Cybersecurity Third party Risk Manager
Sentara Independence
City/State
Virginia Beach, VAOverview
Work Shift
First (Days) (United States of America)Sentara Health is seeking a passionate Cybersecurity leader to join our team as Cybersecurity Third-party Risk Manager to join our team
This position is 100% Remote -Candidates must have a current residence in one of the follow states: Alabama, Delaware, Florida, Georgia, Idaho, Indiana, Kansas, Louisiana, Maine Maryland, Minnesota, Nebraska, Nevada, North Carolina, New Hampshire, North Dakota, Ohio, Oklahoma, Pennsylvania, South Carolina, South Dakota, Tennessee, Texas, Utah, Virginia, Washington (state), West Virginia, Wisconsin, Wyoming !
As a Cyber Security Third-Party Risk Manager, you will play a critical role developing, enhancing and executing the third-party risk management program including onboarding, maintenance and ongoing monitoring, and offboarding of third-party suppliers. Your primary responsibilities will include identifying and categorizing third party vendors based on risk, understanding and prioritizing the risks, establishing and enforcing key controls to mitigate the risk, perform continuous monitoring that tracks and reassesses third parties, and ensure third party contractual compliance with Sentara policy and standards.
Minimum Requirements:
- Experience with various industry regulations and frameworks (PCI, HIPAA, ISO27001/2, NIST, HITRUST, etc.)
- Experience with GRC tools such as Service Now, One Trust, Archer, etc.
- Experience working in a highly regulated environment.
- Three years’ experience successfully managing a third-party risk, or vendor due diligence team in cyber security.
- Strong background in risk and controls, security controls, auditing, and system security.
- Experience negotiating IT contracting terms with vendors legal and information security teams
- Ability to express complex technical concepts in business terms.
- Organized and detail-oriented, able to work well under deadlines in a changing environment and complete multiple projects effectively and concurrently.
- Demonstrated customer focus – evaluates decisions through the eyes of the customer; builds strong customer relationships and creates processes with customer viewpoint.
- Strong analytical skills – strong problem-solving skills, communicates in a clear and succinct manner and effectively evaluates information/data to make decisions; anticipates obstacles and develops plans to resolve.
- Change oriented – actively generates process improvements; supports and drives change and confronts difficult circumstances in creative ways. Self-motivated, self-directed, flexible, and able to work under pressure and in fast paced team environment.
- Demonstrated ability to lead and motivate staff and to apply skills and techniques to solve dynamic problems.
Key Responsibilities:
- Regularly interact with all levels of management to present and discuss third-party risk management
- Conduct comprehensive risk assessments of third-party vendors based on risk
- Manage a team of assessors for performing vendor assessments and vendor contracts negotiations
- Analyze and prioritize risks based on their potential impact on the organization’s operations, data, and reputation.
- Develop and streamline the third-party risk management process.
- Identify and assess vulnerabilities within vendor systems, networks, and applications.
- Collaborate with cross-functional teams, including IT, security, and compliance, to develop and implement risk mitigation strategies.
- Prepare detailed third-party risk assessment reports, including findings, recommendations, and mitigation plans, for presentation to management.
- Maintain accurate and up-to-date documentation of third-party risk assessment activities, findings, and risk treatment plans.
- Assist in audits and assessments to demonstrate compliance with cybersecurity standards.
Qualifications and Skills:
- Bachelor’s degree in computer science, Information Security, or experience in related field
- Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA)
- Strong understanding of cybersecurity principles, risk assessment methodologies, and threat landscape analysis.
- At least 3 years’ experience managing a third-party risk management program and team
- Proficiency in performing third-party risk assessments and negotiating contractual security language
- Knowledge of regulatory compliance requirements and industry standards.
- Excellent analytical and problem-solving skills.
- Effective communication and interpersonal abilities to collaborate with multidisciplinary teams.
- Attention to detail and the ability to prioritize tasks in a dynamic environment.
