Sr. Security Analyst

Alto is a telehealth pharmacy focused on helping people live healthier by making the prescription experience easier, more supportive, and more affordable. We’re transforming a $500 billion industry by reinventing what a pharmacy can do, for both patients and providers—from hand-delivering medications for free to offering on-call help by text or chat. Over one million deliveries, over a thousand five-star Yelp reviews, and an NPS score of +86 later, we’re proud to say we’ve built a pharmacy that people truly love.

Alto is a telehealth pharmacy focused on helping people live healthier by making the prescription experience easier, more supportive, and more affordable. We’re transforming a $500 billion industry by reinventing what a pharmacy can do, for both patients and providers—from hand-delivering medications for free to offering on-call help by text or chat. Over one million deliveries, over a thousand five-star Yelp reviews, and an NPS score of +86 later, we’re proud to say we’ve built a pharmacy that people truly love.

Alto’s security program is focused on protecting patient’s security and privacy while enabling our business to operate and grow. We support the product and engineering team as they build a secure platform for our patients, providers and employees. We also work directly with our pharmacy and operations teams to ensure that they can care for our patients securely and efficiently. We work closely with our pharmacy compliance team to ensure that we always respect our patients’ privacy.

We are looking for a governance, risk and compliance analyst with information security expertise to join our team. You will support the Security & Privacy team with the development, implementation and ongoing management of Alto’s risk management program. 

Responsibilities:

• Perform security and privacy risk assessments of third party vendors to meet information security, data privacy and compliance requirements and supporting business partners in vendor selection.
• Conduct internal risk assessments against identified risk frameworks including NIST Risk Management Framework and HITRUST CSF.
• Develop corrective action plans for identified risks with business stakeholders, identifying ways to address and mitigate risk while enabling the business.
• Manage the implementation and maintenance of Alto’s risk management platform, including documentation of controls and implementation of audit programs.
• Lead projects to improve the program’s maturity through automation and process improvements.
• Collaborate with cross functional stakeholders in legal, finance and IT to improve processes and implement workflow integrations to streamline and provide better customer experience.
• Partner with legal, compliance, human resources and finance to ensure comprehensive risk management across the organization.
• Work with all levels of the organization to build relationships and drive awareness and adoption of the security and risk assessment process.

You are an ideal candidate if you:

• Have 4+ years experience working within Security Risk Management and Compliance roles.
• Are experienced with designing and operationalizing risk management programs.
• Understanding of common certifications such as PCI, SOC 2, ISO 27001, HITRUST
• Familiar with privacy regulations such as HIPAA, GDPR, CCPA etc
• Degree in computer science, information technology, information security or equivalent work experience.
• Are familiar with cloud-first technology development environments, such as AWS.
• Communicate effectively about technical and non-technical topics with a diverse team. 
• Strong analytical, problem solving and project management skills.
• Thrive in a dynamic fast-paced environment where you need to consider competing interests, and make decisions quickly and independently. 
• Believe in Alto’s mission and embodies our company values.

Bonus:

• Have worked in a healthcare environment and are familiar with HIPAA and other regulatory requirements.
• Relevant security certifications.

Alto Pharmacy is an Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis. 

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. We are an E-Verify company.