About the Role
Key Responsibilities:
Regularly interact with all levels of management to present and discuss third-party risk management
Conduct comprehensive risk assessments of third-party vendors based on risk
Manage a team of assessors for performing vendor assessments and vendor contracts negotiations
Analyze and prioritize risks based on their potential impact on the organization’s operations, data, and reputation.
Develop and streamline the third-party risk management process.
Identify and assess vulnerabilities within vendor systems, networks, and applications.
Collaborate with cross-functional teams, including IT, security, and compliance, to develop and implement risk mitigation strategies.
Prepare detailed third-party risk assessment reports, including findings, recommendations, and mitigation plans, for presentation to management.
Maintain accurate and up-to-date documentation of third-party risk assessment activities, findings, and risk treatment plans.
Assist in audits and assessments to demonstrate compliance with cybersecurity standards.
Qualifications and Skills:
Bachelor’s degree in computer science, Information Security, or experience in related field
Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA)
Strong understanding of cybersecurity principles, risk assessment methodologies, and threat landscape analysis.
At least 3 years’ experience managing a third-party risk management program and team
Proficiency in performing third-party risk assessments and negotiating contractual security language
Knowledge of regulatory compliance requirements and industry standards.
Excellent analytical and problem-solving skills.
Effective communication and interpersonal abilities to collaborate with multidisciplinary teams.
Attention to detail and the ability to prioritize tasks in a dynamic environment.
Requirements
Minimum Requirements:
- Experience with various industry regulations and frameworks (PCI, HIPAA, ISO27001/2, NIST, HITRUST, etc.)
- Experience with GRC tools such as Service Now, One Trust, Archer, etc.
- Experience working in a highly regulated environment.
- Three years’ experience successfully managing a third-party risk, or vendor due diligence team in cyber security.
- Strong background in risk and controls, security controls, auditing, and system security.
- Experience negotiating IT contracting terms with vendors legal and information security teams
- Ability to express complex technical concepts in business terms.
- Organized and detail-oriented, able to work well under deadlines in a changing environment and complete multiple projects effectively and concurrently.
- Demonstrated customer focus – evaluates decisions through the eyes of the customer; builds strong customer relationships and creates processes with customer viewpoint.
- Strong analytical skills – strong problem-solving skills, communicates in a clear and succinct manner and effectively evaluates information/data to make decisions; anticipates obstacles and develops plans to resolve.
- Change oriented – actively generates process improvements; supports and drives change and confronts difficult circumstances in creative ways. Self-motivated, self-directed, flexible, and able to work under pressure and in fast paced team environment.
- Demonstrated ability to lead and motivate staff and to apply skills and techniques to solve dynamic problems.
About the Company
For more than a decade, Modern Healthcare magazine has ranked Sentara Healthc as one of the nation's top integrated healthcare systems. That's because we are dedicated to growth, innovation, and patient safety at more than 300 sites of care in Virginia and northeastern North Carolina, including 12 acute care hospitals.