Senior Analyst – TPRM

Emploi pas sur LinkedIn

🕒 il y a 1 mois

🐊 Florida, Nevada, +2 états de plus – Distant

🐊 Florida – Remote 🎰 Nevada – Remote ⚔️ Virginia – Remote ⛰️ West Virginia – Remote

⏰ Temps Plein

🟠 Senior

🧐 Analyste

Postuler Maintenant

Trouver des Emplois à Distance Similaires

Recevoir des emails pour des emplois à distance

📊 Vérifiez votre score de CV pour ce poste

Améliorez vos chances d'obtenir un entretien en vérifiant votre score de CV avant de postuler.

Télécharger le CV

Sentara Health

Site WebLinkedInTous les Emplois

10 000+ employés

Fondée en 1890

⚕️ Assurance santé

Healthcare Insurance

Sentara Health est un système de santé de premier plan qui exploite plus de 300 sites de soins en Virginie et dans le nord-est de la Caroline du Nord, y compris 12 hôpitaux de soins aigus. L'entreprise est dédiée à offrir des soins exceptionnels aux patients, à encourager le développement professionnel et à maintenir une main-d'œuvre diversifiée. Sentara Health vise à améliorer la santé chaque jour et a été reconnue pour ses performances cliniques et opérationnelles, étant nommée parmi les 15 meilleurs systèmes de santé par IBM Watson Health. L'organisation soutient ses employés pour qu'ils atteignent leur plein potentiel et encourage la croissance et l'innovation dans le secteur de la santé.

Description

• Conduct thorough risk assessments for potential and existing vendors, focusing on various risk types, including cybersecurity, operational, financial, and compliance risks. • Utilize and potentially create vendor risk assessment questionnaires to gather detailed information about vendor practices, including data security policies, internal controls, compliance posture, and business continuity plans. • Analyze questionnaire responses and other relevant information to identify deficiencies, areas for remediation, and categorize vendors based on risk levels. • Engage with stakeholders to communicate assessment results, address security concerns, and collaborate on potential remediation actions. • Perform periodic reviews and reassessments of existing vendors to ensure ongoing compliance and address evolving risks. • Partner with Legal and Procurement teams during contract negotiations to ensure security, privacy, and other relevant risk clauses are adequately addressed. • Provide expert guidance on acceptable and unacceptable contract terms related to risk management, service level agreements (SLAs), and data protection. • Work to define and include clear performance standards, due diligence requirements, and exit strategies within contracts. • Support the development, maintenance, and enhancement of the organization's Third-Party Risk Management program and framework. • Develop and update TPRM procedures to ensure alignment with organizational policies and regulatory requirements. • Identify and implement process efficiencies within the TPRM program and perform analyses on team metrics to enhance effectiveness. • Build and maintain strong relationships with internal stakeholders across departments such as Legal, Procurement, Information Security, and Business Units. • Provide TPRM guidance and training to Vendor Relationship Owners and business partners on risk management practices. • Communicate identified risks, assessment results, and mitigation strategies to stakeholders, including senior management, clearly and concisely. • Track identified risks associated with third parties and ensure timely reviews are performed. • Monitor key supplier performance against established SLAs and regulatory requirements. • Track and collaborate with internal partners and vendors to remediate any risk-related issues.

🎯 Exigences

• Bachelor's degree in a relevant field such as Business, Finance, Information Technology, or a related discipline (Preferred) • Experience in lieu of Bachelor's Degree - 7+ years of relevant experience without a degree • CISA, CRISC, CISM, CISSP, or other relevant certifications are preferred • 5+ years of relevant experience with a degree • Strong understanding of Third-Party Risk Management (TPRM) principles, concepts, and best practices. • Experience in conducting vendor risk assessments and evaluating internal controls, potentially leveraging frameworks like ISO 27001/2, NIST 800-53, NIST CSF, SOC1/SOC2, CSA CCM, and Shared Assessments SIG. • Working knowledge of contract management principles and practices, including contract negotiation and analysis. • Excellent communication skills, both written and verbal, with the ability to effectively articulate security control requirements, assessment results, and risk considerations to diverse audiences. • Strong analytical, critical thinking, and problem-solving skills, with the ability to digest and analyze complex information with attention to detail and accuracy. • Ability to work collaboratively in a cross-functional environment and build strong relationships with internal and external partners. • Proficiency in Microsoft Office Suite (Excel, PowerPoint, Word) and potentially GRC (Governance, Risk, and Compliance) tools like OneTrust (highly desirable), Archer, or ServiceNow

🏖️ Avantages

• Medical, Dental, Vision plans • Adoption, Fertility and Surrogacy Reimbursement up to $10,000 • Paid Time Off and Sick Leave • Paid Parental & Family Caregiver Leave • Emergency Backup Care • Long-Term, Short-Term Disability, and Critical Illness plans • Life Insurance • 401k/403B with Employer Match • Tuition Assistance – $5,250/year and discounted educational opportunities through Guild Education • Student Debt Pay Down – $10,000 • Reimbursement for certifications and free access to complete CEUs and professional development • Pet Insurance • Legal Resources Plan • Colleagues have the opportunity to earn an annual discretionary bonus if established system and employee eligibility criteria is met.