Security Risk and Compliance Analyst

What you’ll do

In a few words…

Abarca is igniting a revolution in healthcare with a Cloud First approach and a modern systems mentality. We built our company on the belief that smarter technology can redefine pharmacy benefits, but this journey continues with a focus on sustainability and expansion of our operations.

Our Infrastructure Operations team plays a crucial role in the success of Abarca Health by modernizing and optimizing our cloud infrastructure. This team manages our system’s architecture, ensuring efficient data processing and system stability. The Information Security team monitors, detects, investigates, and responds to potential threats while working towards IT Risk and Governance maturity and implementing preventative security measures and controls on a consistent basis.

As a Security Risk and Compliance Analyst, your role is essential in maintaining the security and compliance of our cloud-centric, modern systems. You will support Risk, Audit, Legal, and Compliance activities related to Information Systems and Security. Additionally, you will contribute to planning for HITRUST maturity, promote sustainable practices, and support the expansion of our operations.What you’ll do:

The fundamentals for the job…

• Support the modernization and optimization of Security-related policies and procedures, aligning with corporate Risks, Audit, Legal, and Compliance needs.
• Assist in the development and enhancement of security GRC processes.
• Participate in vulnerability assessment efforts, adopting a Cloud First approach and adhering to the latest security standards for cloud environments.
• Help with HITRUST certifications and support maturity in security and compliance endeavors.
• Contribute to the management of the third-party risk program, ensuring vendor alignment with our principles.
• Help audit access rights, prioritizing a Cloud First approach and modern systems.
• Contribute to developing security requirements for new company initiatives, with an emphasis on sustainability and operation expansion.
• Support the creation and review of all Security-related policies and procedures, integrating corporate Risks, Audit, Legal, and Compliance requirements into the Information Security Program.
• Serve as a supportive liaison for the Compliance, Security, and Risk Management (CSRM) Committee.

What we expect of you:

The bold requirements…

• Bachelor’s Degree in Information Technology, Computer Science, or a related field (relevant work experience may be considered in lieu of a degree).
• 3+ years of experience in Information Security roles.
• Experience within Healthcare Compliance.
• Familiarity with Internal Controls, Security Policies and Procedures, Action Planning, and Execution.
• Understanding of the selection, implementation, and maintenance of security and compliance tools such as SIEM, vulnerability scanning, or identity management solutions.
• Knowledge of qualitative and quantitative risk management approaches and processes.
• Awareness of security practices and controls to address security risks, applying frameworks such as NIST, COBIT, and ISO.
• Understanding of IT Compliance and Security principles.
• Familiarity with Compliance and Local Regulations as well as Federal Regulations relevant to the Healthcare Industry.
• Strong oral and written communication skills.
• Flexible hybrid work model with certain on-site workdays (Puerto Rico location).

Nice to haves…

• Professional security certifications (e.g., CISSP, CRISC, CISA, etc.).
• Experience in Healthcare, Pharmacy, and Pharmacy Benefit Management industries, including knowledge of Medicare Part D and CMS regulations.
• Understanding of regulatory compliance and IT service management frameworks such as ITIL, ISO 20000.
• Experience with GRC products (e.g., RSA-Archer, Riskonnect, Metric Stream, ServiceNow GRC, etc.).

Physical requirements…

• Must be able to access and navigate each department at the organization’s facilities.
• Sedentary work that primarily involves sitting/standing.

The above description is not intended to limit the scope of the job or to exclude other duties not mentioned. It is not a final set of specifications for the position. It’s simply meant to give readers an idea of what the role entails.

Abarca Health LLC is an equal employment opportunity employer and participates in E-Verify. “Applicant must be a United States’ citizen. Abarca Health LLC does not sponsor employment visas at this time”

All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of gender, race/ethnicity, gender identity, sexual orientation, protected veteran status, disability, or other protected group status.