-
Cyber Security Engineer, Third Party Risk
- Community Health Systems (Franklin, TN)
-
Job Summary
As a key member of the Digital Technology Risk Assurance team, the Technology Risk Analyst will leverage their practical knowledge and experience to independently assess and manage technology risks associated with third-party vendors. This role requires a proactive individual capable of tackling complex challenges with minimal guidance, contributing significantly to the organization's overall risk posture.
Essential Functions
+ Comprehensive Vendor Evaluation: Conduct in-depth evaluations of third-party vendors and service providers, encompassing their financial stability, operational performance, and adherence to regulatory compliance requirements.
+ Risk Identification and Mitigation: Proactively identify potential technology risks and vulnerabilities within third-party relationships, subsequently developing and implementing effective mitigation strategies and plans.
+ Cross-Functional Collaboration and Communication: Foster strong collaborative relationships with internal teams, including procurement, legal, IT, and compliance, to ensure a unified and consistent approach to third-party risk management. Communicate and interact effectively and professionally with all stakeholders, including co-workers, management, business partners, and customers.
+ Compliance and Standards Alignment: Ensure all third-party risk management practices are meticulously aligned with established industry standards, regulatory requirements, and the organization's strategic goals.
+ Continuous Monitoring and Oversight: Implement and maintain continuous monitoring of third-party performance and compliance through regular audits, reviews, and performance assessments.
+ Documentation and Record Keeping: Maintain thorough, accurate, and up-to-date records pertaining to all third-party risk management processes and activities.
+ Organizational Awareness and Best Practices: Actively contribute to raising awareness of critical third-party risk issues and promote best practices across the organization.
Qualifications
Required Experience:
+ 2–4 years in technology risk, cybersecurity, audit, compliance, or third-party risk management.
+ Experience performing vendor risk assessments, due diligence, and ongoing monitoring.
+ Working knowledge of risk frameworks (e.g., NIST, ISO 27001).
+ Strong communication and stakeholder management skills.
+ Analytical and detail-oriented with the ability to identify and address risk gaps.
+ Familiarity with GRC or vendor risk management tools.
Preferred Experience:
+ 3+ years of third-party risk management experience, including process or framework improvement.
+ Professional certifications (CISA, CISM, CRISC, CISSP, CTPRA, etc.).
+ Experience in regulated industries or familiarity with third-party risk regulations.
+ Understanding of IT and cybersecurity concepts (cloud, network, application security).
+ Experience automating TPRM workflows or using GRC platforms (e.g., ServiceNow).
+ Ability to work across teams such as Legal, Procurement, and Technology.
+ Experience managing the full vendor risk lifecycle (onboarding through offboarding).
Equal Employment Opportunity
This organization does not discriminate in any way to deprive any person of employment opportunities or otherwise adversely affect the status of any employee because of race, color, religion, sex, sexual orientation, genetic information, gender identity, national origin, age, disability, citizenship, veteran status, or military or uniformed services, in accordance with all applicable governmental laws and regulations. In addition, the facility complies with all applicable federal, state and local laws governing nondiscrimination in employment. This applies to all terms and conditions of employment including, but not limited to: hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. If you are an applicant with a mental or physical disability who needs a reasonable accommodation for any part of the application or hiring process, contact the director of Human Resources at the facility to which you are seeking employment; Simply go to http://www.chs.net/serving-communities/locations/ to obtain the main telephone number of the facility and ask for Human Resources.
-
Recent Searches
- Senior Software Engineer HashiCorp (Texas)
- Hospital Program Manager (Florida)
- Transaction Manager High Tech (Louisiana)
- Customer Service Escalation Phone (Arizona)
Recent Jobs
-
Cyber Security Engineer, Third Party Risk
- Community Health Systems (Franklin, TN)
-
Nurse Practitioner - Workplace Violence Prevention Program Manager
- Veterans Affairs, Veterans Health Administration (Grand Junction, CO)
-
Senior Software Engineer - Data Foundation Platforms
- The Walt Disney Company (Santa Monica, CA)