Why Work for Person Centered Services? When you join the Person Centered Services team, you can make a difference in the lives of people with intellectual and developmental disabilities, while also reaching your own career goals. Benefits for full-time positions include: + 20 Days of paid time off (PTO) in your first year! Increasing to 25 Days in your second year! + 13 Paid Holidays + Comprehensive health insurance plans for you to choose what best fits your needs (Medical, Dental & Vision) + 401(k) - the Company matches 50% of the first 6% up to a maximum of 3% + Company paid benefits: basic life insurance, long-term disability, and a Lifestyle Spending Account with a benefit of up to $500 set aside for employees to spend on wellness eligible expenses! + Employee Discount and Wellness Programs - Currently providing 3 paid hours per week for exercise, volunteering or personal wellness! + Professional development opportunities including mentorship program options and ongoing coaching information security analyst Department Information Technology Direct Care Non-Direct Care ​ ​ Non-Direct Care ​ FLSA Status ​ ​ Exempt ​ Exemption Type ( HR Use Only – Check all that apply ) ​ ​ ☐ ​ Executive ​ ☒ ​ Computer ​ ​ ☐ ​ Administrative ​ ☐ ​ Professional ​ ​ ☐ ​ Outside Sales Reports to Information Security Manager Supervises N/A Primary Location Corporate-Buffalo Employment Status ​ ​ ☒ ​ Full Time ​ ☐ ​ Part Time ​ ​ ☒ ​ Regular ​ ☐ ​ Temporary Original Date November 2022 Revised Date September 2025 JOB SUMMARY The Information Security Analyst is responsible for protecting the integrity, confidentiality, and availability of systems and data within a fully cloud-based environment. This role requires a strong combination of technical proficiency , analytical thinking, and proactive engagement in cybersecurity operations. As a New York State-regulated entity, the organization adheres to strict compliance frameworks and internal protocols. The analyst must operate within established procedures and hierarchical guidance to ensure ongoing compliance and audit readiness. ESSENTIAL FUNCTIONS + Monitor, investigate, and respond to security events using Microsoft Azure and Microsoft 365 security services, including Azure Sentinel SIEM, Microsoft Defender XDR, Defender for Endpoint, Intune, Defender Vulnerability Management, Identity Protection, Cloud App Security, and Data & Security Governance. + Apply structured methods to assess alerts, identify threats, and implement timely remediation, with clear documentation, ownership of outcomes, and proactive communication throughout. + Detect threats using Kusto Query Language (KQL) in Sentinel and Defender XDR. Prior experience is preferred, but a strong willingness to learn and apply KQL is valued. + Lead full-cycle incident response—from detection to recovery—minimizing impact through coordinated action and maintaining detailed, audit-ready documentation. + Conduct and document detailed, legally defensible security risk assessments that define scope, findings, impact, and reportability of potential data breach incidents. Investigate potential PHI exposure thoroughly and ensure remediation is fully documented, complete, and well-communicated. + Support phishing simulations and security awareness campaigns via platforms like KnowBe4, promoting a culture of accountability and vigilance. + Collaborate on secure implementation of projects, applications, and services, ensuring alignment with security policies and clearly communicating risks and mitigations. + Maintain accurate , accessible documentation for audits, service tickets, and project tracking, supporting transparency and readiness for review. + Assist with annual audits by preparing evidence, validating controls, and responding to auditor inquiries with clarity and professionalism. + Ensure compliance with NIST SP 800-53 and the New York State System Security Plan (SSP), proactively identifying and communicating gaps or risks. + Provide timely , thoughtful security guidance to internal teams, helping them navigate risks and implement secure solutions with confidence. + Deliver engaged training sessions and author internal security updates that reinforce best practices and foster shared ownership of security. + Research, plan, and lead security projects from concept to completion, with clear objectives , stakeholder coordination, and well-documented outcomes. + Demonstrate proactiveness in identifying , communicating, and implementing improvements to security operations processes and procedures, contributing to greater efficiency, effectiveness, and team performance. + Manage daily ad hoc tasks and triaged assignments with flexibility and ownership, maintaining consistent communication and thorough documentation