Information Security Analyst

Information Security Analyst

Are you interested in harnessing technology and AI to transform healthcare?

At XiFin, we believe a healthier, more efficient healthcare system starts with strong financial and operational foundations. Our innovative technologies help diagnostic providers, laboratories, and healthcare systems manage complexity, drive better outcomes, and stay focused on what matters most: patient care.

We're on a mission to simplify the business side of healthcare—and we know that mission takes people from all backgrounds and experiences. Whether you're early in your career or bringing years of expertise, we welcome your perspective, your curiosity, and your passion. We value individuals who ask questions, challenge the status quo, and want to grow while making a real difference.

About the Role

The Information Security Analyst plays a critical role in supporting our information system security activities. The Analyst will participate in efforts to safely manage health care financial information, requiring compliance with regulations such as HIPAA, industry requirements such as PCI-DSS rules, and our contracts with vendors and customers.

This role requires the ability to multitask and track projects through to completion. You take initiative and are extremely detail oriented with superior time management skills. You possess excellent verbal and written communication, interpersonal and customer service skills with the strong ability to interact professionally with executives, managers, and subject matter experts.

You may be hired as an Information Security Analyst or Senior Information Security Analyst based on your depth of skill and breadth of experience.

This is an onsite position in our San Diego, CA office.

This position is not eligible for employment sponsorship now or in the future. Applicants must have current and ongoing authorization to work in the United States.

What Will You Do?

• Responsible for overseeing the vendor information security risk management process, coordinating with our overall vendor management program, including compliance with the supply chain risk management controls in NIST SP 800-53, and any other standards adopted by our Cybersecurity Program and vendor management program, and our obligations under applicable privacy and security laws, our cybersecurity insurance, our contracts with key customers and our SOC, PCI, HITRUST and other audits and compliance requirements ("Security Standards").
• Responsible for XiFin's security awareness program
• Responsible for overseeing an effective asset management process to meet the Security Standards, including coordinating the configuration management data base with IT and the data mapping and inventorying and the ROPA and DPIA processes with our Privacy Department.
• Responsible for overseeing an effective data loss protection process meeting the Security Standards, including developing, gaining approval for and finalizing appropriate policies and procedures, appropriate information classification, and monitoring current DLP tools and recommending changes in configuration and use, or changes in tools.
• Responsible for overseeing XiFin's identity management process to meet the Security Standards.
• Regular monitoring of assigned security information systems for suspected privacy or security violations, managing the resolution of any issues, and ensuring the violations are properly documented and reported.
• Responsible for ensuring security policies and procedures are documented, maintained, implemented, and enforced.
• Support the security vulnerability management program.
• Provide input on our Cybersecurity Program and annual plan and other policies, procedures and documents as requested
• Assist in auditing security procedures to ensure compliance and provide evidence of compliance with security procedures for both internal and external audits, as assigned.
• Other projects as assigned

Skills and Experience You Have:

You don't need to check every box. A combination of the following education and experience factors will be considered:

• BS Computer Science degree or relevant discipline
• 5+ years of Information Security experience
• Demonstrated deep understanding of principles in network technology, incident response, data loss prevention, security architecture, and information security policy
• Familiarity with HIPAA and/or PCI-DSS a plus.
• Relevant security certifications

Scope of Decision-Making Authority:

• Authority to review and review information system access requests and escalate if necessary.
• Authority to submit infrastructure and application change request.

Why XiFin?

We're more than just a healthcare technology company—we're a team that cares about people. Here's a glimpse at what we offer:

• Comprehensive health benefits including medical, dental, vision, and telehealth
• 401(k) with company match and personalized financial coaching to support your financial future
• Health Savings Account (HSA) with company contributions
• Wellness incentives that reward your preventative healthcare activities
• Tuition assistance to support your education and growth
• Flexible time off and company-paid holidays
• Social and fun events to build community at our locations!

Pay Transparency

At XiFin, we believe in pay transparency and fairness. The expected annual salary range for this role is: $135,000- $162,000 Depending on your qualifications, you may be considered for either an Information Security Analyst or Sr. Information Security Analyst. Final compensation will be determined during selection process and may vary based on experience and skill.

Accessibility & Accommodations

We're committed to providing an inclusive and accessible experience for all applicants. If you need a reasonable accommodation during the application process, please contact us.

Equal Opportunity Employer

XiFin is proud to be an equal opportunity employer. We value diverse voices and do not discriminate on the basis of race, color, religion, national origin, gender, gender identity, sexual orientation, disability, age, veteran status or any other basis protected by law.

Ready to apply? We'd love to hear from you—even if you're not sure you meet every qualification. If you're excited about the role and believe you can contribute to our team, please apply. Let's build something meaningful together.