Manager -Cybersecurity Third Party Risk

Job Description

Company: Sentara Health

Location: US

City/State Norfolk, VA Work Shift First (Days) Overview: Overview As a Cyber
Security Third-Party Risk Manager, you will play a critical role developing,
enhancing and executing the third-party risk management program including
onboarding, maintenance and ongoing monitoring, and offboarding of third-party
suppliers. Your primary responsibilities will include identifying and
categorizing third party vendors based on risk, understanding and prioritizing
the risks, establishing and enforcing key controls to mitigate the risk, perform
continuous monitoring that tracks and reassesses third parties, and ensure third
party contractual compliance with Sentara policy and standards. You will also be
responsible for negotiating and maintaining the information security exhibit
with the vendors through the contracting process. Key Responsibilities Regularly
interact with all levels of management to present and discuss third-party risk
management Conduct comprehensive risk assessments of third-party vendors based
on risk Manage a team of assessors for performing vendor assessments and vendor
contracts negotiations Analyze and prioritize risks based on their potential
impact on the organization’s operations, data, and reputation. Develop and
streamline the third-party risk management process. Identify and assess
vulnerabilities within vendor systems, networks, and applications. Collaborate
with cross-functional teams, including IT, security, and compliance, to develop
and implement risk mitigation strategies. Prepare detailed third-party risk
assessment reports, including findings, recommendations, and mitigation plans,
for presentation to management. Maintain accurate and up-to-date documentation
of third-party risk assessment activities, findings, and risk treatment plans.
Assist in audits and assessments to demonstrate compliance with cybersecurity
standards. Education: Bachelor’s degree in Cybersecurity, Information
Technology, Computer Science, or related field (preferred) (OR) Experience in
lieu of Bachelor’s Degree- 7+ years of experience in cybersecurity, with at
least 3 years in risk management Certification/Licensure CISSP (Certified
Information Systems Security Professional) (Preferred) CISM (Certified
Information Security Manager)(Preferred) CRISC (Certified in Risk and
Information Systems Control)(Preferred) CISA (Certified Information Systems
Auditor)(Preferred) Experience 5+ years of experience in cybersecurity, with at
least 3 years in risk management with a degree (Required) 7+ years of experience
in cybersecurity, with at least 3 years in risk management without a degree)
(Required) Strong understanding of cybersecurity principles, risk assessment
methodologies, and threat landscape analysis. 3 years’ experience managing a
third-party risk management program and team Proficiency in performing
third-party risk assessments and negotiating contractual security language
Knowledge of regulatory compliance requirements and industry standards.
Excellent analytical and problem-solving skills. Effective communication and
interpersonal abilities to collaborate with multidisciplinary teams. Experience
in healthcare or other highly regulated industries preferred Deep understanding
of cybersecurity frameworks (NIST CSF, NIST 800-53, ISO 27001, HITRUST)
Knowledge of healthcare regulations (HIPAA, HITECH) and their technical
requirements Familiarity with risk assessment methodologies and tools
Understanding of security technologies, controls, and best practices Experience
with GRC (Governance, Risk, and Compliance) platforms such as ServiceNOW,
OneTrus Keyword, Cybersecurity Risk, TPRM Talroo – IT We provide
market-competitive compensation packages, inclusive of base pay, incentives, and
benefits. The base pay rate for Full Time employment is:$116,729. 60-$216,777. 60.
Additional compensation may be available for this role such as shift
differentials, standby/on-call, overtime, premiums, extra shift incentives, or
bonus opportunities. Benefits: Caring For Your Family and Your Career • Medical,
Dental, Vision plans • Adoption, Fertility and Surrogacy Reimbursement up to
$10,000 • Paid Time Off and Sick Leave • Paid Parental & Family Caregiver Leave
• Emergency Backup Care • Long-Term, Short-Term Disability, and Critical Illness
plans • Life Insurance • 401k/403B with Employer Match • Tuition Assistance –
$5,250/year and discounted educational opportunities through Guild Education •
Student Debt Pay Down – $10,000 • Reimbursement for certifications and free
access to complete CEUs and professional development •Pet Insurance •Legal
Resources Plan •Colleagues have the opportunity to earn an annual discretionary
bonus if established system and employee eligibility criteria is met. Sentara
Health is an equal opportunity employer and prides itself on the diversity and
inclusiveness of its close to an almost 30,000-member workforce. Diversity,
inclusion, and belonging is a guiding principle of the organization to ensure
its workforce reflects the communities it serves. In support of our mission ‘to
improve health every day,’ this is a tobacco-free environment. For positions
that are available as remote work, Sentara Health employs associates in the
following states: Alabama, Delaware, Florida, Georgia, Idaho, Indiana, Kansas,
Louisiana, Maine, Maryland, Minnesota, Nebraska, Nevada, New Hampshire, North
Carolina, North Dakota, Ohio, Oklahoma, Pennsylvania, South Carolina, South
Dakota, Tennessee, Texas, Utah, Virginia, Washington, West Virginia, Wisconsin,
and Wyoming. Sentara Health is a Virginia and Northeastern North Carolina based
not-for-profit integrated healthcare provider that has been in business for over
131 years. Offering hundreds of sites of care including 12 hospitals, PACE, home
health, hospice, medical groups, imaging services, therapy, outpatient surgery
centers, and an 858,000 member health plan. The people of the communities that
we serve have nominated Sentara ‘Employer of Choice’ for ov.

Source: Jobilize