Senior Security Risk & Compliance Analyst


Applications have closed

Abarca Health

Plans and employers deserve intelligent, flexible and user-friendly PBM services. We built a platform with infinite possibilities.

View company page

What you’ll do

In a few words…

Abarca is igniting a revolution in healthcare with a Cloud First approach and a modern systems mentality.  We built our company on the belief that smarter technology can redefine pharmacy benefits, but this journey continues with a focus on sustainability and expansion of our operations.

Our Infrastructure Operations team is critical for success at Abarca Health, ensuring the modernization and cloud optimization of our infrastructure. This team is responsible for the daily management of our systems architecture, from data processing to server updates and stability.  The Information Security team is in charge of monitoring, detecting, investigating, and responding to potential threats and ensuring HITRUST maturity. They are at the forefront of planning and implementing preventative security measures.

As a Senior Security Risk and Compliance Analyst, you will be instrumental in guaranteeing the security and compliance of our cloud-centric, modernized systems. Beyond overseeing all Risk, Audit, Legal, and Compliance endeavors related to Information Systems and Security, you will also be involved in planning for HITRUST maturity, ensuring sustainable practices and facilitating the expansion of our operations.

The fundamentals for the job…

  • Modernize and cloud-optimize Security-related policies and procedures, always aligning with corporate Risks, Audit, Legal, and Compliance needs.
  • Contribute to the development and continual enhancement of security GRC processes.
  • Lead the vulnerability assessment efforts, ensuring a Cloud First approach and keeping up with the latest security standards for cloud environments.
  • Assist in HITRUST certifications and ensure maturity in all security and compliance endeavors.
  • Provide support for the patch and vulnerability management efforts, emphasizing cloud systems and modernized infrastructure.
  • Lead and manage the third-party risk management program, ensuring that all vendors adhere to our Cloud First, sustainability, and modernization principles.
  • Evaluate security alerts, focusing on those related to cloud systems and modern infrastructures.
  • Support and act as the Security point person for the company’s SOC efforts, emphasizing the importance of Cloud First and modernization.
  • Audit access rights, always keeping in mind a Cloud First approach and modernized systems.
  • Develop security requirements for new company initiatives, prioritizing sustainability and expansion of operations.
  • Oversee creating and reviewing all Security related policies and procedures in a constant pursuit of incorporating corporate Risks, Audit, Legal, and Compliance requirements into the Information Security Program.
  • Participate in and be the liaison for the Compliance, Security, and Risk Management (CSRM) Committee.

What we expect of you:

The bold requirements…

  • Bachelor’s Degree or Master’s Degree in Information Technology, Computer Science, or related field (In lieu of a degree, equivalent, relevant work experience may be considered.)
  • 6+ years of experience in Information Security and Healthcare Compliance.
  • Experience in Internal Controls, Security Policies and Procedures, Action Planning, and Execution.
  • Experience with the selection, implementation, and maintenance of security and compliance tools such as SIEM, vulnerability scanning, or identity management solutions.
  • Experience qualitative and quantitative risk management approaches and processes, including proven implementation experience.
  • Experience with security practices and controls applied to address security risks, applying frameworks (security, risk, and control) such as NIST, COBIT, and ISO.
  • Experience with principles behind IT Compliance and Security
  • Experience with Compliance and Local Regulations as well as Federal Regulations that pertain to the Healthcare Industry.
  • Excellent oral and written communication skills.
  • Experience with GRC products (e.g., RSA-Archer, RisKonnect, Metric Stream, ServiceNow GRC, etc.)
  • We are proud to offer a flexible hybrid work model which will require certain on-site workdays (Puerto Rico Location Only).

Nice to haves…

  • 1 or more advanced professional security certifications (e.g., CISSP, CRISC, CISA, CERP, FAIR/Open FAIR, CGEIT, etc.)
  • Experience Healthcare, Pharmacy, and Pharmacy Benefit Management industries, Medicare Part D, and CMS regulations
  • Experience leading regulatory compliance and understanding of information technology service management frameworks such as ITIL, ISO 20000

Physical requirements…

  • Must be able to access and navigate each department at the organization’s facilities.
  • Sedentary work that primarily involves sitting/standing.

The above description is not intended to limit the scope of the job or to exclude other duties not mentioned. It is not a final set of specifications for the position. It’s simply meant to give readers an idea of what the role entails.

Abarca Health LLC is an equal employment opportunity employer and participates in E-Verify.  “Applicant must be a United States’ citizen. Abarca Health LLC does not sponsor employment visas at this time”

All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of gender, race/ethnicity, gender identity, sexual orientation, protected veteran status, disability, or other protected group status.


* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: CISA CISSP Cloud CoBIT Compliance Computer Science CRISC HITRUST ITIL Monitoring NIST Risk management RSA SIEM SOC Vulnerability management

Perks/benefits: Health care

Region: Remote/Anywhere
Job stats:  39  8  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.