IT Security and Risk Analyst

DCI Donor Services (DCIDS) is looking for a dynamic and enthusiastic team member to join us to save lives!! Our mission at DCIDS is to save lives through organ donation and we want professionals on our team that will embrace this important work!! We are currently seeking an IT Security and Risk Analyst. The IT Security and Risk Analyst is responsible for managing the organization’s security and compliance posture, ensuring adherence to regulatory requirements, and mitigating risks through proactive security controls. This position will work closely with IT Infrastructure and Support teams to implement security controls and will lead the organization’s incident response and management process. Additionally, this role will develop, maintain, and enforce security policies and procedures to ensure ongoing compliance and risk mitigation.

Company Overview And Mission

For over four decades, DCI Donor Services has been a leader in working to end the transplant waiting list. Our unique approach to service allows for nationwide donation, transplantation, and distribution of organs and tissues while maintaining close ties to our local communities.

DCI Donor Services operates three organ procurement/tissue recovery organizations: New Mexico Donor Services, Sierra Donor Services, and Tennessee Donor Services. We also maximize the gift of life through the DCI Donor Services Tissue Bank and Sierra Donor Services Eye Bank.

Our performance is measured by the way we serve donor families and recipients. To be successful in this endeavor is our ultimate mission. By mobilizing the power of people and the potential of technology, we are honored to extend the reach of each donor’s gift and share the importance of the gift of life.

We are committed to diversity, equity, and inclusion. With the help of our employee-led strategy team, we will ensure that all communities feel welcome and safe with us because we are a model for fairness, belonging, and forward thinking.

Key Responsibilities This Position Will Perform Include

• Compliance and Risk Management
• Ensure the organization remains compliant with NIST security frameworks.
• Conduct risk assessments and recommend remediation strategies.
• Develop and maintain security policies, procedures, and documentation.
• Monitor and enforce security controls to reduce risk exposure.

• Audits & Control Effectiveness Testing
• Conduct internal security audits and control assessments to evaluate compliance with NIST and organizational policies.
• Coordinate and support external audits, providing necessary documentation and responses.
• Develop and execute control testing procedures to ensure the effectiveness of security measures over time.
• Security Controls Implementation
• Collaborate with Infrastructure and Support teams to implement and maintain security controls.
• Review and recommend security configurations for networks, systems, and endpoints.
• Assist with vulnerability management, including patching and remediation efforts.
• Incident Response & Management
• Own and maintain the organization’s Incident Response Plan.
• Lead security incident investigations, coordinating response efforts across IT teams.
• Perform root cause analysis and recommend improvements to prevent recurrence.
• Monitoring & Reporting
• Regularly review security logs, alerts, and reports for potential threats.
• Work with security tools (SIEM, endpoint protection, etc.) to identify and mitigate risks.
• Provide reports to leadership on security incidents, trends, and compliance status.
• Conduct security audits, vulnerability scans, and penetration tests, partnering with consultants/third parties where necessary
• Training & Security Awareness
• Assist in developing security awareness training for employees.
• Ensure staff are informed of security best practices and compliance requirements.
• Conduct security awareness training and phishing simulations.
• Perform other related job duties as assigned
  

The Ideal Candidate Will Have

• Bachelor’s degree in information security, Computer Science, or related field (or equivalent work experience)
• 5+ years of experience in information security, risk management, or compliance
• Experience in the healthcare or nonprofit sector is a plus, particularly in a regulated environment such as an OPO
• Technical Skills:
• Assist in developing security awareness training for employees.
• Ensure staff are informed of security best practices and compliance requirements.
• Conduct security awareness training and phishing simulations.
• Certifications:
• Relevant GRC/Cybersecurity/Compliance certifications preferred (e.g. Security+, CRISC, CISM, CGEIT, GSEC, CISSP, CIPP/US, CIPM)
• Competencies & Physical Traits
• Excellent problem-solving, analytical, and decision-making abilities.
• Effective communication and interpersonal skills, with the ability to interact with technical and non-technical stakeholders.
• Sits, stands, bends, and walks.
• Communicates verbally and in writing.
• Lifts and carries loads up to 50 lbs.
  

Work Environment

• Hybrid work model with a mix of remote and on-site responsibilities, depending on project needs and organizational priorities.
• On-site presence may be required for activities such as audits, stakeholder meetings, or incident response coordination.
• Standard office conditions when on-site, including extended periods working at a computer.
• May require occasional after-hours availability to support time-sensitive risk assessments, compliance deadlines, or security incidents.
  
  

We Offer a Competitive Compensation Package Including

• Up to 176 hours of PTO your first year
• Up to 72 hours of Sick Time your first year
• Two Medical Plans (your choice of a PPO or HDHP), Dental, and Vision Coverage
• 403(b) plan with matching contribution
• Company provided term life, AD&D, and long-term disability insurance
• Wellness Program
• Supplemental insurance benefits such as accident coverage and short-term disability
• Discounts on home/auto/renter/pet insurance
• Cell phone discounts through Verizon
• Monthly phone stipend
• New employees must have their first dose of the COVID-19 vaccine by their potential start date or be able to supply proof of vaccination.**
  
  

You will receive a confirmation e-mail upon successful submission of your application. The next step of the selection process will be to complete a video screening. Instructions to complete the video screening will be contained in the confirmation e-mail. Please note - you must complete the video screening within 5 days from submission of your application to be considered for the position.

DCIDS is an EOE/AA employer – M/F/Vet/Disability.