Manager -Cybersecurity Third Party Risk

The Manager - Cybersecurity Third Party Risk leads Sentara Hospitals' third-party risk management program, guiding onboarding, ongoing monitoring, and offboarding of vendors while enforcing security controls and maintaining contractual exhibits. The role prioritizes risk-based vendor categorization and continuous risk mitigation across the organization.

Responsibilities

• Engage with management at all levels to present and discuss third-party risk posture and findings.
• Conduct comprehensive risk assessments of third-party vendors according to risk profiles.
• Lead a team of assessors responsible for vendor assessments and contract negotiations.
• Identify, analyze, and prioritize risks by potential impact on operations, data, and reputation.
• Develop and streamline the third-party risk management processes and workflows.
• Identify vulnerabilities within vendor systems, networks, and applications.
• Collaborate with IT, security, and compliance teams to design and implement risk mitigations.
• Prepare detailed risk assessment reports with findings, recommendations, and mitigation plans for leadership.
• Maintain accurate, up-to-date documentation of assessments, findings, and risk treatment activities.
• Assist in audits and assessments to demonstrate compliance with cybersecurity standards.

Requirements

• 5+ years in cybersecurity with at least 3 years in risk management, with a degree (Required)
• 7+ years in cybersecurity with at least 3 years in risk management without a degree (Required)
• Strong understanding of cybersecurity principles, risk assessment methodologies, and threat landscape analysis
• 3 years of experience managing a third-party risk management program and team
• Proficiency in performing third-party risk assessments and negotiating contractual security language
• Knowledge of regulatory compliance requirements and industry standards
• Excellent analytical and problem-solving skills
• Effective communication and interpersonal abilities for collaboration with multidisciplinary teams
• Deep understanding of cybersecurity frameworks (NIST CSF, NIST 800-53, ISO 27001, HITRUST)
• Knowledge of healthcare regulations (HIPAA, HITECH) and their technical requirements
• Familiarity with risk assessment methodologies and tools
• Understanding of security technologies, controls, and best practices
• Experience with GRC platforms such as ServiceNOW and OneTrus

Technologies

• ServiceNOW
• OneTrus
• NIST CSF
• NIST 800-53
• ISO 27001
• HITRUST

Benefits

• Medical, Dental, Vision plans
• Adoption, Fertility and Surrogacy Reimbursement up to $10,000
• Paid Time Off and Sick Leave
• Paid Parental and Family Caregiver Leave
• Emergency Backup Care
• Long-Term and Short-Term Disability, and Critical Illness plans
• Life Insurance
• 401k/403B with Employer Match
• Tuition Assistance – $5,250/year and discounted education through Guild Education
• Student Debt Pay Down – $10,000
• Reimbursement for certifications and free access to CEUs and professional development
• Pet Insurance
• Legal Resources Plan
• Annual discretionary bonus eligibility if system criteria are met

Location

Location: Fostoria, KS (onsite).

City / State field lists Norfolk, VA.

Work Shift

First (Days)

Remote Work Eligibility

• Alabama
• Delaware
• Florida
• Georgia
• Idaho
• Indiana
• Kansas
• Louisiana
• Maine
• Maryland
• Minnesota
• Nebraska
• Nevada
• New Hampshire
• North Carolina
• North Dakota
• Ohio
• Oklahoma
• Pennsylvania
• South Carolina
• South Dakota
• Tennessee
• Texas
• Utah
• Virginia
• Washington
• West Virginia
• Wisconsin
• Wyoming

Certification / Licensure

• CISSP (Preferred)
• CISM (Preferred)
• CRISC (Preferred)
• CISA (Preferred)