Fortified Health Security
Third Party Risk Analyst - Risk and Governance
Fortified Health Security, Exton, Pennsylvania, United States, 19341
Third Party Risk Analyst - Risk and Governance
Base pay range
$60,000.00/yr - $70,000.00/yr
Under the general direction of the Director of Risk and Governance Services, the Third Party Risk Analyst is responsible for ensuring that Third‑Party Risk Management (TPRM) assessments are successfully and consistently processed and delivered to clients. This position requires a moderate working knowledge of information security frameworks and the application of these frameworks to identify instances of risk in relation to third parties. The role includes responsibilities in product/service evaluation, risk identification and remediation, report writing, and client consulting on all matters related to the protection and regulatory compliance of patient health information.
Essential Job Functions
Ensure timely delivery of TPRM vendor assessment reports, and other TPRM service deliverables as required
Create reports which reflect assessment findings and recommendations in both technical and executive‑level formats
Communicate with clients and third parties regarding TPRM service support and delivery
Directly manage and oversee the delivery of TPRM services for clients the Third Party Risk Analyst is dedicated to supporting
Maintain a working knowledge of healthcare information security and privacy laws and regulations alongside industry frameworks including, but not limited to: HIPAA, HITECH, and the NIST CSF 2.0
Maintain a working knowledge of TPRM best practices
Contribute to the maintenance of client specific and internally managed TPRM policies and standard operating procedures
Knowledge & Skills Education & Experience
Bachelor's degree from a four‑year college or university or combination of education and experience
1+ years’ experience in all or most of the following:
IT support or help desk, preferably in an enterprise environment
Information security frameworks and/or standards such as the HITRUST CSF, the NIST CSF 2.0, ISO 27001, and SOC 2 Type 2
Use and application of the HIPAA Security Rule in day‑to‑day responsibilities preferred
Information security experience within the healthcare industry highly preferred
Special Skills & Knowledge
Ability to be flexible and manage tasks as priorities change based on client needs
Self‑driven individual who requires minimal direct supervision from supervisors when completing known, repeatable tasks
Analytical mindset which enables the individual to efficiently and accurately gain an understanding of how a newly presented product or service functions, supporting the creation and delivery of assessment reports and findings
Exceptional problem‑solving abilities alongside a desire to continually learn new concepts related to the field
Detail and results oriented, skilled at both planning and hands‑on execution
Ability to excel in a team‑oriented, collaborative office environment
Excellent written, verbal, and presentation skills
Intermediate understanding of security concepts and how they should be applied to a system’s architecture and workflow
Intermediate understanding of network infrastructure and security concepts
Preferred certifications: Network+, Security+, HITRUST‑related certifications
Requirements Supervisory Responsibility
Third‑party risk management services delivered within the Risk and Governance Services business unit
Working Conditions & Travel Requirements
In office
Fortified Health Security is an Equal Opportunity Employer. In compliance with the Americans with Disabilities Act, Fortified Health Security will provide reasonable accommodations to qualified individuals with disabilities. If a reasonable accommodation is needed to perform this position, you need to inform Fortified Health Security People and Culture Team of such request. Signatures below indicate the receipt and review of this job description by the associate assigned to the position and the People and Culture Team.
Seniority level
Entry level
Employment type
Full‑time
Job function
Information Technology
Industries
Computer and Network Security
#J-18808-Ljbffr
Under the general direction of the Director of Risk and Governance Services, the Third Party Risk Analyst is responsible for ensuring that Third‑Party Risk Management (TPRM) assessments are successfully and consistently processed and delivered to clients. This position requires a moderate working knowledge of information security frameworks and the application of these frameworks to identify instances of risk in relation to third parties. The role includes responsibilities in product/service evaluation, risk identification and remediation, report writing, and client consulting on all matters related to the protection and regulatory compliance of patient health information.
Essential Job Functions
Ensure timely delivery of TPRM vendor assessment reports, and other TPRM service deliverables as required
Create reports which reflect assessment findings and recommendations in both technical and executive‑level formats
Communicate with clients and third parties regarding TPRM service support and delivery
Directly manage and oversee the delivery of TPRM services for clients the Third Party Risk Analyst is dedicated to supporting
Maintain a working knowledge of healthcare information security and privacy laws and regulations alongside industry frameworks including, but not limited to: HIPAA, HITECH, and the NIST CSF 2.0
Maintain a working knowledge of TPRM best practices
Contribute to the maintenance of client specific and internally managed TPRM policies and standard operating procedures
Knowledge & Skills Education & Experience
Bachelor's degree from a four‑year college or university or combination of education and experience
1+ years’ experience in all or most of the following:
IT support or help desk, preferably in an enterprise environment
Information security frameworks and/or standards such as the HITRUST CSF, the NIST CSF 2.0, ISO 27001, and SOC 2 Type 2
Use and application of the HIPAA Security Rule in day‑to‑day responsibilities preferred
Information security experience within the healthcare industry highly preferred
Special Skills & Knowledge
Ability to be flexible and manage tasks as priorities change based on client needs
Self‑driven individual who requires minimal direct supervision from supervisors when completing known, repeatable tasks
Analytical mindset which enables the individual to efficiently and accurately gain an understanding of how a newly presented product or service functions, supporting the creation and delivery of assessment reports and findings
Exceptional problem‑solving abilities alongside a desire to continually learn new concepts related to the field
Detail and results oriented, skilled at both planning and hands‑on execution
Ability to excel in a team‑oriented, collaborative office environment
Excellent written, verbal, and presentation skills
Intermediate understanding of security concepts and how they should be applied to a system’s architecture and workflow
Intermediate understanding of network infrastructure and security concepts
Preferred certifications: Network+, Security+, HITRUST‑related certifications
Requirements Supervisory Responsibility
Third‑party risk management services delivered within the Risk and Governance Services business unit
Working Conditions & Travel Requirements
In office
Fortified Health Security is an Equal Opportunity Employer. In compliance with the Americans with Disabilities Act, Fortified Health Security will provide reasonable accommodations to qualified individuals with disabilities. If a reasonable accommodation is needed to perform this position, you need to inform Fortified Health Security People and Culture Team of such request. Signatures below indicate the receipt and review of this job description by the associate assigned to the position and the People and Culture Team.
Seniority level
Entry level
Employment type
Full‑time
Job function
Information Technology
Industries
Computer and Network Security
#J-18808-Ljbffr