability management efforts across the health system as well as the awareness & education program to help caregivers understand and fulfill their security responsibilities.
By connecting operational insights to communication and prevention efforts, this role strengthens SCHS’s overall cyber resilience and promotes a proactive security culture.
ESSENTIAL FUNCTIONS AND DUTIES:
Security Awareness & Education
Lead the Awareness & Education program to design and deliver security training and communications based on real-world incidents and vulnerabilities.
Administer phishing simulations, campaigns, and targeted education for high-risk departments.
Provide follow-up coaching or departmental briefings to reinforce lessons learned from incidents.
Vulnerability Management
Coordinate the health system’s vulnerability management process across hospitals, clinics, and business units.
Oversee scanning, prioritization, and remediation tracking using vulnerability management tools.
Collaborate with IT, Infrastructure, and Application teams to validate timely remediation of critical and high-risk findings.
Cyber Incident Response
Support cyber incident response activities, as needed, during investigations, containment, and recovery.
Support the analysis of alerts and incidents across core security tools and other telemetry sources.
Provide coverage during absences, after-hours events, or major incidents.
Collaboration & Continuous Improvement
Collaborate with IS&T, Privacy, and Compliance teams to align response and remediation efforts with policy and regulatory requirements.
Provide mentorship and technical guidance to other cybersecurity and IS&T caregivers.
Support continuous improvement by integrating lessons learned into operational and awareness practices.
This position does not directly manage any other caregivers.
Supports the vision, mission and values of the organization in all respects.
Supports the Lean principles of continuous improvement with energy and enthusiasm, functioning as a champion of change.
Provides and maintains a safe environment for caregivers, patients and guests.
Conducts all activities with the highest standards of professionalism and confidentiality. Complies with all applicable laws, regulations, policies and procedures, supporting the organization’s corporate integrity efforts by acting in an ethical and appropriate manner, reporting known or suspected violation of applicable rules, and cooperating fully with all organizational investigations and proceedings.
Delivers customer service and/or patient care in a manner that promotes goodwill, is timely, efficient and accurate.
May perform additional duties of similar complexity within the organization, as required or assigned.
EDUCATION:
Required: Bachelor’s degree in Information Security, Computer Science, or a related field; equivalent experience may be considered in lieu of degree.
Preferred: Master’s degree in Cybersecurity, Information Technology, or a related discipline.
LICENSURE/CERTIFICATION/REGISTRATION:
Required: One or more of the following certifications (or equivalent experience): CompTIA Security+, CompTIA CySA+, GIAC GSEC, Microsoft Security Operations Analyst Associate.
Preferred: Industry certifications such as GCIH, GCIA, CISSP, CEH, or equivalent.
EXPERIENCE:
Required: Minimum of 5 years of experience in at least one of the following areas: cybersecurity operations, incident response, vulnerability management, education, data management, or governance and compliance.
Preferred: Experience in healthcare or other regulated industries. Familiarity with HIPAA Security Rule, NIST 800-53 and related frameworks. Experience supporting or delivering cybersecurity awareness and education programs. Knowledge of cloud and hybrid environments, including Azure and Microsoft 365 security capabilities.
PERSONAL PROTECTIVE EQUIPMENT:
Must be able to wear appropriate Personal Protective Equipment (PPE) required to perform the job safely.
PHYSICAL REQUIREMENTS:
Continually (75% or more): Use of clear and audible speaking voice and the ability to hear normal speech level.
Frequently (50%): Sitting, standing, walking, lifting 1-10 pounds, keyboard operation.
Occasionally (25%): Bending, climbing stairs, reaching overhead, carrying/pushing or pulling 1-10 pounds, grasping/squeezing.
Rarely (10%): Stooping/kneeling/crouching, lifting, carrying, pushing or pulling 11-15 pounds, operation of a motor vehicle.
Never (0%): Climbing ladder/stepstool, lifting/carrying/pushing or pulling 25-50 pounds, ability to hear whispered speech level.
Exposure to Elemental Factors
Never (0%): Heat, cold, wet/slippery area, noise, dust, vibration, chemical solution, uneven surface.
Blood-Borne Pathogen (BBP) Exposure Category
No Risk for Exposure to BBP
Schedule Weekly Hours:
40Caregiver Type:
RegularShift:
Is Exempt Position?
YesJob Family:
SPECIALIST INFORMATION SECURITYScheduled Days of the Week:
Monday-FridayShift Start & End Time:
Flexible within core working hours Jetzt bewerben
