3rd Party Risk Mgmt Specialist - Sr at AdventHealth

Date Posted: 6/24/2019

Job Snapshot

  • Job Schedule
    Full-Time
  • Job Category
  • Date Posted:
    6/24/2019
  • Job ID:
    19008454
  • Job Family
    Information Systems
  • Travel
    No
  • Shift
    1 - Day
  • Application Zone
    1-Shared Services
  • Organization
    AdventHealth Information Technology

Job Description


Description

3rd Party Risk Mgmt Specialist - Senior

AdventHealth Information Technology

Location Address: Inspiration Avenue, Altamonte Springs  FL

Top Reasons To Work At AdventHealth Corporate

•         Great benefits

•         Immediate Health Insurance Coverage

•         Career growth and advancement potential

•         Award-winning IT Department

Work Hours/Shift:

Full-Time, Monday – Friday

 

You Will Be Responsible For:

•         Develop and enhance vendor toolkit(s) (risk tier, risk score, etc.).

•         Determine vendor risk level using risk tier toolkit(s) and continually evaluate for accuracy

•         Send security questionnaire to vendors based on risk level

•         Partner with vendor point of contact to ensure responses are received within agreed upon timelines

•         Examine records, reports, operating practices, and evidences to finalize assessment report and remediation plan

•         Provide expertise and oversight of 3rd party findings with documented assessment gaps, information security risks and remediation recommendations in Governance, Risk, and Compliance platform to ensure current and emerging threats are adequately identified and remediated with the 3rd party

•         Negotiate vendor remediation planning and implementation efforts to reduce organizational risk

•         Facilitate and enhance the use of Governance, Risk, and Compliance technology-based tools to review, design and/or delivery services

•         Provide expertise in information security control implementations, standards, and best practices related to information security and compliance e.g., PCI-DSS and HITRUST with standards, laws, and regulations e.g., AICPA and HIPAA

•         Exercise professional judgment by evaluating information, making recommendations, and maintaining confidentiality of data per AHS policies, avoiding conflict of interests

•         Contribute in the enhancement and delivery of a comprehensive Third Party Risk Management program through the continual review, evaluation, and testing of administrative, physical and technical controls to assess effectiveness

•         Assist internal/external auditors with special projects or assessments, as needed

•         Lead and actively support mentoring relationships within the team, department and organization

•         Ability to elicit and understand customer needs


Qualifications

KNOWLEDGE AND SKILLS REQUIRED:

•         Risk management and compliance program development relating to HIPAA, FERPA, PCI DSS, Meaningful Use (MU), security awareness, policy and standards development

•         Strong background in IT, information security, applications, and/or data centers

•         Enterprise-wide Information Security controls, IT processes, procedures, testing concepts, and audit reporting.

•         Cloud-based application/environment security requirements

•         Interpretation of Generally Accepted Auditing Standards (GAAS), and/or SSAE-16/18 reports

•         Negotiation of remediation planning and efforts with the 3rd party

•         IIA and ISACA standards, including preparation of detailed work papers adequately supporting conclusions to ensure a complete work product

•         Complimenting assessments with the knowledge of various technologies to help AHS achieve its information security compliance objectives

•         Information Security Standards and Frameworks such as HITRUST, NIST, and PCI-DSS

•         Effectively communicate both verbal and written

•         Time management skills

•         Multi-tasking, prioritization, decision making, project management, presentation, and strong interpersonal skills

•         Build and actively support mentoring relationships within the team, department and organization

•         Ability to elicit and understand customer needs

KNOWLEDGE AND SKILLS PREFERRED:

•         A broad understanding of IT service functions such as technical security, network engineering, application development, server administration, database administration, user account administration, identity and access management, end-point device management and academic support.

•         Experience with large enterprise system platforms such as EMR/EHR, PeopleSoft, Oracle databases, Windows and UNIX/LINUX

•         GRC tool development and implementation (Keylight/Archer, highly desirable).

•         Third Party Risk Management program

EDUCATION AND EXPERIENCE REQUIRED:

•         Bachelor’s degree in Science in Information Security, Information Systems or another related field

•         Seven or more years of experience with Information Security risk assessments or Third Party Risk Management, and/or Compliance programs

EDUCATION AND EXPERIENCE PREFERRED:

•         Master’s degree - Computer Sciences, Information Systems, Cybersecurity or Business Administration

•         Five or more years of experience in Information security audit and compliance initiatives within large complex organizations

•         Three or more years of experience in a healthcare environment

 

LICENSURE, CERTIFICATION OR REGISTRATION REQUIRED:

One of the following

•         Certified Information Systems Security Professional (CISSP)

•         Certified Information Systems Auditor (CISA)

 

Summary:

The Third Party Risk Management Specialist – Senior, as part of the Enterprise Security team will safeguard information system assets by developing an understanding of the security requirements of AdventHealth (ADH) Third parties and their information systems to identify potential or actual security compliance issues. The Third Party Risk Management Team supports the business in assessing 3rd parties that may access, process, transmit and/or store AdventHealth Data such as Protected Health Information (PHI), Payment Card Industry (PCI), or Personally Identifiable Information (PII). 



This facility is an equal opportunity employer and complies with federal, state and local anti-discrimination laws, regulations and ordinances.

VIEW ALL JOBS BY:
Location | Organization | Category | Job Function