Sr Third Party Risk Analyst; TPRM

Senior Third Party Risk Analyst (TPRM)

Location:

US-Remote

Health Equity’s mission is to save and improve lives by empowering healthcare consumers.

• Conduct risk assessments for critical and operationally significant third‑party entities including cloud service providers, SaaS platforms, technology partners, and infrastructure providers.
• Identify, track, and drive remediation of control gaps and security risks uncovered throughout the assessment lifecycle.
• Stay ahead of emerging risks such as generative and agentic AI and evolving regulatory expectations across financial services and healthcare.
• Partner closely with cross‑functional teams such as Procurement, Legal, Privacy, Security, AI Governance, and vendor business owners to manage third‑party risk holistically.
• Develop and maintain key risk and performance metrics that demonstrate progress and maturity within the TPRM program.
• Lead efforts to automate repetitive and high‑volume processes, leveraging AI to increase efficiency, quality, and speed.
• Introduce and evaluate AI‑enabled tools to enhance risk clarity, improve signal‑to‑noise, and scale the program responsibly.
• Support other TPRM and governance activities as needed, contributing to a culture of continuous improvement.

• Bachelor’s degree in Computer Science, Information Technology, Risk Management, or a related technical field.
• 5+ years of combined experience in information security, cybersecurity, or technical/analytical roles.
• Experience operating in fast‑paced, high‑accountability environments where prioritization and time sensitivity matter.
• 2‑5 years of hands‑on cybersecurity experience, ideally within financial services or healthcare.
• Strong understanding of security and AI control frameworks such as NIST Cybersecurity Framework (CSF), NIST AI Risk Management Framework (AI RMF), ISO 42001.
• Prior experience with TPRM/GRC platforms including Vanta, Archer, or Service Now.
• Familiarity with cybersecurity risk rating services such as Risk Recon, Security Scorecard, Bit Sight.
• Working knowledge of audits, regulatory exams, and attestations including SOC 2 Type II, ISO 27001, HITRUST.
• Ability to review and interpret technical evidence demonstrating cybersecurity validation and compliance such as SCA, SAST, DAST, penetration testing.
• Excellent written and verbal communication skills, with ability to translate between technical and nontechnical audiences.
• Experience reviewing technical policies and contributing to standard operating procedures.
• Strong command of the Microsoft ecosystem, including PowerPoint, Excel, Word, SharePoint, and Power BI.
• Demonstrated ability to use AI solutions securely and effectively such as Microsoft Copilot, Gemini, Anthropic, or ChatGPT.
• One or more cybersecurity certifications such as CISSP, CISA, CISM, CRISC, or equivalent.
• Demonstrated understanding of cybersecurity and AI governance frameworks including NIST CSF and NIST AI RMF.

This is a remote position. In‑person onboarding will be required.

$87,500.00 – $ per year.

• Medical, dental, and vision
• HSA contribution and match
• Dependent care FSA match
• Uncapped paid time off
• Paid parental leave
• 401(k) match
• Personal and healthcare financial literacy programs
• Ongoing education and tuition assistance
• Gym and fitness reimbursement
• Wellness program incentives

Health Equity, Inc. is an equal opportunity employer, and we are committed to being an employer where no matter your background or identity you feel welcome and included. We ensure equal opportunity for all applicants and employees without regard to race, age, color, religion, sex, sexual orientation, gender identity, national origin, status as a qualified individual with a disability, veteran status, or other legally protected characteristics.

Health Equity is a drug‑free workplace.