Senior IT Risk & Controls Analyst – Information Security Contract Negotiations - Remote

📋 Description

• • As a Senior IT Risk & Controls Analyst at Prime Therapeutics, you will play a pivotal role in safeguarding the organization's information security posture by focusing on the critical area of contract negotiations. This remote position offers a unique opportunity to influence strategic security initiatives across our Governance, Risk, and Compliance (GRC) program, ensuring that our contractual agreements with clients and vendors align with stringent regulatory requirements and industry best practices.
• • You will be instrumental in developing, implementing, and enforcing organization-wide security standards, policies, and procedures. This includes establishing robust organizational processes and metrics to effectively monitor risk and controls, and meticulously evaluating operational performance to identify areas for improvement and ensure compliance.
• • A core responsibility will involve conducting thorough vendor security assessments and, where necessary, performing onsite audits. This ensures that our partners adhere to contractual security obligations and that appropriate security language is negotiated into all vendor agreements, mitigating potential vulnerabilities.
• • You will be the driving force behind managing and remediating IT audit action plans, ensuring that identified issues are addressed promptly and effectively to maintain a strong security posture.
• • The role demands the development and implementation of sustainment and monitoring processes to guarantee ongoing compliance with critical security requirements, including those mandated by HITRUST, SOC 1, SOC 2, HIPAA, and various client contracts. This proactive approach is essential in a rapidly evolving threat landscape.
• • You will be responsible for responding to client security assessments and Requests for Proposals (RFPs). This involves ensuring alignment with internal security policies and applicable regulatory requirements, and actively participating in client contract negotiations to secure favorable terms that protect Prime Therapeutics.
• • Staying ahead of the curve is paramount; you will continuously monitor and interpret state and federal cyber regulations, such as HIPAA, HITRUST, NIST, and CMS. Based on this analysis, you will identify compliance gaps and recommend necessary updates to our security controls and frameworks.
• • This position requires providing leadership and guidance to Information Security program projects, ensuring they are executed efficiently and effectively, contributing to the overall enhancement of our security infrastructure.
• • You will collaborate closely with Legal, Procurement, IT, and business leadership teams. This cross-functional collaboration is key to developing comprehensive security strategies, strengthening security standards, and negotiating contractual protections that meet all necessary regulatory and industry security requirements.
• • The ideal candidate will possess strong negotiation capabilities, a keen ability to evaluate risks, and the skill to influence and lead diverse teams across the organization. Your expertise will directly contribute to maintaining Prime Therapeutics' reputation as a secure and trustworthy partner in the pharmacy benefits management industry.
• • This role is crucial for maintaining compliance in a highly regulated industry, ensuring that all IT and security-related contracts reflect the highest standards of data protection and risk management. Your work will directly impact the organization's ability to operate securely and meet the expectations of its clients and regulatory bodies.
• • You will also be involved in developing and producing security metrics and reporting, creating clear and concise communications, and refining security policies to ensure they remain relevant and effective in addressing current and future threats.
• • The ability to manage and prioritize numerous time-critical tasks simultaneously, while also providing direction to professional staff, is essential for success in this dynamic role.
• • Your analytical and critical thinking skills will be leveraged to dissect complex security challenges and devise practical, effective solutions.
• • Project and process management skills, including managing to project budgets and timelines, will be vital for the successful execution of initiatives under your purview.
• • A solid understanding of regulatory requirements and security frameworks such as PCI, HIPAA, SOC 1, SOC 2, HITRUST, NIST, and/or CoBIT is fundamental to this position.
• • Working knowledge or experience with security practices, principles, and controls will be applied daily to assess and mitigate risks.
• • Leadership and mentoring skills will be utilized to guide and develop junior team members and foster a culture of security awareness throughout the organization.