Sr. Information Security Analyst - Vendor, Client, and Audit Management


Phreesia logo
Apply now Apply later

Posted 1 month ago

Phreesia is looking for a Senior Information Security Analyst to join our growing team!

The Senior InfoSec Analyst will work closely with the Information Security team and business process owners, this position is responsible for the timely delivery of Phreesia’s regulatory compliance and audit initiatives, client security assessments, vendor assessments, and other technical security assessments.

What you'll do:

  • Support Phreesia’s Audit and Compliance Program by performing internal pre-audits and managing active audits for PCI DSS, HITRUST, SOC 2, PCI P2PE, HIPAA, FedRAMP, and others
  • Perform a range of security assessments to identify information threats, internal control weaknesses, and remediation strategies
  • Ensure Phreesia’s vendors follow a structured risk management process and adhere to Phreesia’s rigorous security and compliance standards
  • Assist project teams in integrating vendors securely, and periodically re-evaluate the security and compliance of integrated vendors
  • Mature the enterprise risk assessment and reporting function to meet audit and compliance requirements
  • Provide pre-sales presentations to prospective Clients on Phreesia’s Information Security Program and product security features
  • Assist Sales teams to complete RFIs/RFPs and Client security questionnaires
  • Train and integrate offshore staff to assist with operational aspects of Phreesia’s Information Security Program
  • Train Phreesia partners and employees in secure practices, behaviors, and processes
  • Collect and publish monthly qualitative and quantitative key risk indicators (KRIs)

What you'll bring:

  • Experience managing large security projects (>$500k capex, 5k hours labor) involving cross-functional enterprise stakeholders
  • Experience communicating with and reporting to executive stakeholders frequently
  • Deep technical knowledge of information security best practices, access controls, encryption, network and endpoint security tools
  • Experience in successfully collaborating with and managing external auditors
  • Preferred certifications: CISSP, CISM, PMP
  • 7+ years in information security, 2+ years leading audit and compliance initiatives
  • Bachelor's degree required

Who We Are:

At Phreesia, we’re committed to helping healthcare organizations succeed in a fast-changing landscape—and we need smart, passionate people to help us do it. Our innovative SaaS platform offers our clients a suite of applications to manage the intake process, giving them the tools to engage patients, improve efficiency, optimize staffing and enhance clinical care.

Basically, what you do here matters, and hard work does not go unnoticed. Not only does Phreesia care about our clients, we also care about our employees. In fact, we’re a three-time winner of Modern Healthcare magazine’s Best Places to Work in Healthcare award. If you’re interested in consistent feedback and recognition, defined career paths, and the opportunity to work with driven and engaged colleagues in a dynamic industry, this may be the right opportunity for you. 

Benefits and Perks:

  • Variety of health plan options, dental/ vision coverage, and short/long-term and life insurance plans
  • 401(k) savings plan
  • Flexible working hours
  • Unlimited vacation
  • Mobile phone stipends and internet reimbursement
  • Fitness reimbursement
  • 100% paid maternity leave to our U.S. employees, as well as a generous maternity benefit to our employees in Canada.
  • Tuition and certification reimbursement, as well as other professional development opportunities

We strive to provide a diverse and inclusive environment and are an equal opportunity employer.


Job tags: Audits CISM CISSP Encryption FedRAMP Go HITRUST PCI Risk assessment SaaS Security assessments SOC 2