Information Security Analyst - GRC

JOB DESCRIPTION

Job Title: Information Security Analyst - GRC

Position Type: Full-time

Work Setting: In Office

Group/Division/Team: Product/Systems and Security

Reports to: Director of Security and Compliance

FLSA: Exempt

ABOUT VAXCARE

The healthcare system is complex, presenting challenges for everyone-patients, doctors, nurses, office managers, and billers alike. At VaxCare, we aim to streamline this complexity, eliminating unnecessary costs and confusion so that practices can focus on their important work: caring for patients. Our innovative solutions include a vaccine management and LARC access platform trusted by over 20,000 active providers nationwide. This service is powered by a multidisciplinary team of dedicated professionals who lead with integrity and a relentless drive to exceed expectations, bringing clarity and efficiency to the often-overwhelming world of healthcare.

THE POSITION

The Information Security Analyst will support VaxCare's security and compliance program with a primary focus on administrative safeguards, policy and procedure management, and third-party assurance activities. This role partners closely with the Director of Information Security and Compliance to ensure VaxCare's information security program remains aligned with the HITRUST CSF, regulatory expectations, and contractual obligations with vendors and partners. This position is well suited for someone who is detail-oriented, comfortable with documentation and cross-functional coordination, and experienced in translating security frameworks into clear, actionable policies and processes.

ESSENTIAL RESPONSIBILITIES

• Draft, review, and maintain information security policies, standards, and procedures in alignment with updates to the HITRUST CSF and other applicable frameworks
• Track HITRUST framework changes and support policy updates to ensure ongoing alignment and audit readiness
• Coordinate the third-party assurance program, including:
  • Managing outbound security questionnaires and evidence requests sent to vendors
  • Reviewing and filling out inbound security questionnaires and assurance documentation received from partners and customers
• Support internal and external audits by organizing documentation, maintaining evidence repositories, and responding to auditor requests
• Collaborate with legal, privacy, IT, and business stakeholders to ensure security documentation accurately reflects operational practices
• Assist with risk assessments, exception tracking, and remediation documentation related to administrative safeguards
• Build and maintain reports and artifacts that demonstrate VaxCare's security governance and compliance posture
• Further the mission of the Information Security Management Program (ISMP) and help build a culture of security awareness across the organization (e.g., manage security e-learning and write/publish internal information security newsletters)

REQUIRED EXPERIENCE & QUALIFICATIONS

• Bachelor's or Graduate degree in Cybersecurity, Information Systems, or a related field
• 0-2 years of relevant experience in cybersecurity, audit, risk, or compliance
• Solid understanding of fundamental security and IT concepts
• Familiarity with major security and privacy frameworks (knowledge of NIST 800-53, NIST 800-171, CSF, CMMC, DFARS, IS027001, PCI, HIPAA and other regulations preferred)
• Technical aptitude and a passion for cybersecurity

COMPENTENCIES: Core to all positions at VaxCare

We Live (and Work) by Our Values:

- Building a team culture founded on trust, collaboration, and delivery excellence

- Belief in Something Bigger than Ourselves - Capacity to derive meaning from a larger purpose

- Humility as a Posture of Learning - Burning curiosity to learn without ego

- Adaptability & Embracing Change - Nimbleness & ready to seize new opportunities

Additional "Must Haves":

- Dependability - Must be able to meet deadlines, work independently, maintain focus, & punctual

- Interpersonal Skills - Builds strong relationships & contributes to a positive work environment.

- Computer Skills - Skilled with computers, learns new tools quickly.

- Ethics - Honest, accountable, maintains confidentiality.

OTHER RESPONSIBILITIES

• Remote Work Requirements:
  • Must be able to perform job duties independently with minimal supervision.
  • Must have private, distraction -free workspace suitable for confidential and focused work.
  • Must have reliable high-speed internet to support video conferencing and regular computer use.
  • Must be comfortable being on camera for Microsoft Teams meetings/video conference calls.
  • Must be willing & able to travel on-site in Orlando, Florida at least 2x per year.
    (Travel expenses reimbursed by VaxCare)

• Prolonged sitting or standing: Team members must be able to remain in a stationary position for extended periods, as much of the work involves sitting at a computer or workstation. Some hybrid or office-based roles may also require the ability to stand for portions of a shift.
• Repetitive motions: Significant use of the hands, wrists, and fingers is required for tasks like typing, using a computer mouse, and handling paperwork.
• Treating data engineering as a craft, with strong attention to correctness, performance, and maintainability
• Visual acuity: This job requires the ability to view a computer screen and read documents for extended periods.
• Communication: Team members must be able to clearly express and exchange ideas in English to effectively communicate with customers and co-workers.
• Occasional lifting: Many office-based jobs specify the ability to occasionally lift or move up to 10-20 pounds to handle supplies or equipment.

Physical Requirements/Work Environment:

TASK

Continuous

Intermittent

Seldom

N/A

Regular & Reliable Attendance

X

Standing/Walking

X

Travel/Driving/Operating Vehicle

X

Sitting (desk/computer work)

X

Lifting/Lowering/Carrying (up to 20lbs)

X

Reaching/Bending/Twisting

X

Hand/Wrist Use (typing/mouse/writing)

X

In person attendance for meetings/conferences

X

Operating Mobile Equipment/Machinery

X

By signing below, I acknowledge that I have received this job description.

My signature further acknowledges that I have reviewed this job description and understand that I have the individual responsibility to fulfill all the essential duties and responsibilities listed on a consistent and ongoing basis.

Team Member Name

Team Member Signature Date

Note: Team Members in this position will be responsible for implementing and acting in accordance with VaxCare's information security policies; protecting assets from unauthorized access, disclosure, modification, destruction or interference; executing specific security processes or activities as assigned by the Information Security and/ or Privacy officers; and reporting security events or potential security risks to the organization. Team Members in this role will be involved in the processing of protected patient and/or payment information and will be responsible for ensuring the security and privacy of the information within their scope of work.