Third Party Risk Analyst - Risk and Governance

Location:

736 Springdale Drive, Exton, PA, 19341, United States

Base Pay: $60,000.00 - $70,000.00 / Year

Under the general direction of the Director of Risk and Governance Services, the Third Party Risk Analyst is responsible for ensuring that Third-Party Risk Management (TPRM) assessments are successfully and consistently processed and delivered to clients. This position requires a moderate working knowledge of information security frameworks and the application of these frameworks to identify instances of risk in relation to third parties.

The role includes responsibilities in product/service evaluation, risk identification and remediation, report writing, and client consulting on all matters related to the protection and regulatory compliance of patient health information.

• Ensure timely delivery of TPRM vendor assessment reports, and other TPRM service deliverables as required
• Create reports which reflect assessment findings and recommendations in both technical and executive-level formats
• Communicate with clients and third parties regarding TPRM service support and delivery
• Directly manage and oversee the delivery of TPRM services for clients the Third Party Risk Analyst is dedicated to supporting
• Maintain a working knowledge of healthcare information security and privacy laws and regulations alongside industry frameworks including, but not limited to: HIPAA, HITECH, and the NIST CSF 2.0
• Maintain a working knowledge of TPRM best practices
• Contribute to the maintenance of client-specific and internally managed TPRM policies and standard operating procedures

• Bachelor's degree from a four-year college or university or combination of education and experience
• 1+ years’ experience in all or most of the following preferred, but recent graduates are also encouraged to apply:
  • IT support or help desk, preferably in an enterprise environment
  • Information security frameworks and/or standards such as the HITRUST CSF, the NIST CSF 2.0, ISO 27001, and SOC 2 Type 2
• Use and application of the HIPAA Security Rule in day-to-day responsibilities preferred
• Information security experience within the healthcare industry highly preferred

• Ability to be flexible and manage tasks as priorities change based on client needs
• Self-driven individual who requires minimal direct supervision from supervisors when completing known, repeatable tasks
• Analytical mindset which enables the individual to efficiently and accurately gain an understanding of how a newly presented product or service functions, supporting the creation and delivery of assessment reports and findings
• Exceptional problem-solving abilities alongside a desire to continually learn new concepts related to the field
• Detail and results oriented, skilled at both planning and hands-on execution
• Ability to excel in a team-oriented, collaborative office environment
• Excellent written, verbal, and presentation skills
• Intermediate understanding of security concepts and how they should be applied to a system’s architecture and workflow
• Intermediate understanding of network infrastructure and security concepts

• Preferred certifications:
  Network+, Security+, HITRUST-related certifications

• Third-party risk management services delivered within the Risk and Governance Services business unit

• In Exton Office

Fortified Health Security is an Equal Opportunity Employer. In compliance with the Americans with Disabilities Act, Fortified Health Security will provide reasonable accommodations to qualified individuals with disabilities.