HealthEquity
Overview
How you can make a difference
We are seeking a technically skilled and cybersecurity-focused Technical Security Risk Lead to join our Third Party Risk Management (TPRM) team. This role is essential in evaluating and mitigating security risks associated with third-party vendors, with a strong emphasis on cloud technologies, secure integrations, and identity management. The ideal candidate will have a deep understanding of different cloud service models (SaaS, PaaS, IaaS) and will collaborate with various cross-functional teams to ensure all third-party engagements comply with security and regulatory standards.
What you’ll be doing
Responsibilities
Conduct in-depth technical security assessments of third-party vendors and partners.
Evaluate vendor architecture, encryption practices, authentication mechanisms, and API integrations.
Master and leverage third-party security rating services (e.g., BitSight, Security Scorecard, RiskRecon) to inform risk decisions.
Develop a SaaS governance framework in partnership with Security Architecture and Identity & Access Management to mitigate the company\'s risk exposure.
Explore and evaluate the benefits of Software Bill of Materials (SBOM) compliance in third-party software.
Create Cloud reference architectures to illustrate control requirements across Azure, AWS, and GCP environments.
Identify and recommend appropriate security controls to mitigate risks associated with nascent generative AI platforms.
Leverage generative AI platforms to expedite due diligence and security compliance processes.
Assist the Product Security team in onboarding new operations partners and surfacing potential risks that could impact implementation.
Differentiate between SaaS, PaaS, and IaaS platforms, including secure integration methods and ingress/egress and defense layers to protect data.
Work with cross-functional teams to identify risks associated with shadow IT and develop processes, procedures, and controls to prevent, detect, and remediate.
Assist with the exploration, selection, and implementation of TPRM software to enhance program efficiency and scalability.
Participate in the design of supply chain resiliency strategies that provide optionality during unforeseen events to mitigate third-party and operational risk.
Collaborate with internal teams (Security, IT, Legal, Procurement) to ensure third-party engagements meet security and compliance standards.
Track and manage remediation efforts for identified risks and maintain risk assessment tools and documentation.
Stay current on emerging threats, technologies, and regulatory requirements.
Qualifications
Bachelor\'s degree in Cybersecurity, Information Technology, or a related field.
8 to 10+ years of related experience in information security, risk management, or third-party/vendor risk.
Knowledge of Cloud and security concepts including Azure Cloud, Azure Virtual Desktop, encryption types, network/app connection types, certificates and authentication protocols, IAM, API security, and SaaS/PaaS/IaaS architectures.
Experience with tools such as ServiceNow and Dynatrace.
Experience with hardware-based authentication methods (e.g., YubiKeys).
Knowledge of security frameworks (NIST CSF, ISO 27001, SOC 2) and data privacy regulations (CCPA, GDPR).
Project management and cross-functional collaboration skills; technical acumen in cloud security, secure integrations, and AI risk mitigation.
Strong analytical, documentation, and communication skills; ability to explain complex security risks to technical and non-technical stakeholders.
Experience in regulated industries (e.g., finance, healthcare).
Security certifications (e.g., CISSP, CISA, CRISC).
#LI-Remote
This is a remote position.
Salary Range $109,500.00 To $155,000.00 / year
Benefits & Perks The actual compensation offer is determined based on job-related knowledge, education, skills, experience, and work location. This position will be eligible for performance-based incentives as part of the total compensation package, in addition to a full range of benefits including:
Medical, dental, and vision
HSA contribution and match
Dependent care FSA match
Uncapped paid time off
Paid parental leave
401(k) match
Personal and healthcare financial literacy programs
Ongoing education and tuition assistance
Gym and fitness reimbursement
Wellness program incentives
Why work with HealthEquity HealthEquity has a vision that by 2030 we will make HSAs as wide-spread and popular as retirement accounts. We are passionate about providing a solution that allows American families to connect health and wealth. Join us and discover a work experience where the person is valued more than the position. HealthEquity is an equal opportunity employer and we are committed to a diverse and inclusive workforce. HealthEquity is a drug-free workplace. For more information, please visit our Careers page.
HealthEquity uses Microsoft Copilot to transcribe screening interviews between candidates and their direct Talent Partner for note taking and interview summaries. By scheduling a screening interview with us, you consent to Microsoft Copilot\'s AI technology recording and transcribing your interview. If you wish to opt out, please notify your Talent Partner in advance.
HealthEquity is committed to your privacy as an applicant. For information on our privacy policies, please visit HealthEquity Privacy.
