Cybersecurity Third Party Risk Assessor - Bon Secours

  • 3 Aug 2021 12:29 PM
    Message # 10792014
    James Walters (Administrator)

    Cybersecurity Third Party Risk Assessor

    Supports the Cybersecurity Risk and Assurance risk management program by conducting independent and comprehensive assessments of the vendors, service providers and third party companies that manage systems or information for Bon Secours Merch Health to determine the overall effectiveness of its controls and is responsible for identifying opportunities for risk reduction in operational risk management and vendor risk management to include an understanding of third party vendor system use and securing of operating systems, network infrastructure, software applications, web servers, and databases. Makes actionable recommendations to mitigate third party risk. Partner with Audit, Compliance, and Legal to manage cybersecurity third party risk and compliance.

    Essential Functions (7-10) Statements - List the essential functions of the job. Essential functions are the reasons a job exists.

    Plan and conduct security assessments of BSMH clients third parties' vendors focusing on compliance with regulations, company policies, and internal controls.

    Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each third-party software application, system, network or third-party vendor.

    Monitor and evaluate third parties' compliance with information technology (IT) security, resilience, and dependability requirements across all capabilities using implemented capabilities.

    Use of third-party risk evaluation tools to help reduce organizational cyber risk with third parties

    Perform security reviews, identify gaps in security architecture and develop a third-party risk management plan.

    Perform risk analysis on third party capabilities (i.e. threat, vulnerability and probability of occurrence) whenever an application or system undergoes a major change.

    Compose and presents assessment report containing findings and recommendations and present to BSMH clients

    Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.

    Accountable for partnering with the Business owners in a meaningful and collaborative manner to ensure that as risks are identified, they are managed and/or mitigated in a way that reduces organizational risks and allows for the Mission of BSMH to continue its outreach to the communities it serves.

    Participate in Cybersecurity Risk Governance process to provide security risks, mitigations and input on other technical risks.

    Draft and provide input into the Cybersecurity Risk Management Framework process activities and related documentation pertaining to third party risk management

    Identify opportunities to improve processes and procedures to document the execution of the analysis and assessments of third-party risk management (TPRM)

    Supports the development of key performance indicators and reporting key metrics to leadership in a timely manner.

    Maintain information systems assurance and accreditation materials for all efforts relating to the third-party risk management that keep the program in line with best practices.

    Develop specifications to ensure risk, compliance, and assurance efforts conform with security, resilience, and dependability requirements at the software application, system, and network environment level within the Third-party risk environment.

    Contribute to other Cybersecurity Risk and Assurance programs and functions as needed.

    All other duties as assigned.

    Bon Secours Mercy Health is an equal opportunity employer.

    We'll also reward your hard work with:
    • Comprehensive, affordable medical, dental and vision plans
    • Prescription drug coverage
    • Flexible spending accounts
    • Life insurance w/AD&D
    • An employer-matched 403(b) for those who qualify
    • Paid time off
    • Educational Assistance
    • And much more

    Scheduled Weekly Hours:

    Work Shift:

    SS I&T - Info Security

    Cybersecurity Third Party Risk Assessor - Bon Secours Health System, Inc. - Richmond, VA |

Copyright 2018, International Information Systems Security Certification Consortium, Inc. (“(ISC)²), in website format and trade dress only. All Rights Reserved. (ISC)², CISSP, SSCP, CAP, ISSAP, ISSEP, ISSMP, CSSLP, and CBK are registered certification, service, and trademarks of (ISC)². Disclaimer: (ISC)²” does not own, operate, or moderate this website. All content of this site, exclusive of licensed trademarks or copyright, is the property of the designated (ISC)² Chapter organization, which is not owned, managed, or controlled by (ISC)² and operates independent of (ISC)².  

(ISC)2RVA is a 501(c)3 nonprofit organization.  EIN: 83-4655968

P.O. Box 2566, Glen Allen, VA 23058-2566

Powered by Wild Apricot Membership Software