Job Summary
Under the general direction of the Director of Risk and Governance Services, the Third Party Risk Analyst is responsible for ensuring that Third-Party Risk Management (TPRM) assessments are successfully and consistently processed and delivered to clients. This position requires a moderate working knowledge of information security frameworks and the application of these frameworks to identify instances of risk in relation to third parties. The role includes responsibilities in product/service evaluation, risk identification and remediation, report writing, and client consulting on all matters related to the protection and regulatory compliance of patient health information.
Essential Job Functions
The following duties are normal for this position. The omission of specific statements of duties does not exclude them from being expected of this position if the work is similar, related, or a logical assignment for this position. Other duties may be required.
§ Ensure timely delivery of TPRM vendor assessment reports, and other TPRM service deliverables as required
§ Create reports which reflect assessment findings and recommendations in both technical and executive-level formats
§ Communicate with clients and third parties regarding TPRM service support and delivery
§ Directly manage and oversee the delivery of TPRM services for clients the Third Party Risk Analyst is dedicated to supporting
§ Maintain a working knowledge of healthcare information security and privacy laws and regulations alongside industry frameworks including, but not limited to: HIPAA, HITECH, and the NIST CSF 2.0
§ Maintain a working knowledge of TPRM best practices
§ Contribute to the maintenance of client specific and internally managed TPRM policies and standard operating procedures
Knowledge & Skills
Education & Experience
§ Bachelor's degree from a four-year college or university or combination of education and experience
§ 1 years’ experience in all or most of the following:
o IT support or help desk, preferably in an enterprise environment
o Information security frameworks and/or standards such as the HITRUST CSF, the NIST CSF 2.0, ISO 27001, and SOC 2 Type 2
o
§ Use and application of the HIPAA Security Rule in day-to-day responsibilities preferred
§ Information security experience within the healthcare industry highly preferred
Special Skills & Knowledge
§ Ability to be flexible and manage tasks as priorities change based on client needs
§ Self-driven individual who requires minimal direct supervision from supervisors when completing known, repeatable tasks
§ Analytical mindset which enables the individual to efficiently and accurately gain an understanding of how a newly presented product or service functions, supporting the creation and delivery of assessment reports and findings
§ Exceptional problem-solving abilities alongside a desire to continually learn new concepts related to the field
§ Detail and results oriented, skilled at both planning and hands-on execution
§ Ability to excel in a team-oriented, collaborative office environment
§ Excellent written, verbal, and presentation skills
§ Intermediate understanding of security concepts and how they should be applied to a system’s architecture and workflow
§ Intermediate understanding of network infrastructure and security concepts
Licenses, Certifications, etc.
§ Preferred certifications: Network , Security , HITRUST-related certifications
Requirements
Supervisory Responsibility
§ Third-party risk management services delivered within the Risk and Governance Services business unit
Working Conditions & Travel Requirements
§ In Exton Office
Fortified Health Security is an Equal Opportunity Employer. In compliance with the Americans with Disabilities Act, Fortified Health Security will provide reasonable accommodations to qualified individuals with disabilities. If a reasonable accommodation is needed to perform this position, you need to inform Fortified Health Security People and Culture Team of such request. Signatures below indicate the receipt and review of this job description by the associate assigned to the position and the People and Culture Team.
