Norfolk, VA
|
Business Analyst (BA)
|
Contract-to-perm
|
$40 - $50 (hourly estimate)
{"JobID":522825,"JobType":["Contract-to-perm"],"EmployerID":null,"Location":{"Latitude":-76.28,"Longitude":36.84,"Distance":null},"State":"Virginia","Zip":"23502","ReferenceID":"RIC-09d75ecb-d673-4d7f-a140-8fb062de8752","PostedDate":"\/Date(1777031976000)\/","Description":"Insight Global is seeking a Third Party Risk Management Analyst to join a cybersecurity team at one of our large healthcare clients. The ideal individual will work fully remote (in the approved states) and will be responsible for ensuring the organization effectively manages risks associated with third-party vendors and partners throughout the entire third-party lifecycle, including vendor selection, contract negotiation, ongoing monitoring, and termination. This involves not only identifying and evaluating risks but also collaborating with various teams, particularly Legal and Procurement, to embed risk mitigation strategies into contractual agreements. Key responsibilities?Vendor Risk Assessment (VRA): oConduct thorough risk assessments for potential and existing vendors, focusing on various risk types, including cybersecurity, operational, financial, and compliance risks.oUtilize and potentially create vendor risk assessment questionnaires to gather detailed information about vendor practices, including data security policies, internal controls, compliance posture, and business continuity plans.oAnalyze questionnaire responses and other relevant information to identify deficiencies, areas for remediation, and categorize vendors based on risk levels.oEngage with stakeholders to communicate assessment results, address security concerns, and collaborate on potential remediation actions.oPerform periodic reviews and reassessments of existing vendors to ensure ongoing compliance and address evolving risks.?Contract Negotiation: oPartner with Legal and Procurement teams during contract negotiations to ensure security, privacy, and other relevant risk clauses are adequately addressed.oProvide expert guidance on acceptable and unacceptable contract terms related to risk management, service level agreements (SLAs), and data protection.oWork to define and include clear performance standards, due diligence requirements, and exit strategies within contracts.?TPRM program development and maintenance: oSupport the development, maintenance, and enhancement of the organization\u0027s Third-Party Risk Management program and framework.oDevelop and update TPRM procedures to ensure alignment with organizational policies and regulatory requirements.oIdentify and implement process efficiencies within the TPRM program and perform analyses on team metrics to enhance effectiveness.?Stakeholder collaboration and communication: oBuild and maintain strong relationships with internal stakeholders across departments such as Legal, Procurement, Information Security, and Business Units.oProvide TPRM guidance and training to Vendor Relationship Owners and business partners on risk management practices.oCommunicate identified risks, assessment results, and mitigation strategies to stakeholders, including senior management, clearly and concisely.?Ongoing monitoring and remediation: oTrack identified risks associated with third parties and ensure timely reviews are performed.oMonitor key supplier performance against established SLAs and regulatory requirements.oTrack and collaborate with internal partners and vendors to remediate any risk-related issues. Compensation: $35/hr - $55/hrWe are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global\u0027s Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.","Title":"Cybersecurity Third Party Risk Management Analyst","City":"Norfolk","ExpirationDate":null,"PriorityOrder":0,"Requirements":"?Minimum of 7+ years of experience in risk-based roles, with a focus on third-party risk management, IT audit, or IT risk.?Strong understanding of Third-Party Risk Management (TPRM) principles, concepts, and best practices.?Experience in conducting vendor risk assessments and evaluating internal controls, potentially leveraging frameworks like ISO 27001/2, NIST 800-53, NIST CSF, SOC1/SOC2, HITRUST, CSA CCM, and Shared Assessments SIG.?Working knowledge of contract management principles and practices, including contract negotiation and analysis.?Excellent communication skills, both written and verbal, with the ability to effectively articulate security control requirements, assessment results, and risk considerations to diverse audiences.?Strong analytical, critical thinking, and problem-solving