Third-Party Risk Management Specialist

Summary

Join RxSense, a leading healthcare technology company, as a Third-Party Risk Management Specialist and contribute to their Information Security team. You will play a crucial role in safeguarding the privacy, confidentiality, integrity, and availability of information and systems across the organization. Your primary focus will be conducting vendor assessments, identifying third-party risks, and recommending mitigation strategies. This role requires a strong background in Third-Party Risk Management (TPRM) and experience working with industry-standard frameworks. You will be responsible for leading and managing third-party risk assessments, evaluating and monitoring third-party controls, collaborating with various departments, maintaining compliance with relevant standards, and supporting audits and compliance initiatives related to vendor management and security.

Requirements

• 2 + plus year of experience with all aspects of TPRM
• Must maintain a clean and presentable appearance and work environment for video calls
• Excellent verbal and written communication skills
• Customer service orientation (e.g., patience, positive customer-friendly attitude, active listening, empathy, professionalism, etc.)
• Strong attention to detail
• Ability to manage multiple responsibilities and competing priorities, constantly reprioritizing based on new information or shifting deadlines
• Strong desire to learn new technologies, frameworks, and standards
• Maintain current skills and strive to acquire new knowledge based on current industry trends
• Highly motivated self-starter & independent worker who can produce high level results consistently with minimal supervision
• Must work well in a team environment and participate in working meetings over Zoom (or equivalent)
• Capable of analyzing data to evaluate risk and compliance
• Ability to travel when required for audits
• Bachelor’s degree or equivalent years of industry experience

Responsibilities

• Lead and manage third-party risk assessments, ensuring vendors meet security and compliance standards
• Evaluate and monitor third-party controls to identify potential risks and recommend mitigation strategies
• Collaborate with legal, IT and business units to align vendor onboarding and risk processes
• Maintain compliance with SOC1, SOC2, HIPAA, HITRUST and ISO 27001
• Assist in the development and maintenance of policies, procedures, and standards related to third-party security
• Maintain inventory of third parties
• Track remediation efforts for identified vendor risks and ensure timely resolution
• Collaborate with the GRC Manager to continuously enhance and mature the TPRM Program
• Support audits and compliance initiatives related to vendor management and security
• Develop relationships within the team and across departments to encourage cooperation, communication, and respect

Preferred Qualifications

• Security Certifications a plus
• Governance, Risk, and Compliance (GRC) experience a plus
• Basic Knowledge of information security frameworks (e.g., ISO 27001, HITRUST, and SOC 2) and regulatory requirements such as HIPAA a plus