Senior Security Risk & Compliance Analyst
Abarca HealthPlans and employers deserve intelligent, flexible and user-friendly PBM services. We built a platform with infinite possibilities.
What you’ll do
In a few words…
Abarca is igniting a revolution in healthcare with a Cloud First approach and a modern systems mentality. We built our company on the belief that smarter technology can redefine pharmacy benefits, but this journey continues with a focus on sustainability and expansion of our operations.
Our Infrastructure Operations team is critical for success at Abarca Health, ensuring the modernization and cloud optimization of our infrastructure. This team is responsible for the daily management of our systems architecture, from data processing to server updates and stability. The Information Security team is in charge of monitoring, detecting, investigating, and responding to potential threats and ensuring HITRUST maturity. They are at the forefront of planning and implementing preventative security measures.
As a Senior Security Risk and Compliance Analyst, you will be instrumental in guaranteeing the security and compliance of our cloud-centric, modernized systems. Beyond overseeing all Risk, Audit, Legal, and Compliance endeavors related to Information Systems and Security, you will also be involved in planning for HITRUST maturity, ensuring sustainable practices and facilitating the expansion of our operations.
The fundamentals for the job…
- Modernize and cloud-optimize Security-related policies and procedures, always aligning with corporate Risks, Audit, Legal, and Compliance needs.
- Contribute to the development and continual enhancement of security GRC processes.
- Lead the vulnerability assessment efforts, ensuring a Cloud First approach and keeping up with the latest security standards for cloud environments.
- Assist in HITRUST certifications and ensure maturity in all security and compliance endeavors.
- Provide support for the patch and vulnerability management efforts, emphasizing cloud systems and modernized infrastructure.
- Lead and manage the third-party risk management program, ensuring that all vendors adhere to our Cloud First, sustainability, and modernization principles.
- Evaluate security alerts, focusing on those related to cloud systems and modern infrastructures.
- Support and act as the Security point person for the company’s SOC efforts, emphasizing the importance of Cloud First and modernization.
- Audit access rights, always keeping in mind a Cloud First approach and modernized systems.
- Develop security requirements for new company initiatives, prioritizing sustainability and expansion of operations.
- Oversee creating and reviewing all Security related policies and procedures in a constant pursuit of incorporating corporate Risks, Audit, Legal, and Compliance requirements into the Information Security Program.
- Participate in and be the liaison for the Compliance, Security, and Risk Management (CSRM) Committee.
What we expect of you:
The bold requirements…
- Bachelor’s Degree or Master’s Degree in Information Technology, Computer Science, or related field (In lieu of a degree, equivalent, relevant work experience may be considered.)
- 6+ years of experience in Information Security and Healthcare Compliance.
- Experience in Internal Controls, Security Policies and Procedures, Action Planning, and Execution.
- Experience with the selection, implementation, and maintenance of security and compliance tools such as SIEM, vulnerability scanning, or identity management solutions.
- Experience qualitative and quantitative risk management approaches and processes, including proven implementation experience.
- Experience with security practices and controls applied to address security risks, applying frameworks (security, risk, and control) such as NIST, COBIT, and ISO.
- Experience with principles behind IT Compliance and Security
- Experience with Compliance and Local Regulations as well as Federal Regulations that pertain to the Healthcare Industry.
- Excellent oral and written communication skills.
- Experience with GRC products (e.g., RSA-Archer, RisKonnect, Metric Stream, ServiceNow GRC, etc.)
- We are proud to offer a flexible hybrid work model which will require certain on-site workdays (Puerto Rico Location Only).
Nice to haves…
- 1 or more advanced professional security certifications (e.g., CISSP, CRISC, CISA, CERP, FAIR/Open FAIR, CGEIT, etc.)
- Experience Healthcare, Pharmacy, and Pharmacy Benefit Management industries, Medicare Part D, and CMS regulations
- Experience leading regulatory compliance and understanding of information technology service management frameworks such as ITIL, ISO 20000
- Must be able to access and navigate each department at the organization’s facilities.
- Sedentary work that primarily involves sitting/standing.
The above description is not intended to limit the scope of the job or to exclude other duties not mentioned. It is not a final set of specifications for the position. It’s simply meant to give readers an idea of what the role entails.
Abarca Health LLC is an equal employment opportunity employer and participates in E-Verify. “Applicant must be a United States’ citizen. Abarca Health LLC does not sponsor employment visas at this time”
All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of gender, race/ethnicity, gender identity, sexual orientation, protected veteran status, disability, or other protected group status.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Perks/benefits: Health care
More jobs like this
Remote - Ireland Remote - Ireland Full TimeSenior Senior-levelUSD 42K - 78K * USD 42K+ *
Sr. Director Analyst, Technical Expert - SOC, SIEM, Network Security, Remote Ireland, UK and CanadaNetwork security Privacy SIEM SOC Strategy ZTNA
Career development Conferences Startup environment Team events
Remote - Texas Remote - Texas Full TimeSenior Senior-levelUSD 150K - 190K USD 150K+
Sr Director Analyst, Technical Expert - SOC, SIEM, Network Security, Remote - USNetwork security Privacy SIEM SOC Strategy ZTNA
401(k) matching Career development Conferences Salary bonus Startup environment +1
Egham - Tamesis Egham - Tamesis Full TimeSenior Senior-levelUSD 42K - 78K * USD 42K+ *
Sr. Director Analyst – Cloud and Network Security, Emerging Technologies and Trends (REMOTE - UK)Application security AWS Azure CCSP CEH CISSP +7
Career development Conferences Startup environment Team events
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Analyst jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Information Security Officer jobs
- Open Chief Information Security Officer jobs
- Open Security Operations Engineer jobs
- Open Ingénieur DevSecops H/F jobs
- Open Staff Security Engineer jobs
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open Senior Security Architect jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Consultant jobs
- Open Senior Security Analyst jobs
- Open o365 Security Architect jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Staff Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Security Researcher jobs
- Open Product Security Engineer jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Governance-related jobs
- Open Risk assessment-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open Analytics-related jobs
- Open ISO 27001-related jobs
- Open CISM-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open Java-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Security assessment-related jobs
- Open DoD-related jobs
- Open APIs-related jobs
- Open Forensics-related jobs
- Open Splunk-related jobs
- Open EDR-related jobs