#J-18808-Ljbffr
We are seeking a technically skilled and cybersecurity-focused Technical Security Risk Lead to join our Third Party Risk Management (TPRM) team. This role is essential in evaluating and mitigating security risks associated with third-party vendors, with a strong emphasis on cloud technologies, secure integrations, and identity management. The ideal candidate will have a deep understanding of different cloud service models (SaaS, PaaS, IaaS) and will collaborate with various cross-functional teams to ensure all third-party engagements comply with security and regulatory standards.
What you’ll be doing
Responsibilities
Conduct in-depth technical security assessments of third-party vendors and partners.
Evaluate vendor architecture, encryption practices, authentication mechanisms, and API integrations.
Master and leverage third-party security rating services (e.g., BitSight, Security Scorecard, RiskRecon) to inform risk decisions.
Develop a SaaS governance framework in partnership with Security Architecture and Identity & Access Management to mitigate the company\'s risk exposure.
Explore and evaluate the benefits of Software Bill of Materials (SBOM) compliance in third-party software.
Create Cloud reference architectures to illustrate control requirements across Azure, AWS, and GCP environments.
Identify and recommend appropriate security controls to mitigate risks associated with nascent generative AI platforms.
Leverage generative AI platforms to expedite due diligence and security compliance processes.
Assist the Product Security team in onboarding new operations partners and surfacing potential risks that could impact implementation.
Differentiate between SaaS, PaaS, and IaaS platforms, including secure integration methods and ingress/egress and defense layers to protect data.
Work with cross-functional teams to identify risks associated with shadow IT and develop processes, procedures, and controls to prevent, detect, and remediate.
Assist with the exploration, selection, and implementation of TPRM software to enhance program efficiency and scalability.
Participate in the design of supply chain resiliency strategies that provide optionality during unforeseen events to mitigate third-party and operational risk.
Collaborate with internal teams (Security, IT, Legal, Procurement) to ensure third-party engagements meet security and compliance standards.
Track and manage remediation efforts for identified risks and maintain risk assessment tools and documentation.
Stay current on emerging threats, technologies, and regulatory requirements.
Qualifications
Bachelor\'s degree in Cybersecurity, Information Technology, or a related field.
8 to 10+ years of related experience in information security, risk management, or third-party/vendor risk.
Knowledge of Cloud and security concepts including Azure Cloud, Azure Virtual Desktop, encryption types, network/app connection types, certificates and authentication protocols, IAM, API security, and SaaS/PaaS/IaaS architectures.
Experience with tools such as ServiceNow and Dynatrace.
Experience with hardware-based authentication methods (e.g., YubiKeys).
Knowledge of security frameworks (NIST CSF, ISO 27001, SOC 2) and data privacy regulations (CCPA, GDPR).
Project management and cross-functional collaboration skills; technical acumen in cloud security, secure integrations, and AI risk mitigation.
Strong analytical, documentation, and communication skills; ability to explain complex security risks to technical and non-technical stakeholders.
Experience in regulated industries (e.g., finance, healthcare).
Security certifications (e.g., CISSP, CISA, CRISC).
#LI-Remote
This is a remote position.
Salary Range $109,500.00 To $155,000.00 / year
Benefits & Perks The actual compensation offer is determined based on job-related knowledge, education, skills, experience, and work location. This position will be eligible for performance-based incentives as part of the total compensation package, in addition to a full range of benefits including:
Medical, dental, and vision
HSA contribution and match
Dependent care FSA match
Uncapped paid time off
Paid parental leave
401(k) match
Personal and healthcare financial literacy programs
Ongoing education and tuition assistance
Gym and fitness reimbursement
Wellness program incentives
Why work with HealthEquity HealthEquity has a vision that by 2030 we will make HSAs as wide-spread and popular as retirement accounts. We are passionate about providing a solution that allows American families to connect health and wealth. Join us and discover a work experience where the person is valued more than the position. HealthEquity is an equal opportunity employer and we are committed to a diverse and inclusive workforce. HealthEquity is a drug-free workplace. For more information, please visit our Careers page.
HealthEquity uses Microsoft Copilot to transcribe screening interviews between candidates and their direct Talent Partner for note taking and interview summaries. By scheduling a screening interview with us, you consent to Microsoft Copilot\'s AI technology recording and transcribing your interview. If you wish to opt out, please notify your Talent Partner in advance.
HealthEquity is committed to your privacy as an applicant. For information on our privacy policies, please visit HealthEquity Privacy.
#J-18808-Ljbffr