Senior Specialist, Information Security – Third Party Risk
United States
Full Time
3 weeks ago
$88,000 - $93,000 USD
No Visa Sponsorship
Key skills
Cyber SecurityJiraRisk ManagementRemote Work
About this role
Role Overview
- Responsible for executing comprehensive information security risk assessments of third-party vendors engaged by PPFA, Affiliate, and Ancillary organizations.
- Evaluate vendors across multiple risk tiers to ensure they meet information security policies, HIPAA and PCI DSS requirements, and applicable regulatory standards.
- Thoughtfully analyze vendor-provided documentation, identify potential risks, collaborate with key parties, and produce detailed and accurate assessment reports.
- Manage the end-to-end TPRM process for assigned vendors including initiating communications, reviewing security documentation, identifying risks, and producing assessment reports.
- Engage with internal and external partners to facilitate information gathering, clarify responses, and resolve risks.
- Collaborate with internal stakeholders to ensure vendor assessments align with contract and compliance requirements.
Requirements
- Bachelor’s degree in Cybersecurity, Information Technology, Information Systems, Risk Management, or a related discipline (required).
- Relevant coursework or training in data privacy, regulatory compliance, or cyber risk management (preferred).
- Industry certifications, CTPRA, CTPRP, CISA (preferred). Obtain industry certification within 1 year of hire (required).
- 3–6 years of professional experience in information security, vendor risk management, IT/IS risk, or compliance roles (required).
- At least 2 years of experience conducting or supporting third-party/vendor security risk assessments, preferably within a regulated industry (e.g., healthcare, finance, or tech) (required).
- Experience reviewing vendor security questionnaires, SOC 2 reports, SIG assessments, or similar compliance documentation.
- Familiarity with security frameworks such as NIST CSF, HIPAA Security Rule, PCI DSS, and basic data privacy regulations (e.g., CCPA, GDPR).
- Hands-on experience using assessment tracking or GRC platforms (e.g., UpGuard, LogicGate, OneTrust, or spreadsheets with workflow tools like Jira or Asana).
- Exposure to working with procurement, legal, privacy, or compliance teams during vendor onboarding or contract review cycles.
- Ability to carefully review documentation, identify small errors or gaps in responses, and understand technical security controls and how they apply in a third-party context.
- Experience in basic contract management, including reviewing contracts, understanding basic terms and general contract language, especially legal documents that require data privacy and security language.
- Ability to work in a dynamic, fast-paced environment, managing competing cross-functional priorities and complex requirements.
- Excellent ability to conceive, draft, proofread, and edit written materials quickly, including demonstrated ability to understand and communicate about complex, technical, or sensitive subjects in a clear, concise, and engaging manner.
- High proficiency in Google products.
- Flexibility and ability to adapt to quickly changing priorities and ambiguous situations.
- Commitment and track record of advancing racial equity in both operations and communications.
- Commitment to PPFA’s mission and diversity, equity, and inclusion, particularly surrounding race equity.
- A deep commitment to Planned Parenthood’s mission of promoting Sexual and Reproductive Health
Tech Stack
- Cyber Security
Benefits
- Health insurance
- Retirement plans
- Paid time off
- Professional development opportunities
- Remote work options