Job Description:
PURPOSE:
To ensure the organization's data remains protected from inappropriate access, disclosure and/or damage buy assessing, documenting, and socializing risk.
ESSENTIAL FUNCTIONS:
60% Assess third party cybersecurity controls, identify gaps, evaluate mitigation strategies / action plans and manage them to closure.
20% Manage and maintain the third party security risk continuous monitoring program and develop metrics for reporting
10% Identify ineffective, inadequate, or absent third-party security controls and quantification of risk to CareFirst
10% Lead risk analyses efforts to ensure consistency in the detailed risk assessment lifecycle inclusive of identification, socialization, mitigation, and closure.
Responsibilities
• The Third-Party Risk Analyst will be responsible for collaborating with internal and external vendor teams to assess, monitor, and manage risks associated with third-party relationships
• This role requires a keen eye for detail, strong project management and analytical skills, and the ability to effectively document findings and recommendations
• Work with business teams to conduct thorough assessments of third-party vendors to identify potential risks to the organization
• This includes evaluating their security practices, data handling procedures, and regulatory compliance (e.g., HIPAA)
• Prepare detailed risk assessment reports, clearly articulating findings and recommendations
• Maintain a comprehensive repository of all third-party risk assessments and associated documentation
Qualifications
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Education Level: Bachelor's Degree
Education Details: Computer Science, Cyber Security, Information Technology, or related field
Experience: 8 years relevant information security experience.
In Lieu of Education
In lieu of a Bachelor's degree, an additional 4 years of relevant work experience is required in addition to the required work experience.
Preferred Qualifications
Advanced degree
Knowledge, Skills and Abilities (KSAs)
Ability to manage multiple tasks and deliverables with minimal supervision. , Expert
Ability to explain technical information to technical and nontechnical personnel., Advanced
Knowledge of cyber security related risk management techniques., Advanced
Knowledge of network architecture and firewall security., Expert
Understanding of business needs and commitment to delivering high-quality, prompt, and efficient service., Expert
The incumbent is required to immediately disclose any debarment, exclusion, or other event that makes them ineligible to perform work directly or indirectly on Federal health care programs. Must be able to effectively work in a fast-paced environment with frequently changing priorities, deadlines, and workloads that can be variable for long periods of time. Must be able to meet established deadlines and handle multiple customer service demands from internal and external customers, within set expectations for service excellence. Must be able to effectively communicate and provide positive customer service to every internal and external customer, including customers who may be demanding or otherwise challenging.
Licenses/Certifications
CISSP - Certified Information Systems Security Professional Upon Hire Pref or
CRISC – Certified Risk and Information Systems Controls
CISM - Certified Information Security Manager Upon Hire Pref or
Certified Ethical Hacker (CEH) Upon Hire Pref