Manager – Cybersecurity Third Party Risk

This is a fully remote position, open to applicants in Florida, +3 more states.

📋 Description

• Design, improve, and implement the third-party risk management program, which includes the onboarding, maintenance, ongoing monitoring, and offboarding of third-party suppliers.

• Assess and classify third-party vendors according to risk, while understanding and prioritizing these risks.

• Set up and enforce essential controls to reduce risk exposure.

• Carry out continuous monitoring to track and reassess third parties.

• Ensure compliance of third-party contracts with Sentara policies and standards.

• Negotiate and uphold the information security exhibit with vendors during the contract process.

• Regularly engage with all management levels to present and discuss third-party risk management.

• Execute thorough risk assessments of third-party vendors based on identified risks.

• Lead a team of assessors responsible for vendor assessments and contract negotiations.

• Evaluate and prioritize risks according to their potential impact on the organization's operations, data security, and reputation.

• Enhance and refine the third-party risk management process.

• Identify and evaluate vulnerabilities within vendor systems, networks, and applications.

• Work collaboratively with cross-functional teams, including IT, security, and compliance, to develop and implement strategies for risk mitigation.

• Prepare comprehensive third-party risk assessment reports detailing findings, recommendations, and mitigation strategies for management review.

• Keep accurate and current documentation of third-party risk assessment activities, findings, and risk treatment strategies.

• Support audits and assessments to validate compliance with cybersecurity standards.

⛳️ Requirements

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field (preferred).

• Over 7 years of experience in cybersecurity, with a minimum of 3 years in risk management (Experience can substitute for a Bachelor's Degree).

• Certification/Licensure: CISSP (Preferred).

• Certification/Licensure: CISM (Preferred).

• Certification/Licensure: CRISC (Preferred).

• Certification/Licensure: CISA (Preferred).

• At least 5 years of experience in cybersecurity with a minimum of 3 years in risk management, accompanied by a degree (Required).

• More than 7 years of experience in cybersecurity with at least 3 years in risk management without a degree (Required).

• Strong grasp of cybersecurity principles, risk assessment methodologies, and analysis of the threat landscape.

• Expertise in conducting third-party risk assessments and negotiating security clauses in contracts.

• Familiarity with regulatory compliance requirements and industry standards.

• Outstanding analytical and problem-solving capabilities.

• Strong communication and interpersonal skills for effective collaboration with multidisciplinary teams.

• Experience in healthcare or other highly regulated sectors is preferred.

• Comprehensive understanding of cybersecurity frameworks (NIST CSF, NIST 800-53, ISO 27001, HITRUST).

• Knowledge of healthcare regulations (HIPAA, HITECH) and their technical requirements.

• Familiarity with risk assessment methodologies and tools.

• Understanding of security technologies, controls, and best practices.

• Experience with GRC (Governance, Risk, and Compliance) platforms such as ServiceNOW and OneTrust.

🏝️ Benefits

• Medical, Dental, and Vision plans.

• Adoption, Fertility, and Surrogacy Reimbursement up to $10,000.

• Paid Time Off and Sick Leave.

• Paid Parental & Family Caregiver Leave.

• Emergency Backup Care.

• Long-Term, Short-Term Disability, and Critical Illness plans.

• Life Insurance.

• 401k/403B with Employer Match.

• Tuition Assistance – $5,250/year, plus discounted educational opportunities through Guild Education.

• Student Debt Pay Down – $10,000.

• Reimbursement for certifications and complimentary access to CEUs and professional development.

• Pet Insurance.

• Legal Resources Plan.

• Employees have the opportunity to earn an annual discretionary bonus if eligibility criteria are met.