Information Security Analyst (Remote)

About The Position

Requirements

• 3+ years of experience in information security, risk, or compliance.
• Experience in regulated environments (health care preferred).
• Familiarity with frameworks such as HIPAA, SOC 2, HITRUST, or NIST.
• Experience with cloud and SaaS security environments (AWS, O365).
• Strong analytical skills and the ability to clearly communicate risk.
• Excitement for continuing to mature and strengthen an established security program.
• Someone who takes initiative, unearths problems, and leads with solutions.
• Bring energy and creativity to inspire adoption of cybersecurity best practices

Nice To Haves

• Relevant certifications (Security+, CISSP, CISM, CISA) are a plus.
• Hands-on experience with IAM, IdP, SSO, SCIM, and privileged access management tools.
• Experience with SIEM platforms, log analysis, and vulnerability management tools.
• Scripting or automation experience (Python, PowerShell, or similar).
• Experience supporting audits (SOC 2, HIPAA, HITRUST) and preparing evidence.
• Experience working with healthcare data and protecting PHI is strongly preferred.

Responsibilities

• Own and execute user access management, including provisioning and deprovisioning across AWS, O365, HRIS, SaaS platforms, and databases).
• Implement and maintain least-privilege RBAC, access control matrices, and entitlement catalogs.
• Administer identity and access systems, including IdP/SSO integrations (SAML, OAuth) and SCIM provisioning.
• Enforce privileged access management (PAM), multi-factor authentication (MFA_, separation of duties, and key/secret rotation.
• Conduct recurring access reviews (quarterly and annual) across systems.
• Maintain provisioning workflows and track SLA performance for onboarding/offboarding.
• Monitor, triage, and investigate security alerts.
• Support incident response activities.
• Perform audit trail and log reviews (SIEM, CloudTrail, O365 logs) and track remediation.
• Support SOC 2, HIPAA, and HITRUST audits, including evidence collection and remediation tracking.
• Maintain and update security policies, standards, and procedures.
• Partner with Legal, Compliance, and IT teams to strengthen controls and resolve findings.
• Lead third-party risk assessments and vendor security reviews, particularly for partners handling sensitive data (PHI/PII).
• Execute activities from Evio’s Cybersecurity Calendar including access reviews, audit log reviews, annual SaaS access reviews, device management reviews, BC/DR and incident response testing, phishing campaigns, and third-party risk assessments.
• Run phishing simulations and track awareness metrics.
• Support and improve teammate security awareness and training programs.
• Maintain the enterprise risk register and track remediation progress.
• Report on security KPIs and risk trends
• Identify automation opportunities to improve efficiency and reduce manual effort.

Benefits

• Great Health Insurance
• The company pays 100% of medical, dental, and vision premiums for teammates, and 50% for dependents.
• 401K Match
• Evio matches 100% of teammate contribution up to 5% of salary, subject to IRS limits.
• Time Off
• We have a flexible vacation policy for teammates to unplug and recharge when you need it.
• Parental Leave
• Generous paid leave for new parents (includes birth and non-birth parents).