remote

Manager -Cybersecurity Third Party Risk - Sentara Health

Security Engineer

Manager of Cybersecurity Third-Party Risk overseeing vendor onboarding, risk assessment, control enforcement, continuous monitoring, and contractual compliance to protect Sentara Health’s data and operations.

About the role

City/State

Work Shift

Overview:

Overview

As a Cyber Security Third-Party Risk Manager, you will play a critical role developing, enhancing and executing the third-party risk management program including onboarding, maintenance and ongoing monitoring, and offboarding of third-party suppliers. Your primary responsibilities will include identifying and categorizing third party vendors based on risk, understanding and prioritizing the risks, establishing and enforcing key controls to mitigate the risk, perform continuous monitoring that tracks and reassesses third parties, and ensure third party contractual compliance with Sentara policy and standards. You will also be responsible for negotiating and maintaining the information security exhibit with the vendors through the contracting process.

Key Responsibilities

Regularly interact with all levels of management to present and discuss third-party risk management

Conduct comprehensive risk assessments of third-party vendors based on risk

Manage a team of assessors for performing vendor assessments and vendor contracts negotiations

Analyze and prioritize risks based on their potential impact on the organization’s operations, data, and reputation.

Develop and streamline the third-party risk management process.

Identify and assess vulnerabilities within vendor systems, networks, and applications.

Collaborate with cross-functional teams, including IT, security, and compliance, to develop and implement risk mitigation strategies.

Prepare detailed third-party risk assessment reports, including findings, recommendations, and mitigation plans, for presentation to management.

Maintain accurate and up-to-date documentation of third-party risk assessment activities, findings, and risk treatment plans.

Assist in audits and assessments to demonstrate compliance with cybersecurity standards.

Education:

Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field (preferred)

(OR)

Experience in lieu of Bachelor's Degree- 7+ years of experience in cybersecurity, with at least 3 years in risk management

Certification/Licensure

CISSP (Certified Information Systems Security Professional) (Preferred)
CISM (Certified Information Security Manager)(Preferred)
CRISC (Certified in Risk and Information Systems Control)(Preferred)
CISA (Certified Information Systems Auditor)(Preferred)

Experience

5+ years of experience in cybersecurity, with at least 3 years in risk management with a degree (Required)
7+