Abarca Health is hiring a
Security Risk and Compliance Analyst in Worldwide

Summary

The job is for a Security Risk and Compliance Analyst at Abarca Health. The role involves supporting the modernization and optimization of security policies, participating in vulnerability assessment efforts, helping with HITRUST certifications, managing the third-party risk program, and contributing to the development of security requirements for new company initiatives.

Requirements

• Bachelor’s Degree in Information Technology, Computer Science, or a related field (relevant work experience may be considered in lieu of a degree)
• 3+ years of experience in Information Security roles
• Experience within Healthcare Compliance
• Familiarity with Internal Controls, Security Policies and Procedures, Action Planning, and Execution
• Understanding of the selection, implementation, and maintenance of security and compliance tools such as SIEM, vulnerability scanning, or identity management solutions
• Knowledge of qualitative and quantitative risk management approaches and processes
• Awareness of security practices and controls to address security risks, applying frameworks such as NIST, COBIT, and ISO
• Understanding of IT Compliance and Security principles
• Familiarity with Compliance and Local Regulations as well as Federal Regulations relevant to the Healthcare Industry
• Strong oral and written communication skills

Responsibilities

• Support the modernization and optimization of Security-related policies and procedures
• Assist in the development and enhancement of security GRC processes
• Participate in vulnerability assessment efforts, adopting a Cloud First approach and adhering to the latest security standards for cloud environments
• Help with HITRUST certifications and support maturity in security and compliance endeavors
• Contribute to the management of the third-party risk program, ensuring vendor alignment with our principles
• Help audit access rights, prioritizing a Cloud First approach and modern systems
• Contribute to developing security requirements for new company initiatives, with an emphasis on sustainability and operation expansion
• Support the creation and review of all Security-related policies and procedures, integrating corporate Risks, Audit, Legal, and Compliance requirements into the Information Security Program
• Serve as a supportive liaison for the Compliance, Security, and Risk Management (CSRM) Committee

Preferred Qualifications

• Professional security certifications (e.g., CISSP, CRISC, CISA, etc.)
• Experience in Healthcare, Pharmacy, and Pharmacy Benefit Management industries, including knowledge of Medicare Part D and CMS regulations
• Understanding of regulatory compliance and IT service management frameworks such as ITIL, ISO 20000
• Experience with GRC products (e.g., RSA-Archer, Riskonnect, Metric Stream, ServiceNow GRC, etc.)

Benefits

Flexible hybrid work model with certain on-site workdays (Puerto Rico location)