Cybersecurity Risk Analyst

CareRev is bringing the future of work to Healthcare! CareRev's mission is to build a sustainable future for healthcare professionals. CareRev is a modern marketplace platform offering professionals the freedom to choose how and when they work, tools and training to develop their careers, and personalized growth opportunities.

We are growing our security team at CareRev! As a key member of the security team, you'll collaborate across the organization streamlining procurement and vendor risk management to build awareness, understanding, and mitigation of risk while building trust with cross-divisional stakeholders. You will work within the security team and facilitate discussions with third party vendors, enhance processes and controls for new vendor procurement, and draft materials for reporting to leadership and management committees.

You will also work with the security and broader engineering team to lead, create, and document scalable processes for risk assessment and decision making, additionally supporting CareRev’s own internal and external security documentation. You will be an instrumental contributor and leader in building a scalable security program for our growing organization. Depending on the skills and interest of the successful candidate, this role has the opportunity to grow additional cybersecurity skills sets as we continue developing our security team.

What We're Looking for

While you should have many of these skills, not all are required.

• Able to communicate relevant information clearly and concisely, both verbally and in writing
• Experience in 3rd party management, audit, oversight, internal controls, operational risk management and mitigation
• Independent judgment with strong analytical and risk assessment skills
• Proven track record of building effective working relationships with internal and external business partners and senior leaders
• Project management skills with ability to work independently and with a team, prioritize and manage multiple projects and succeed in a fast-paced, heavy workload environment
• Demonstrated success in introducing process improvements and automation for security / operational risk management teams
• Knowledge of relevant information security control frameworks, such as ISO 27002, SOC 2 Trust Services Criteria, PCI DSS, NIST Cyber Security Framework (CSF) / 800-53, CIS Critical Security Controls
• A critical problem solver, detailed oriented, and highly motivated self-starter with a passion for constant learning & improvement
• A bias for action and ability to work efficiently with minimal oversight/direction and collaborate effectively in cross functional projects
• Experience and interest in other aspects/bodies of cybersecurity work (e.g. vulnerability management, cloud security) a plus
• Knowledge of/familiarity with AWS, Heroku, and kubernetes are all a plus
• Certifications are not required, but CompTIA Security+, CASP+, CISM, or PMP could be helpful
• Programming background is plus

What you’ll do:

• Assess the security posture of 3rd parties as a part of the onboarding process for new tools and services (organization-wide) with a view on technology and security risk
• Oversee, monitor, assess, and report on third-party risk
• Lead/create and maintain security process documentation (e.g. documenting organizational standards for risk decision making)
• Review and maintain security policy documents in preparation for annual audits
• Provide consultative support and collaborate with business partners and external stakeholders to identify enhancement opportunities to strengthen third party management processes and controls
• Communicate efficiently about risk review results to concerning businesses and key partners as per plan
• Continuously iterate on improvement opportunities to optimize GRC processes across the organization and relevant stakeholders to maximize efficiency and scalability
• Execute ad-hoc projects as needed (we’re working as a team for each one of us to grow and develop our skills in areas of interest and company need)

Reasons to Consider Us:

• 100% remote company
• Comprehensive medical, dental, and vision benefits
• Short term disability 100% covered by CareRev
• Life insurance covered by CareRev
• Paid parental leave
• Generous paid holidays & unlimited PTO
• 401K and company match
• Office equipment stipend
• Learning reimbursement program

Physical Requirements: 

• Prolonged periods of sitting and/or standing at a desk
• Prolonged periods of working on a computer
• Repeating motions that may include the wrists, hands and/or fingers
• Ability to lift up to 15 pounds of work equipment
• Ability to set up home office to include desk and chair

CareRev is committed to the full inclusion of all qualified individuals. In keeping with our commitment, we will take the steps to assure that people with disabilities are provided reasonable accommodations. Accordingly, if reasonable accommodation is required to fully participate in the job application or interview process, to perform the essential functions of the position, and/or to receive all other benefits and privileges of employment, please discuss with your Recruiter.

We are an equal opportunity employer and will not discriminate against any employee or applicant for employment in an unlawful manner. We celebrate diversity and are committed to creating an inclusive environment for all individuals. CareRev treats all employees and job applicants based on merit, qualifications, and competence without regard to any qualified individuals' sex, race, color, religion, national origin, ancestry, gender (including pregnancy, breastfeeding, or related medical condition), sexual orientation, gender identity, gender expression, age, physical or mental disability, medical condition, genetic characteristic or information, marital status, military, and veteran status, or any other characteristic protected by state or federal law. CareRev also considers qualified applicants with criminal histories consistent with applicable local, state, and federal law.

If you are an applicant in Washington State, Colorado or New York City and have compensation questions, please contact us directly at compensation@carerev.com. Include in the email request: your Full Name, Job Name, and the City and State in which you reside. Please allow 48 business hours for a response. All other applicants: PLEASE NOTE, this email is not for candidates to apply to jobs directly. Resumes sent via this email address are not in our Applicant Tracking System, and therefore can not be included in our recruiting process. Please Apply following the steps below.