Cybersecurity Third Party Risk Assessor
Company: Bon Secours Mercy Health
Location: Richmond
Posted on: November 22, 2021
|
|
|
Job Description:
Thank you for considering a career at Bon Secours Mercy
Health!Supports the Cybersecurity Risk and Assurance risk
management program by conducting independent and comprehensive
assessments of the vendors, service providers and third party
companies that manage systems or information for Bon Secours Merch
Health to determine the overall effectiveness of its controls and
is responsible for identifying opportunities for risk reduction in
operational risk management and vendor risk management to include
an understanding of third party vendor system use and securing of
operating systems, network infrastructure, software applications,
web servers, and databases. Makes actionable recommendations to
mitigate third party risk. Partner with Audit, Compliance, and
Legal to manage cybersecurity third party risk and
compliance.Essential Functions (7-10) Statements - List the
essential functions of the job. Essential functions are the reasons
a job exists.Plan and conduct security assessments of BSMH clients
third parties' vendors focusing on compliance with regulations,
company policies, and internal controls.Review authorization and
assurance documents to confirm that the level of risk is within
acceptable limits for each third-party software application,
system, network or third-party vendor.Monitor and evaluate third
parties' compliance with information technology (IT) security,
resilience, and dependability requirements across all capabilities
using implemented capabilities.Use of third-party risk evaluation
tools to help reduce organizational cyber risk with third
partiesPerform security reviews, identify gaps in security
architecture and develop a third-party risk management plan.Perform
risk analysis on third party capabilities (i.e. threat,
vulnerability and probability of occurrence) whenever an
application or system undergoes a major change.Compose and presents
assessment report containing findings and recommendations and
present to BSMH clientsEnsure that plans of actions and milestones
or remediation plans are in place for vulnerabilities identified
during risk assessments, audits, inspections, etc.Accountable for
partnering with the Business owners in a meaningful and
collaborative manner to ensure that as risks are identified, they
are managed and/or mitigated in a way that reduces organizational
risks and allows for the Mission of BSMH to continue its outreach
to the communities it serves.Participate in Cybersecurity Risk
Governance process to provide security risks, mitigations and input
on other technical risks.Draft and provide input into the
Cybersecurity Risk Management Framework process activities and
related documentation pertaining to third party risk
managementIdentify opportunities to improve processes and
procedures to document the execution of the analysis and
assessments of third-party risk management (TPRM)Supports the
development of key performance indicators and reporting key metrics
to leadership in a timely manner.Maintain information systems
assurance and accreditation materials for all efforts relating to
the third-party risk management that keep the program in line with
best practices.Develop specifications to ensure risk, compliance,
and assurance efforts conform with security, resilience, and
dependability requirements at the software application, system, and
network environment level within the Third-party risk
environment.Contribute to other Cybersecurity Risk and Assurance
programs and functions as needed.All other duties as assigned.Bon
Secours Mercy Health is an equal opportunity employer.We'll also
reward your hard work with:
Keywords: Bon Secours Mercy Health, Richmond , Cybersecurity Third Party Risk Assessor, Other , Richmond, Virginia
|
Click
here to apply!
|