Sentara Overview:
For more than a decade, Modern Healthcare magazine has ranked Sentara Healthc as one of the nation's top integrated healthcare systems. That's because we are dedicated to growth, innovation, and patient safety at more than 300 sites of care in Virginia and northeastern North Carolina, including 12 acute care hospitals.
Sentara Benefits
Sentara Health offers employees comprehensive health & welfare and retirement benefits (401(k)/403(b) with employer match) designed with you and your family's well-being in mind. You have a variety of options for medical, dental and vision insurance, life insurance, disability, educational assistance, student loan repayment and voluntary benefits as well as Paid Time Off in the form of sick time, vacation time and paid parental leave. Colleagues have the opportunity to earn an annual discretionary bonus if established system and employee eligibility criteria is met.
Salary Range $112,756 - $209,414
Job Summary
General Information Technology work involves managing or performing work across multiple areas of an organization’s overall IT Platform/Infrastructure including analysis, development, and administration of: • IT Systems Software, Hardware, and Databases • Data & Voice Networks • Data Processing Operations • End User Technology & Software Support Conducts cost/benefit analyses for proposed IT projects as input to the organization’s IT roadmap.A Manager manages experienced professionals who exercise latitude and independence in assignments. Responsibilities typically include: • Ability to organize and manage projects into a program or portfolio for proper resource coordination and scope definition. • Able to leverage relationships with leaders throughout the organization to resolve conflict and issues as they arise. • Able to leverage experience to manage larger, more complex projects and programs. • Policy and strategy implementation for short-term results (1 year or less). • Problems faced are difficult to moderately complex. • Influences others outside of their own job area regarding policies, practices, and procedures.
Experience in lieu of Bachelor’s Degree
5 yrs relevant years experience with a degree
7 yrs relevant years’ experience without a degree
Qualifications:
BLD - Bachelor's Level DegreeSkills
Sentara Healthcare prides itself on the diversity and inclusiveness of its close to an almost 30,000-member workforce. Diversity, inclusion, and belonging is a guiding principle of the organization to ensure its workforce reflects the communities it serves.
Per Clinical Laboratory Improvement Amendments (CLIA), some clinical environments require proof of education; these regulations are posted at ecfr.gov for further information. In an effort to expedite this verification requirement, we encourage you to upload your diploma or transcript at time of application.
In support of our mission “to improve health every day,” this is a tobacco-free environment.
Job Profile
100% remote Alabama Delaware Florida Georgia Idaho Indiana Kansas Louisiana Maine Maryland Minnesota Must reside in specified states Nebraska Nevada New Hampshire North Carolina North Dakota Ohio Oklahoma Pennsylvania Remote South Carolina South Dakota Tennessee Texas Utah Virginia Washington State West Virginia Wisconsin Wyoming
Benefits/Perks100% Remote Career growth opportunities Dental Educational Assistance Flexible work environment Fully remote Healthcare Life Insurance Medical Paid parental leave Paid Time Off Retirement benefits Vision Vision Insurance
Tasks- Auditing
- Collaborate with cross functional teams
- Conduct risk assessments
- Develop and execute third-party risk management program
- Maintain documentation
- Manage vendor assessments and negotiations
- Monitoring
- Organize and manage projects
- Prepare risk assessment reports
Analysis Analytical Archer Auditing Communication Compliance Customer focus Cybersecurity Cyber Security GRC Tools Healthcare systems HIPAA HITRUST Information security Interpersonal ISO 27001 ISO27001 IT contracting IT systems Management NIST OneTrust Operations PCI Problem-solving Process Improvement Regulatory Compliance Resource Coordination Risk Assessment Risk controls Risk Management Security Controls Service Now ServiceNow Strategy Implementation System Security Team Leadership Technology Third-Party Risk Management Vendor Management Verification
Experience3 years
EducationComputer Science Related Field
Certifications TimezonesAmerica/Anchorage America/Chicago America/Denver America/Los_Angeles America/New_York Pacific/Honolulu UTC-10 UTC-5 UTC-6 UTC-7 UTC-8 UTC-9