Manager – Cybersecurity Third Party Risk

Role Overview

• Develop, enhance and execute the third-party risk management program including onboarding, maintenance and ongoing monitoring, and offboarding of third-party suppliers.
• Identify and categorize third party vendors based on risk, understanding and prioritizing the risks.
• Establish and enforce key controls to mitigate the risk.
• Perform continuous monitoring that tracks and reassesses third parties.
• Ensure third party contractual compliance with Sentara policy and standards.
• Negotiate and maintain the information security exhibit with the vendors through the contracting process.
• Regularly interact with all levels of management to present and discuss third-party risk management.
• Conduct comprehensive risk assessments of third-party vendors based on risk.
• Manage a team of assessors for performing vendor assessments and vendor contracts negotiations.
• Analyze and prioritize risks based on their potential impact on the organization’s operations, data, and reputation.
• Develop and streamline the third-party risk management process.
• Identify and assess vulnerabilities within vendor systems, networks, and applications.
• Collaborate with cross-functional teams, including IT, security, and compliance, to develop and implement risk mitigation strategies.
• Prepare detailed third-party risk assessment reports, including findings, recommendations, and mitigation plans, for presentation to management.
• Maintain accurate and up-to-date documentation of third-party risk assessment activities, findings, and risk treatment plans.
• Assist in audits and assessments to demonstrate compliance with cybersecurity standards.

Requirements

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field (preferred)
• 7+ years of experience in cybersecurity, with at least 3 years in risk management (Experience in lieu of Bachelor's Degree)
• Certification/Licensure: CISSP (Preferred)
• Certification/Licensure: CISM (Preferred)
• Certification/Licensure: CRISC (Preferred)
• Certification/Licensure: CISA (Preferred)
• 5+ years of experience in cybersecurity, with at least 3 years in risk management with a degree (Required)
• 7+ years of experience in cybersecurity, with at least 3 years in risk management without a degree (Required)
• Strong understanding of cybersecurity principles, risk assessment methodologies, and threat landscape analysis.
• Proficiency in performing third-party risk assessments and negotiating contractual security language.
• Knowledge of regulatory compliance requirements and industry standards.
• Excellent analytical and problem-solving skills.
• Effective communication and interpersonal abilities to collaborate with multidisciplinary teams.
• Experience in healthcare or other highly regulated industries preferred.
• Deep understanding of cybersecurity frameworks (NIST CSF, NIST 800-53, ISO 27001, HITRUST).
• Knowledge of healthcare regulations (HIPAA, HITECH) and their technical requirements.
• Familiarity with risk assessment methodologies and tools.
• Understanding of security technologies, controls, and best practices.
• Experience with GRC (Governance, Risk, and Compliance) platforms such as ServiceNOW, OneTrust.

Tech Stack

• Cyber Security
• ServiceNow

Benefits

• Medical, Dental, Vision plans
• Adoption, Fertility and Surrogacy Reimbursement up to $10,000
• Paid Time Off and Sick Leave
• Paid Parental & Family Caregiver Leave
• Emergency Backup Care
• Long-Term, Short-Term Disability, and Critical Illness plans
• Life Insurance
• 401k/403B with Employer Match
• Tuition Assistance – $5,250/year and discounted educational opportunities through Guild Education
• Student Debt Pay Down – $10,000
• Reimbursement for certifications and free access to complete CEUs and professional development
• Pet Insurance
• Legal Resources Plan
• Colleagues have the opportunity to earn an annual discretionary bonus if established system and employee eligibility criteria is met.