Insight Global is seeking a Cyber Security Third Party Risk Program Manager to join the GRC team at one of our largest health insurance clients. This is a fully remote role (see approved state list) and will be a 6-month contract-to-hire format. The pay for this role is expected to be $50-67/hr with a conversion salary of $110,000 to $130,000 per year based on experience level. As a Cyber Security Third-Party Risk Program Manager, this individual will play a critical role developing, enhancing and executing the third-party risk management program including onboarding, maintenance and ongoing monitoring, and offboarding of third-party suppliers. Primary responsibilities will include identifying and categorizing third-party vendors based on risk, understanding and prioritizing the risks, establishing and enforcing key controls to mitigate the risk, performing continuous monitoring that tracks and reassesses third parties, and ensuring third party contractual compliance with Sentara policy and standards.
Key Responsibilities:
-Regularly interact with all levels of management to present and discuss third-party risk management
-Conduct comprehensive risk assessments of third-party vendors based on risk
-Manage a team of assessors for performing vendor assessments and vendor contracts negotiations
-Analyze and prioritize risks based on their potential impact on the organizations operations, data, and reputation.
-Develop and streamline the third-party risk management process.
-Identify and assess vulnerabilities within vendor systems, networks, and applications.
-Collaborate with cross-functional teams, including IT, security, and compliance, to develop and implement risk mitigation strategies.
-Prepare detailed third-party risk assessment reports, including findings, recommendations, and mitigation plans, for presentation to management.
-Maintain accurate and up-to-date documentation of third-party risk assessment activities, findings, and risk treatment plans.
-Assist in audits and assessments to demonstrate compliance with cybersecurity standards.
Desired Characteristics:
-Organized and detail-oriented, able to work well under deadlines in a changing environment and complete multiple projects effectively and concurrently.
-Demonstrated customer focus
-Strong analytical skills strong problem-solving skills, communicates in a clear and succinct manner and effectively evaluates information/data to make decisions; anticipates obstacles and develops plans to resolve.
-Change-Oriented actively generates process improvements; supports and drives change and confronts difficult circumstances in creative ways. Self-motivated, self-directed, flexible, and able to work under pressure and in fast paced team environment.
-Demonstrated ability to lead and motivate staff and to apply skills and techniques to solve dynamic problems.
We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to
HR@insightglobal.com.
To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy:
https://insightglobal.com/workforce-privacy-policy/ .
- 10 years of experience in Governance, Risk, and Compliance (GRC) related roles.
- At least 2 years of experience successfully managing a third-party risk, or vendor due diligence team/program in cyber security.
- Proficiency in performing third-party risk assessments and negotiating contractual security language with vendors' legal and information security teams.
- Strong background in risk and controls, security controls, auditing, and system security.
- Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA).
- Experience with industry regulations and frameworks such as HIPAA, NIST, and ISO 27001.
- Bachelors degree in computer science, Information Security, or experience in related field
- Healthcare industry experience / working in a highly regulated environment.
- Experience with GRC tools such as Service Now, One Trust, Archer, etc.
Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.