Cyber Third-Party Risk Specialist

Mosaic Health is a national care delivery platform focused on expanding access to comprehensive primary care for consumers with coverage across Commercial, Individual Exchange, Medicare, and Medicaid health plans. The Business Units which comprise Mosaic Health are multi-payer and serve nearly one million consumers across 19 states, providing them with access to high quality primary care, integrated care teams, personalized navigation, expanded digital access, and specialized services for higher-need populations. Through Mosaic Health, health plans and employers have an even stronger care provider partner that delivers affordability and superior experiences for their members and employees, including value-based primary care capacity integrated with digital patient engagement and navigation. Each of the companies within Mosaic Health provide unique offerings that together promise to improve individuals' health and wellbeing, while helping care providers deliver higher quality care. For more information, please visit www.mosaichealth.com or follow Mosaic Health on LinkedIn.

Formed in 2008 and headquartered in Fort Myers, Florida, with offices in Florida, North Carolina, and Texas,
Millennium Healthcare is the largest independent physician group in the state of Florida and one of the largest in the United States. At Millennium Physician Group, our employees are the foundation of our success. Our promise is to provide you with the tools to do your job successfully, as well as providing a team atmosphere that empowers you to seek better ways to deliver care to our patients and their families. We also promise to care for you as an individual and help you grow in your role.

The Cyber Third-Party Risk Specialist will support all business units within Mosaic Health and is responsible for identifying, assessing, and mitigating cyber security risks across the organization. This role ensures compliance with regulatory frameworks, manages risk assessments, and collaborates with various teams to implement security controls that protect sensitive data and infrastructure.

Responsibilities

• Develop and implement strategies to mitigate identified risks associated with third-party relationships.
• Conduct thorough risk assessments of third-party vendors to identify potential security and compliance risks.
• Analyze vendor security practices and controls to ensure alignment with healthcare regulations and

company standards.

• Collaborate with vendors to address security and compliance gaps and monitor remediation efforts.
• Assess vendor security practices and controls to ensure alignment with healthcare regulations and company standards.
• Collaborate with vendors to address security and compliance gaps and monitor remediation efforts.
• Maintain up-to-date knowledge of regulatory changes and assess their impact on third-party risk management.
• Maintain up-to-date knowledge of regulatory changes and assess their impact on third-party risk

management.

• Align risk management practices with industry standards (e.g., NIST, ISO 27001, PCI-DSS).
• Ensure compliance with laws and regulations such as HIPAA.
• Monitor emerging threats, vulnerabilities, and industry trends to proactively address risks.
• Review and negotiate vendor contracts and service level agreements (SLAs) to include appropriate security and compliance requirements.
• Ensure that contracts include clauses that protect the organization's data and define vendor responsibilities in case of a data breach.
• Implement ongoing monitoring processes to track vendor performance and risk levels.
• Perform other related duties as assigned.
• Demonstrate excellent guest service to internal team members and patients.
• Perform other related duties as assigned.

Qualifications

• Bachelor's degree in Cybersecurity, Information Technology, Business Administration, or a related field.
• Knowledge of healthcare operations and regulatory requirements is highly desirable.
• Strong understanding of risk management principles and third-party risk assessment methodologies.
• Experience in third-party risk management, preferably within the healthcare industry.
• Familiarity with security technologies and tools used to assess and monitor vendor risk.
• Relevant certifications such as Certified Information Systems Security Professional (CISSP) or Certified in Risk and Information Systems Control (CRISC) are beneficial.
• Excellent analytical and problem-solving skills with a focus on risk management.
• Strong communication and negotiation skills to effectively manage risk collaborating across departments

and teams.

• Understanding of healthcare-specific regulatory requirements and the impact of risks on patient data and

services.

• A commitment to providing excellent service to internal team members and patients.
• High level of professionalism and integrity in all interactions.
• Ability to work independently in a fast-paced, cross-functional environment.

Physical Demands

• Sedentary work. Exerting up to 10 pounds of force occasionally and/or negligible amount of force

frequently or constantly to lift, carry, push, pull, or otherwise move objects. Repetitive motion. Substantial movements (motions) of the wrists, hands, and/or fingers. The worker must have close visual acuity to perform an activity such as: preparing and analyzing data and figures; transcribing; viewing a computer terminal; extensive reading. Ability to lift to 15 lbs. independently not to exceed 50 lbs. without help.

Equal Employment Opportunity

• Mosaic Health is an Equal Employment Opportunity employer and all qualified applicants will receive

consideration for employment without regard to age, citizenship status, color, creed, disability, ethnicity, genetic information, gender (including gender identity and gender expression), marital status, national origin, race, religion, sex, sexual orientation, veteran status or any other status or condition protected by applicable federal, state, or local laws.

• If you require an accommodation for the application or interview process, please let us know and we

will work with you to meet your needs. Please contact HRbenefits@mpgus.com for assistance.