CybersecurityJobs.io
← Back to all jobs
Sentara Hospitals

Manager -Cybersecurity Third Party Risk

Sentara Hospitals
Norfolk, VA $117k - $217k/yr Full time Posted 5h ago
Manager Information Security Infosec Management Nist Cybersecurity Framework Risk Assessment Risk Assessments Risk Management Security Compliance Strategic Planning Third Party Risk Management Vendor Management
Apply Now

Job Description

Benefits and culture

Sentara Hospitals offers a comprehensive benefits package and a collaborative, mission‑driven culture in Norfolk, Virginia. This onsite leadership role comes with a salary range of USD 116,729 – 216,777 per year. You will have access to medical, dental, and vision coverage, generous paid time off and sick leave, paid parental and family caregiver leave, emergency backup care, and disability and life insurance. The organization provides a 401(k) or 403(b) with employer matching, tuition assistance up to $5,250 annually plus discounted education through Guild Education, student debt repayment of up to $10,000, reimbursement for certifications, and free access to professional development resources. Additional benefits include pet insurance, a legal resources plan, and the potential for an annual discretionary bonus based on system performance and eligibility. This is an opportunity to contribute to a regulated healthcare environment that prioritizes risk management, privacy, and security.

Responsibilities

  • Present third‑party risk management topics to leadership across all levels of the organization.
  • Conduct thorough risk assessments of vendor relationships aligned with risk priorities.
  • Lead a team of assessors in vendor evaluations and contract security negotiations.
  • Analyze and rank risks by their potential impact on operations, data, and reputation.
  • Develop and streamline the third‑party risk management processes and workflows.
  • Identify and evaluate vulnerabilities within vendor systems, networks, and applications.
  • Work with IT, security, and compliance teams to design and implement risk mitigation strategies.
  • Prepare detailed risk assessment reports with findings, recommendations, and mitigation plans for management review.
  • Maintain accurate documentation of risk assessment activities, findings, and risk treatment plans.
  • Support audits and assessments to demonstrate adherence to cybersecurity standards.

Requirements

  • 5+ years in cybersecurity with at least 3 years in risk management plus a degree (Required) or 7+ years in cybersecurity with at least 3 years in risk management without a degree (Required).
  • Strong grounding in cybersecurity principles, risk assessment methodologies, and threat landscape analysis.
  • 3 years of experience managing a third‑party risk management program and team.
  • Proficiency in performing third‑party risk assessments and negotiating security language in contracts.
  • Knowledge of regulatory compliance requirements and industry standards.
  • Excellent analytical and problem‑solving capabilities.
  • Effective written and verbal communication to collaborate with multidisciplinary teams.
  • Experience in healthcare or other highly regulated industries is preferred.
  • Deep familiarity with frameworks such as NIST CSF, NIST 800‑53, ISO 27001, and HITRUST.
  • Understanding of healthcare regulations (HIPAA, HITECH) and their technical implications.
  • Experience with risk assessment methodologies and tools.
  • Knowledge of security technologies, controls, and best practices.
  • Experience with Governance, Risk, and Compliance platforms such as ServiceNow and OneTrus.

Technologies

  • NIST CSF
  • NIST 800‑53
  • ISO 27001
  • HITRUST
  • ServiceNow
  • OneTrus

Certifications and licensure

  • CISSP (preferred)
  • CISM (preferred)
  • CRISC (preferred)
  • CISA (preferred)

Similar Jobs

Get Job Alerts

New jobs delivered to your inbox.