Senior Specialist, Information Security, Third Party Risk

Purpose:

• Responsible for executing comprehensive information security risk assessments of third-party vendors.
• Evaluate vendors across multiple risk tiers to ensure they meet internal information security policies, HIPAA and PCI DSS requirements, and applicable regulatory standards.
• The Senior Specialist will thoughtfully analyze vendor-provided documentation, proactively identify potential risks.

Delivery:

• Managing the end-to-end TPRM process for their assigned vendors.
• Reviewing and analyzing security and compliance documentation; identifying and documenting risks and control gaps.
• Producing formal assessment reports to inform risk management decisions.

Engagement:

• Engage directly with internal and external partners to facilitate the information gathering process, clarify responses and security documentation, and support resolution of identified risks.
• Collaborate with internal stakeholders such as procurement, legal, privacy, and IT to ensure vendor assessments are aligned with contract and compliance requirements.
• Partner with internal risk owners to track and follow up on remediation plans, ensuring timely risk management and communication of outstanding items.