Senior InfoSec Risk Analyst

About the Role:

You will be filling an essential role in Papa’s IT Security team. We constantly partner with upstream/downstream clients & vendors that require thorough risk assessments performed and submitted by us. You will carry out risk assessments, oversee our risk assessment platform, and meet the SLAs required for submission deadlines. You will also interact with our client/vendor base representatives and perform any follow-up questions when necessary.

To be successful, you must be organized and resourceful, possess knowledge and experience in security frameworks, have good problem-solving skills, and have high-level interpersonal skills. 

Here is how to tell if you are what Papa is looking for:

• You enjoy working as part of a collaborative team.
• You consider yourself to be a top talent.
• You have a strong passion for securing applications: and excellent interpersonal and communications skills.
• You are Self-motivated and results-oriented.
• You have a demonstrated track record dealing well with ambiguity, prioritizing needs, and delivering measurable results.
• You are a critical thinker who seeks to understand the business and its control environment.
• You possess a relentless focus on quality and timeliness.

Essential Job Functions:

• Review, respond to, and complete upstream and downstream Risk Assessments
• Oversee Papa's Risk Assessment Management platform
• Oversee internal risk management initiatives
• Practice IT security procedures relevant to HITRUST, SOC2, HIPAA, NIST 800-xx frameworks
• Review Service Agreements to ensure alignment with scope and SLAs
• Participate in department projects when requested
• Support other related IT security duties

Required Qualifications:

• 7+ years of experience in a security role or independently managing customer security assessments and questionnaires.
• Knowledge of information security and technology best practices, regulations, and regulatory trends, especially regarding auditing and control testing of information security programs.
• Experience in responding to RFPs for client/payor/vendor security assessments and questionnaires
• Prior experience leading security governance activities
• Prior experience leading and supporting various risk assessments
• Demonstrated organizational and project management skills

Desired Qualities:

• Excellent interpersonal and communication skills.
• Self-motivated and results-oriented.
• Demonstrated track record dealing well with ambiguity, prioritizing needs, and delivering measurable results.
• You are a critical thinker who seeks to understand the business and its control environment.
• You possess a relentless focus on quality and timeliness.

Papa’s culture is People-first. While we have an incredible team of hard working Papa people, at the end of the day, our company is really about family and community – and we celebrate that among our employees. We encourage everyone to truly bring their whole authentic selves to work. To be transparent. To be non-hierarchical. And, above all, to be a really good person. 

We see ourselves as a place where every Papa employee feels they belong, a place where careers flourish, a place that brings back purpose and joy to work, and a culture where visionaries/entrepreneurs are developed.

Papa’s mission is at the core of our total rewards philosophy, wherein we attract and retain high-potential talent aligned with our journey. We offer gender-neutral and inclusive parental leave policies that offer up to 16 weeks of 100% paid parental leave. We immensely value the benefits of a flexible workplace; while designing remote-first principles, we ensured that Papa people feel psychologically safe about their career interests while being remote.

Beyond benefits: We want to care for the whole employee and their families. To stay true to this commitment, we offer family care leave in addition to a generous paid time off policy, 401(k) match up to 4%; family forming support through access to Carrot; emotional health support tools through our medical plans such as Ginger, Happify and a host of events through a monthly culture calendar that enable emotional connectedness in a remote work environment.