skills, with the ability to digest and analyze complex information with attention to detail and accuracy.?Ability to work collaboratively in a cross-functional environment and build strong relationships with internal and external partners.?Proficiency in Microsoft Office Suite (Excel, PowerPoint, Word) and potentially GRC (Governance, Risk, and Compliance) tools like OneTrust.","Skills":"?CISA, CRISC, CISM, CISSP, or other relevant certifications are often preferred. ?Bachelor\u0027s degree in a relevant field such as Business, Finance, Information Technology, or a related discipline.?Past experience spearheading and building out a Third Party Risk Management program and providing leadership to junior analysts.","Industry":"Business Analyst (BA)","Country":"US","Division":"IT","Office":null,"IsRemoteJob":true,"IsInternalJob":false,"ExtraValues":null,"__RecordIndex":0,"__OrdinalPosition":0,"__Timestamp":0,"Status":null,"ApplicantCount":0,"SubmittalCount":0,"ApplicationToHireRatio":0,"JobDuration":null,"SalaryHigh":50.0000,"SalaryLow":40.0000,"PayRateOvertime":0,"PayRateStraight":0,"Filled":0,"RemainingOpenings":0,"TotalOpenings":0,"Visa":null,"ClearanceType":null,"IsClearanceRequired":false,"IsHealthcare":false,"IsRemote":false,"EndClient":null,"JobCreatedDate":"\/Date(-62135578800000)\/","JobModifiedDate":"\/Date(-62135578800000)\/"}
Insight Global is seeking a Third Party Risk Management Analyst to join a cybersecurity team at one of our large healthcare clients. The ideal individual will work fully remote (in the approved... states) and will be responsible for ensuring the organization effectively manages risks associated with third-party vendors and partners throughout the entire third-party lifecycle, including vendor selection, contract negotiation, ongoing monitoring, and termination. This involves not only identifying and evaluating risks but also collaborating with various teams, particularly Legal and Procurement, to embed risk mitigation strategies into contractual agreements. Key responsibilities?Vendor Risk Assessment (VRA): oConduct thorough risk assessments for potential and existing vendors, focusing on various risk types, including cybersecurity, operational, financial, and compliance risks.oUtilize and potentially create vendor risk assessment questionnaires to gather detailed information about vendor practices, including data security policies, internal controls, compliance posture, and business continuity plans.oAnalyze questionnaire responses and other relevant information to identify deficiencies, areas for remediation, and categorize vendors based on risk levels.oEngage with stakeholders to communicate assessment results, address security concerns, and collaborate on potential remediation actions.oPerform periodic reviews and reassessments of existing vendors to ensure ongoing compliance and address evolving risks.?Contract Negotiation: oPartner with Legal and Procurement teams during contract negotiations to ensure security, privacy, and other relevant risk clauses are adequately addressed.oProvide expert guidance on acceptable and unacceptable contract terms related to risk management, service level agreements (SLAs), and data protection.oWork to define and include clear performance standards, due diligence requirements, and exit strategies within contracts.?TPRM program development and maintenance: oSupport the development, maintenance, and enhancement of the organization's Third-Party Risk Management program and framework.oDevelop and update TPRM procedures to ensure alignment with organizational policies and regulatory requirements.oIdentify and implement process efficiencies within the TPRM program and perform analyses on team metrics to enhance effectiveness.?Stakeholder collaboration and communication: oBuild and maintain strong relationships with internal stakeholders across departments such as Legal, Procurement, Information Security, and Business Units.oProvide TPRM guidance and training to Vendor Relationship Owners and business partners on risk management practices.oCommunicate identified risks, assessment results, and mitigation strategies to stakeholders, including senior management, clearly and concisely.?Ongoing monitoring and remediation: oTrack identified risks associated with third parties and ensure timely reviews are performed.oMonitor key supplier performance against established SLAs and regulatory requirements.oTrack and collaborate with internal partners and vendors to remediate any risk-related issues. Compensation: $35/hr - $55/hrWe are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.