Information Security Analyst (Remote)

Evio Overview

Evio is a highly unique pharmacy solutions company that was founded by and works closely with health plans to implement transformative (to cost, quality, access and experience) initiatives primarily focused on specialty and other high-cost medication solutions.   

In 2020, a group of five amazing Blue Cross Blue Shield health plans that in total serve more than 20 million members recognized that the way medications get to patients needs significant reform—rapidly rising costs and massive system complexities are detrimental to patients and the entire industry. In 2025, Wellmark joined as Evio's first non-founding investor and sixth owner health plan. Each company made, and continues to make, significant investments to establish Evio as an independent entity to lead this transformation. 
 

Evio has advanced analytics and contracting capabilities at scale, and a suite of digital tools, to power our high-cost medication solutions. Our solutions act as a self-reinforcing “flywheel” where each element strengthens and feeds into the next, and support an “Only Evio can do that,” mindset and prioritization.    

Evio is also a company that has invested heavily in and been highly intentional about people, team and culture. We believe we have created a very special place to work and encourage candidates to observe and ask us about our culture and decide for themselves.   

Evio's Values

• Empathy – The people our business serves always come first. We care for our teammates and put ourselves in the shoes of our health plan customers and the patients and clinicians our solutions benefit.
• Diversity – We are committed to fostering a culture where everyone belongs and is valued for their background, experience and insights – one that encourages diversity of ideas, and is a nurturing, trusting, and accepting place for all.
• Adventure – We are flexible, thrive in ambiguity, fail fast, and pivot quickly to get to a better answer. We celebrate wins and pivots with equal intensity.
• Relentless – Guided by evidence and data, we are creative, curious, and unwavering in our pursuit of challenging the status quo and each other.
• Transparency – Just as we seek to bring transparency to the pharmacy supply chain, authenticity and integrity are core to the way we communicate. 
• Excellence – We strive to raise the bar in all we do by hiring and developing exceptional talent and holding ourselves and our thinking to the highest standard. 

 

About the role

Evio is seeking a proactive and detail-oriented Information Security Analyst to help protect our systems, data, and infrastructure across a regulated health care environment. This role plays an important part in strengthening and maturing our security program while enabling secure, efficient business operations.  

You will execute and improve security controls, manage user and privileged access, run monitoring and response activities, and coordinate recurring program work driven by Evio’s Cybersecurity Calendar. You’ll work cross-functionally with teammates across IT, Legal, Compliance, and business teams. 

This is a hands-on role with broad visibility, where you’ll help shape how security operates at Evio. 

What you'll do 

Identity & access control / user lifecycle 

• Own and execute user access management, including provisioning and deprovisioning across AWS, O365, HRIS, SaaS platforms, and databases). 
• Implement and maintain least-privilege RBAC, access control matrices, and entitlement catalogs. 
• Administer identity and access systems, including IdP/SSO integrations (SAML, OAuth) and SCIM provisioning. 
• Enforce privileged access management (PAM), multi-factor authentication (MFA_, separation of duties, and key/secret rotation. 
• Conduct recurring access reviews (quarterly and annual) across systems.
• Maintain provisioning workflows and track SLA performance for onboarding/offboarding.

Security operations & monitoring 

• Monitor, triage, and investigate security alerts.
• Support incident response activities. 
• Perform audit trail and log reviews (SIEM, CloudTrail, O365 logs) and track remediation. 

Program, compliance, and third-party risk  

• Support SOC 2, HIPAA, and HITRUST audits, including evidence collection and remediation tracking. 
• Maintain and update security policies, standards, and procedures.  
• Partner with Legal, Compliance, and IT teams to strengthen controls and resolve findings.
• Lead third-party risk assessments and vendor security reviews, particularly for partners handling sensitive data (PHI/PII). 

Recurring cybersecurity program activities  

• Execute activities from Evio’s Cybersecurity Calendar including access reviews, audit log reviews, annual SaaS access reviews, device management reviews, BC/DR and incident response testing, phishing campaigns, and third-party risk assessments. 

Awareness, reporting, and continuous improvement  

• Run phishing simulations and track awareness metrics. 
• Support and improve teammate security awareness and training programs.  
• Maintain the enterprise risk register and track remediation progress. 
• Report on security KPIs and risk trends  
• Identify automation opportunities to improve efficiency and reduce manual effort. 

Your skills and experience 

• 3+ years of experience in information security, risk, or compliance.
• Experience in regulated environments (health care preferred).
• Familiarity with frameworks such as HIPAA, SOC 2, HITRUST, or NIST.
• Experience with cloud and SaaS security environments (AWS, O365).
• Strong analytical skills and the ability to clearly communicate risk.
• Relevant certifications (Security+, CISSP, CISM, CISA) are a plus. 
• Excitement for continuing to mature and strengthen an established security program.
• Someone who takes initiative, unearths problems, and leads with solutions.
• Bring energy and creativity to inspire adoption of cybersecurity best practices  

Additional / Preferred 

• Hands-on experience with IAM, IdP, SSO, SCIM, and privileged access management tools. 
• Experience with SIEM platforms, log analysis, and vulnerability management tools. 
• Scripting or automation experience (Python, PowerShell, or similar). 
• Experience supporting audits (SOC 2, HIPAA, HITRUST) and preparing evidence. 
• Experience working with healthcare data and protecting PHI is strongly preferred. 

Compensation: $100,000 - $115,000 plus additional variable compensation based on performance.

At Evio, we’re committed to building a competitive compensation package to honor the value our teammates bring as well as attract and retain top talent that is aligned with our culture, mission, and values. Compensation includes base pay (range shown) and could include other variable compensation opportunities depending on job seniority, location, and date of hire.   

Evio Benefits 

• Great Health Insurance 
  The company pays 100% of medical, dental, and vision premiums for teammates, and 50% for dependents.  
• 401K Match 
  Evio matches 100% of teammate contribution up to 5% of salary, subject to IRS limits.  
• Time Off 
  We have a flexible vacation policy for teammates to unplug and recharge when you need it. 
• Parental Leave 
  Generous paid leave for new parents (includes birth and non-birth parents).  

Evio values a diverse workplace and is committed to supporting and celebrating the diversity that each teammate brings to the table. 

Notice

We’ve recently learned of fraudulent job postings and individuals falsely claiming to represent Evio. 

• All official communication will come from an email ending in @evio.com.
• We will never conduct text-only interviews.
• We will never ask for payment, gift cards, or financial information.
• Our roles are posted only on our official website, LinkedIn, and Greenhouse. 

If you believe you’ve encountered a scam, please report it to the appropriate authorities. 

Thank you for helping keep our community safe.