throughout. + Receive assignments and direction via Microsoft Teams, and effectively organize, prioritize, and integrate them alongside existing tasks and projects.Utilize Microsoft Excel to analyze access patterns using filters, formulas, pivot tables, and lookup functions. Clearly present findings to support informed decision-making, compliance validation, and audit readiness. + Maintain regular communication with direct manager, escalating issues or concerns appropriately and in a timely manner . Ensure transparency and alignment with leadership expectations through proactive updates and documentation. + Take full ownership of assigned tasks or projects, demonstrating initiative, accountability, and a commitment to understanding the subject matter. Be prepared to present and discuss your work confidently with stakeholders, supported by thorough research and continuous learning. OTHER DUTIES + Commits to a respectful, just, and supportive environment for individuals and team members aligning with the company’s commitment to diversity, equity, inclusion and belonging. + Other duties as necessary or assigned. KNOWLEDGE, SKILLS & ABILITIES + Demonstrate the ability to manage workload independently while maintaining clarity and responsiveness in a dynamic environment. + Collaborate effectively with team members and cross-functional groups, applying critical thinking and a proactive, solution-oriented mindset. + Communicate clearly and informatively across technical and non-technical audiences, ensuring shared understanding, accountability, and alignment. + Familiarity with KnowBe4 Attack Simulation Software and other security awareness platforms. + Strong understanding—or a demonstrated commitment to learning—enterprise tools, policies, procedures, and New York State regulatory requirements, including experience in environments governed by HIPAA, NIST SP 800-53, and MCD compliance standards. Willingness to proactively address knowledge gaps through research and hands-on application. + Demonstrated ability to apply analytical thinking to assess complex security data, identify patterns, and develop actionable insights. + Proven ability to conduct user investigations with emotional intelligence and ethical rigor— observing non-verbal cues, identifying inconsistencies, applying cognitive interviewing techniques, and maintaining neutrality and confidentiality throughout the process. + Ability to manage multiple tasks and competing priorities simultaneously, with a strong capacity to assess urgency and importance. Demonstrates sound judgment in prioritizing workload and maintaining focus under pressure. + Prior experience supporting cross-functional teams, managing multiple priorities, and providing customer-facing support in high-pressure scenarios. + Ability to read, interpret, and apply policy and procedure documents effectively in day-to-day operations, ensuring alignment with organizational standards and compliance requirements. EDUCATION & EXPERIENCE + Bachelor’s degree in information security, Cybersecurity, Computer Science, Information Technology, or a related field is required . + 3–5 years of hands-on experience in an information security role, with demonstrated expertise in cloud-based environments and enterprise security operations. + Experience with Microsoft Security Tools and Azure Cloud Computing is preferred. + Industry certifications such as CompTIA Security+ or Microsoft Certified: Security Operations Analyst Associate are desirable. + Click Here For Full Job Description (https://personcenteredservices.com/wp-content/uploads/2025/09/Information-Security-Analyst-FINAL.pdf) Person Centered Services has a commitment to equal employment opportunity for all staff and applicants for employment. Employment decisions including, but not limited to, those such as staff selection, performance evaluation, administration of benefits, working conditions, staff programs, transfers, position changes, training, disciplinary action, compensation, and separations are made without regard to race, color, religion (including religious dress and grooming), creed, national origin, nationality, citizenship status, domestic partnership status, ancestry, gender, affectional or sexual orientation, gender identity or expression, marital status, civil union status, family status, age, mental or physical disability (including AIDS or HIV-related status), atypical hereditary cellular or blood trait of an individual, genetic information or refusal to submit to a genetic test or make available the results of a genetic test, military status, veteran status, or any other characteristic protected by applicable federal, state, or local laws. Job Details Pay Type Salary Hiring Min Rate 61,360 USD Hiring Max Rate 71,760 USD