Senior IT Risk & Controls Analyst u2013 Information ...

At Prime Therapeutics (Prime), we are a different kind of PBM, with a purpose beyond profits and a unique ability to connect care for those we serve. Looking for a purpose-driven career? Come build the future of pharmacy with us. Job Posting Title Senior IT Risk & Controls Analyst u2013 Information Security Contract Negotiations - Remote Job Description Senior IT Risk & Controls Analyst u2013 Information Security Contract Negotiations Focus We are seeking an experienced Senior IT Risk & Controls Analyst with 5+ years of expertise in Information Security Contract Negotiations , including contract review, redlining, and assessing security risks within client agreements. The ideal candidate is an influential communicator capable of shaping outcomes with internal stakeholders, external partners, and clients while safeguarding the organizationu2019s security posture. Role Overview In this role, you will drive strategic initiatives across our Security Governance, Risk, and Compliance (GRC) program. You will collaborate with Legal, Procurement, IT, and business leadership to develop robust processes, strengthen security standards, and negotiate contractual protections that meet regulatory and industry security requirements. This position requires strong negotiation capability, risk evaluation skills, and the ability to influence and lead across the organization. Responsibilities + Lead the development, implementation and enforcement of organization wide security standards, policies and procedures including organizational processes and metrics that monitor risk and controls and evaluating operational performance + Perform vendor security assessments and onsite audits to ensure adherence to contractual obligations, including negotiating appropriate security language in vendor agreements + Assure the management of IT audit action plan remediation + Develop and implement sustainment and monitoring processes to assure compliance with security requirements within HITRUST, SOC 1, SOC 2, HIPAA, and client contracts + Respond to client security assessments and RFPs, ensuring alignment with internal security policies and applicable regulatory requirements, and participate in client contract negotiations + Monitor and interpret state and federal cyber regulations (e.g. HIPAA, HITRUST, NIST, CMS, etc.), identify gaps, and recommend updates to security controls and frameworks + Provide leadership to guide Information Security program projects + Other duties as assigned Minimum Qualifications + Bachelor's degree in an analytical discipline such as Computer Science, Finance, or Sciences or related area of study, or equivalent combination of education and/or related work experience; HS diploma or GED is required + 5 years of experience in Information Security, Information Technology, Risk Management, Audit or Finance + Must be eligible to work in the United States without the need for work visa or residency sponsorship Additional Qualifications + Ability to manage and prioritize numerous time-critical tasks simultaneously and provide direction to professional staff + Strong analytical and critical thinking skills + Project and process management skills, including managing to project budgets and timelines + Knowledge of Governance, Risk and Compliance area topics + Solid understanding of regulatory requirements and security frameworks (PCI, HIPAA, SOC1, SOC2, HITRUST, NIST, etc.) + Working knowledge or experience with security practices, principles and controls + Leadership and mentoring skills Preferred Qualifications + Current industry-recognized security certification (CISSP, CISA, CRISC, CISM, etc.) + Master's degree in an analytical discipline such as Computer Science, Finance, or Sciences or related area of study + Experience developing and producing security metrics and reporting, communications and policies + Experience in a highly regulated industry, health care preferred + Experience conducting security assessments across a range of frameworks including PCI, HITRUST, SOC 1, SOC 2, HIPAA, ISO, NIST, and/or CoBIT. + Experience responding to client RFPs and contract negotiations in the healthcare or public sector industries Every employee must understand, comply with and attest to the security responsibilities and security controls unique to their job, and comply with all applicable legal, regulatory, and contractual requirements and internal policies and procedures Every employee must be able to perform the essential functions of the job and, if requested, reasonable accommodations will be made to enable employees with disabilities to perform the essential functions, absent undue hardship. In addition, Prime retains the right to change or assign other duties to this job. Potential pay for this position ranges from $94,000.00 - $160,000.00 based on experience and skills. To review our Benefits, Incentives and Additional Compensation, visit our Benefits Page ( and click on the

Created: 2026-03-11