Cyber Security Engineer, Third Party Risk Management (Remote)

Community Health Systems is one of the nation’s leading healthcare providers. Developing and operating healthcare delivery systems in 39 distinct markets across 15 states, CHS is committed to helping people get well and live healthier. CHS operates 70 acute-care hospitals and more than 1,000 other sites of care, including physician practices, urgent care centers, freestanding emergency departments, occupational medicine clinics, imaging centers, cancer centers and ambulatory surgery centers.

Summary:
As a member of the Cyber Security Risk Management team, the Security Engineer should have practical knowledge in the responsibilities listed below, gained through both education and work experience. You can be trusted to work independently and can tackle difficult problems with some guidance from peers and leadership.

Essential Duties and Responsibilities:

• Conduct comprehensive evaluations of third-party vendors and service providers, including financial stability, operational performance, and regulatory compliance.
• Identify potential risks and vulnerabilities in third-party relationships and devise effective mitigation plans.
• Communicate and interact effectively and professionally with co-workers, management, business partners, customers, etc. Work closely with internal teams, including procurement, legal, IT, and compliance, to ensure a unified approach to third-party risk management.
• Ensure alignment of third-party risk management practices with industry standards, regulatory requirements, and organizational goals.
• Continuously monitor third-party performance and compliance through regular audits and reviews.
• Maintain thorough and accurate records related to third-party risk management processes.
• Raise awareness of third-party risk issues and best practices within the organization.

Miminum Qualifications:

• Required Education: High School diploma
• Preferred Education: Bachelor’s degree preferred or relevant experience.
• Required Experience:
  • Duration:
    • Strong Research and Analytical Skills
    • Basic knowledge of Regulatory Standards (Ex: HIPAA, HITECH, PCI, SOX)
    • Basic knowledge of Industry Standard Security Frameworks (Ex: NIST, CIS, ISO, HITRUST)
    • Strong Verbal and Written Communication Skills
• Preferred Experience:
  • Common Knowledge of Industry Standard Audit Methodologies
  • Common Knowledge of Industry Standard Security Practices
• Required License/Registration/Certification: None
• Job Knowledge Required: Competence in areas listed above. Strong ability to work on and prioritize multiple, concurrent projects while meeting aggressive deadlines in a fast-paced environment. Willingness to participate in cross-functional training and support.

Physical Demands:
In order to successfully perform this job, with or without a reasonable accommodation, the following are outlined below:

• The Employee is required to read, review, prepare and analyze written data and figures, using a PC or similar, and should possess visual acuity.
• The Employee may be required to occasionally climb, push, stand, walk, reach, grasp, kneel, stoop, and/or perform repetitive motions.
• The Employee is not substantially exposed to adverse environmental conditions and; therefore, job functions are typically performed under conditions such as those found within general office or administrative work.