Pager delivers a “doctor in your family” healthcare experience by making it simple for consumers to connect with the trusted experts they need to make the right healthcare decisions. Through AI-enabled technology, Pager brings consumers, nurses, doctors and other members of the care team together through secure chat, voice and video chat, all in one place. We partner with healthcare organizations to deliver seamless, tech-enabled services and solutions for a consumer experience that leads to better decisions, outcomes and healthier lives. Started in 2014 and based in New York City, Pager is led by seasoned technology and healthcare entrepreneurs to redefine the way that consumers interact with their healthcare.

We are looking for a Senior Security Compliance Analyst that can thrive in a startup environment, where they are comfortable navigating competing priorities and managing ambiguity in a fast-paced setting. This role takes accountability for the design, delivery and maintenance of new and existing security solutions while driving regulatory compliance. The role will work closely with business units and external vendors to improve the quality of services for our clients along with internal stakeholders.

Responsibilities

• Support all aspects of Information Security Data Privacy policies, standards, and processes as it relates to certification and compliance requirements
• Lead risk assessments and risk treatment processes across multiple business units
• Ability to quantifying risk in a consistent manner and reporting up through leadership
• Create, present, and communicate security risk across functional teams
• Achieve SOC 2 and HITRUST CSF Compliance, with (0) material findings or exceptions.
• Owns the ongoing compliance, evidence collection, and all processes, including annual audits, for SOC 2 reporting and HITRUST CSF certification
• Monitors and reviews regulatory updates and issues relative to pertinent security regulatory requirements (such as CCPA, CPRA, HITRUST CSF, or SOC 2) and escalate findings appropriately
• Develop and maintain risk reduction approaches, and assist and manage the intake process, provide oversight and expertise in risk assessments and process/application and third-party reviews
• Lead the validation process to ensure that Information Security Policy and Standard documents meet or exceed industry standards, compliance requirements and customer/client expectations.
• Manages and coordinates information security assessments with 3rd party partners.
• Perform Vendor Risk Assessments
• Support Sr Leadership and CISO in tracking of top risks metrics and KPI reporting
• Perform user access reviews and ensure respective any remediation is performed in a timely manner. Perform the periodic compliance tests necessary to demonstrate compliance with applicable laws, regulations and standards such as SOX, HIPAA CSF, CCPA, CPRA, GDPR.
• Coordinates BCP/DR teams and preparedness
• Support development of the program’s strategic risk assessment schedule and calendar to pro-actively assess security risk across the organization
• Develop key relationships with business and technology to ensure security risk reviews and assessments are performed when needed
• Lead the maintenance and enhancement of internal processes and tools used to respond to external requests related to information security
• Support scalable process and procedures with identifying or creation of program templates
• Provide guidance to and coordinates the efforts of relevant IT, Business and other department leaders in documenting and maintaining risk activities
• Effectively collaborate and lead the Data Privacy requirements gathering with IT, Business Units, Legal and Procurement using a consistent intake and evaluation process
• Track and report on remediation of open risk and issues as identified
• Supports vulnerability management and responds to vulnerability reports for applicability, while taking remedial actions.
• Own and support customer’s audit and RFP requests in a timely manner
• Ability to perform other responsibilities as assigned. Responsibilities and duties may change when circumstances dictate (e.g., Priority Changes, AD HOC tasks or technical developments).

Ideal Candidate

• Ability to work in a fast-paced environment and the skills to deal with ambiguity
• Experience with IT governance, risk, and compliance management
• Experience writing policies, procedures, and controls in one or more standards/frameworks
• Experience working with security teams performing vulnerability scanning
• Knowledge of network security methodologies and defense in-depth strategies
• Excellent written and oral communication skills
• Strong presentation and facilitation skills

Qualifications

• 4+ years experience in performing information security audits or risk assessments
• Knowledge of security frameworks such as NIST, SOC 2, ISO 27001, HIPAA, HITRUST, FedRAMP
• Certifications: CISA, ISACA, CIPP, CISSP, CISM
• Management of regulatory, internal, or external audits, or experience as an auditor
• Experience reviewing and redlining security terms in contracts
• Significant experience in cloud technology
• Strong knowledge of application development, infrastructure, and cyber security
• Strong technical aptitude
• Previous work experience in a Start Up or High Growth Company

Offers are contingent upon the successful completion of a background check. This may include but is not limited to substance testing, education, employment, references, state and federal licensure and certifications, criminal history, Office of the Inspector General (OIG) and General Services Administration (GSA) exclusions checks.

At Pager, we value diversity and always treat all employees and job applicants based on merit, qualifications, competence, and talent. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

For Colorado, Nevada, and New York-based employment: In accordance with the Pay Transparency laws the pay range for this position is $100,000 to $121,000. The compensation package may include stock options, plus a range of medical, dental, vision, financial, generous PTO, stipends for professional development, and wellness benefits. Final compensation for this role will be determined by various factors such as a candidate's relevant work experience, skills, certifications, and geographic location. The range listed only applies to Colorado, Nevada, and New York.