Sr. Analyst, Governance Risk Compliance

About Us

At Kalderos, we are building unifying technologies that bring transparency, trust, and equity to the entire healthcare community with a focus on pharmaceutical pricing.  Our success is measured when we can empower all of healthcare to focus more on improving the health of people. 

That success is driven by Kalderos’ greatest asset, our people. Our team thrives on the problems that we solve, is driven to innovate, and thrives on the feedback of their peers. Our team is passionate about what they do and we are looking for people to join our company and our mission.
That’s where you come in! 

What You’ll Do:

The Senior Analyst, Information Security Governance, Risk and Compliance will assist with information security and privacy risk management functions. The Senior Analyst assures Kalderos adherence to applicable federal and state regulations; develops and conducts periodic risk assessments; assists with policy and control development and maintenance; prepares Kalderos for applicable security and privacy audits and certifications; and assists with Kalderos’ vendor management program, including activities related to risk management, due diligence, contract provisions, vendor reviews, and ongoing monitoring requirements.  The Senior Analyst reports directly to the Director, Security & Privacy Compliance and frequently coordinates with the Information Security and Technology teams to ensure effective completion of security and privacy requirements and activities. 

What You’ll Bring:

• BS/BA in a technical field or equivalent practical experience
• 3+ years of experience in Information Security Governance, Risk and Compliance
• Experience with Risk Management and Information Security strategy, practices, technologies and tools  
• Proven track record of conducting efficient and regular risk assessments, and facilitating auditing and monitoring activities
• Experience in the healthcare space with knowledge of existing and emerging federal and state requirements related to privacy and security of health information (HIPAA, HITRUST)
• Familiar with Information Security frameworks and standards (SOC 2, NIST, ISO 27001)
• Expertise with data privacy concepts and program operations (CCPA/CPRA, GDPR) 
• Comfortability working within a growth-stage technology organization

Set yourself apart:

• Knowledge of current Cloud security architecture, software and database technologies 
• Understanding of risk management from the technology perspective 
• Strong professional and interpersonal skills 
• Ability to maintain a high level of confidentiality 
• Demonstrated ability to complete projects in a timely manner with little supervision or direction
• Demonstrated ability to set priorities and to respond to changing demands from multiple sources in a fast-paced environment 
• Ability to follow through, meet deadlines, anticipate requirements, and build relationships 
• Strong analytical, decision-making, and problem-solving skills 
• Excellent verbal and written communication skills 
• Excellent time management and organizational skills 
• Knowledge of JIRA and Confluence is a plus

Recommended Certifications

• CRISC – Certified Risk and Information Security Control
• CISM - Certified Information Security Manager
• CISA - Certified Information Systems Auditor
• CISSP - Certified Information Systems Security Professional
• CHPC - Certified in Healthcare Privacy Compliance 

Expected Salary Range: $95,000 - $130,000 base + bonus

____________________________________________________________________________________________Highlighted Company Perks and Benefits

• Medical, Dental, and Vision benefits
• 401k with company match
• Flexible PTO with a 10 day minimum
• Opportunity for growth
• Mobile & Wifi Reimbursement
• Commuter Reimbursement
• Donation matching for charitable contributions
• Travel reimbursement for healthcare services not available near your home
• New employee home office setup reimbursement

What It’s Like Working Here

• We thrive on collaboration, because we believe that all voices matter and we can only put our best work into the world when we work together to solve problems.
• We empower each other and believe in ensuring all voices are heard.
• We know the importance of feedback in individual and organizational growth and development, which is why we've embedded it into our practice and culture. 
• We’re curious and go deep. Our slack channel is filled throughout the day with insightful articles, discussions around our industry, healthcare, and our book club is always bursting with questions.

To learn more: https://www.kalderos.com/company/culture

We know that job postings can be intimidating, and research shows that while men apply to jobs when they meet an average of 60% of the criteria, women and other marginalized folks tend to only apply when they check every box. We encourage you to apply if you think you may be a fit and give us both a chance to find out!

Kalderos is proud to be an equal opportunity workplace.  We are committed to equal opportunity regardless of race, color, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, or veteran status.

Kalderos participates in E-Verify.