IT Cyber Security Analyst

Location:

Pay Range:

The IT Cyber Security Analyst safeguards AON's systems, data, and networks across corporate and clinic environments. This role proactively monitors threats, manages security tooling, drives vulnerability and risk reduction, supports regulatory compliance, and partners with IT and Clinic Operations to strengthen our cyber posture. The analyst also supports clinic acquisitions through security due diligence, on‑site assessments, and secure onboarding.

KPA 1 – Threat Detection, Monitoring, and Response (2025 Cyber Objective)

• Monitor and triage alerts across SIEM, EDR, email security, and network sensors; investigate and resolve incidents with timely escalation.

• Maintain/execute incident response playbooks and perform post‑incident reviews with documented corrective actions.

• Partner with Network/IT Ops to contain threats and validate remediation is complete.

KPA 2 – Vulnerability and Risk Management (2025 Cyber Objective)

• Lead monthly vulnerability scans; track and drive remediation with service owners.

• Reduce outstanding critical/high vulnerabilities by ≥20% year‑over‑year; report status monthly.

• Harden endpoints/servers and support patch compliance to meet defined SLOs.

KPA 3 – Compliance and Audit Readiness (HIPAA/SOC 2/PCI as applicable)

• Maintain control evidence and procedures to support HIPAA Security Rule and other frameworks as applicable.

• Support annual risk assessments and produce metrics/KRIs for data protection and access management.

• Remediate audit findings within agreed timelines and sustain compliance posture.

KPA 4 – Cyber Awareness, Training, and Culture

• Coordinate phishing simulations and awareness campaigns; target ≥90% completion for required training.

• Publish monthly 'CyberSmart' tips for clinic and corporate staff; embed cyber practices into onboarding.

• Advise business units on secure behavior, data handling, and acceptable use.

KPA 5 – Clinic Acquisitions: Security Due Diligence, On‑Site Support, and Travel

• Perform cyber due diligence for incoming clinics (identity, email, endpoint, network, data protection).

• Travel to clinic sites to conduct on‑site assessments, validate controls, and support secure go‑live (estimated 25–40% travel; varies with pipeline).

• Ensure onboarding aligns with AON cyber standards; provide post‑integration support and handoffs.

KPA 6 – Continuous Improvement and Strategic Projects

• Contribute to cyber roadmap initiatives (identity modernization, cloud posture management, email security, DLP).

• Measure and report resilience improvements (MTTD/MTTR, patch SLOs, vulnerability closure rate).

• Evaluate emerging tools/controls and recommend adoption where cost‑benefit is clear.

• Performs other duties and projects as assigned.

Education

• Bachelor's Degree in Information technology or related field; or appropriate years of experience and education to achieve same knowledge and experience level preferred

Minimum Relevant Experience

• 3-5 years related experience and/or training; or equivalent combination of higher education and experience preferred

• Knowledge of IT Security, System Administration of one or more of following: Firewalls, Microsoft Windows, Linux, Networking

• Multi state and healthcare required.

• Ability to be flexible and adaptable in a fast-paced environment

• Ability to work independently and as part of team.

• Strong Microsoft Office skills: PowerPoint, Word, Excel.

• Strong organizational and communication skills (both verbal and written).

• Demonstrated experience in managing multiple projects and tasks simultaneously.

• Strong customer service, attention to detail and time-management skills.

Certifications/Licenses

• SANS GSEC, Security+ preferred

#LI-REMOTE