Security Analyst



Are you ready to play a vital role in the future of pharmacy? Aspen RxHealth is a leading, rapidly growing healthcare technology organization reshaping the future of pharmacy. We are looking for a dedicated and meticulous IT compliance and security Analyst to join our growing team at Aspen RxHealth. In the role you will operate independently and as part of Aspen’s information security team (IST) to review, analyze and document our infosec implementation and operational compliance as required by HIPAA/HiTrust and industry best practice. You will be responsible for creating and maintaining compliance documentation, writing policy & procedures that meet HiTrust certification requirements, as well as responding to infosec assessments & questionnaire from Aspen customers and partners.


  • Create and maintain documentation for Aspen’s information security management program, write policy & procedures that meet HiTrust certification requirements. Define security control metrics, measurement, and management processes to provide evidence materials for compliance audits per HiTrust assessment and certification requirements.
  • Day-to-day infosec operational tasks, including but not limited to:
    • Monitoring system security activities and maintaining review manifest; Creating automatic alerts and notifications (e.g., SumoLogic); Working and investigating with System Admin and IST per infosec response procedures.
    • Reviewing and maintaining security scanning reports (e.g., vulnerability scanning, code reviews, penetration testing), compliance review manifests and related materials as evidence for security audits.
    • Reviewing and documenting changes related to infosec such as firewall policy, system & application security settings as part of Aspen’s infosec change management program.
    • Continuous and periodic reviews include daily, weekly, monthly, quarterly, and annual requirements as appropriate.
  • Manage reviews and responses to IT security and compliance related assessments & questionnaire from Aspen staffs, customers and third party partners.
  • Serve as a key member of IST in working with HiTrust assessor (third party) in Aspen’s HiTrust certification processes and fieldwork engagements.
  • Analyze system or procedural deficiencies and compliance gaps in Aspen’s products & services, infrastructure, employee, or organizational practices; Collaborate with IT team to evaluate solutions, implement mitigations, validate, and document resolution of gaps.
  • Review and maintain compliance documentation from Aspen’s cloud service providers, third party partners, Business Associates, or software vendors, such as annual SOC 2 reports and BA agreements.
  • Other responsibilities as assigned.


  • Five or more years of infosec experience with roles & responsibility as security analyst, security compliance analyst, or security system analyst with focus in authoring policy and procedures.
  • Prior HiTrust (CSF) certification experience, either as certified assessor or working for organization receiving certification
  • Prior security engineering/system administration and implementation experience, especially in cloud environments and cybersecurity
  • Excellent documentation writer / creator; including P&P, system and data diagrams, flowcharts, and illustrative presentation materials
  • Deep understanding of HIPAA and HiTrust MyCSF security and assessment domains, for example,
    • mobile device management, access controls
    • configuration and vulnerability management
    • network protection, data encryption & protection
    • audit logging and monitoring, incident management
    • business continuity & disaster recovery and risk management
  • Deep understanding and knowledge in cloud infrastructure security (AWS), Cybersecurity, API services, web site applications and mobile app (iOS)
  • Excellent attention to details with analytical abilities
  • Excellent organizational and team communication skills
  • Professionalism and care for infosec confidentiality and sensitivity as related to privacy and security controls
  • Microsoft Office (Word, PowerPoint, Excel, Visio etc.), Atlassian Jira and Confluence
  • References:
    o Two references required, ideally from direct supervisors
    o Plus (if available): Prior (redacted) documentation/P&P work samples or materials to illustrate quality of works in P&P authorship

About Aspen RxHealth:

Aspen RxHealth team members are critical thinkers. With a bustling Pharmacist Community (5,000 and continuously growing!) – and a core corporate team – we are information seekers, change makers, and highly curious leaders all committed to one primary goal: revolutionizing the untapped potential of the pharmacist-patient relationship.

Our Mission:

To enable the most responsive community of pharmacists that will deliver unsurpassed outcomes for patients, their families and the customers we serve.

Our Core Principles:

  • Autonomy: We empower people to do their best, and take initiative to chart their own career pathway.
  • Disruption: We’re building things that haven’t been built before, so we need
    to push past the status quo.
  • Accountability: We’re an ambitious team, but our razor-sharp focus on
    delivering on our commitments is what propels us forward.
  • Curiosity: We embrace intellectual curiosity and encourage our team to pursue
    continual innovation.

What We Value:

  • Quality & Integrity: In our human interactions, the team we assemble and the products we build.
  • Sense of Community: In our corporate family, our pharmacists, and the neighbors we serve.
  • Ensuring Capacity: In our innovation, our network of pharmacists and the services we provide.
  • Fun: With what we do, who we work with and life in general!

We offer:

  • Competitive base salary
  • Medical, dental and 401K benefits
  • Open PTO Policy
  • Collaborative work environment

Aspen RxHealth is an Equal Opportunity Employer. Employment opportunities at Aspen RxHealth are based upon one’s qualifications and capabilities to perform the essential functions of a particular job. All employment opportunities are provided without regard to race, religion, sex,
pregnancy, childbirth or related medical conditions, national origin, age, veteran status, disability, genetic information, or any other characteristic protected by law.

Application Form

"*" indicates required fields

Max. file size: 120 MB.