100% REMOTE OPPORTUNITY!!! Our client, a Healthcare Insurance organization, is seeking Senior and Lead Cyber Risk Security Analysts to ensure the organization's data remains protected from inappropriate access, disclosure and/or damage buy assessing, documenting, and socializing risk.

ESSENTIAL FUNCTIONS:
-60% Assess third party cybersecurity controls, identify gaps, evaluate mitigation strategies / action plans and manage them to closure.
-20% Manage and maintain the third party security risk continuous monitoring program and develop metrics for reporting
-10% Identify ineffective, inadequate, or absent third-party security controls and quantification of risk to the customer
-10% Lead risk analyses efforts to ensure consistency in the detailed risk assessment lifecycle inclusive of identification, socialization, mitigation, and closure.
- The Third-Party Risk Analyst will be responsible for collaborating with internal and external vendor teams to assess, monitor, and manage risks associated with third-party relationships
- This role requires a keen eye for detail, strong project management and analytical skills, and the ability to effectively document findings and recommendations
- Work with business teams to conduct thorough assessments of third-party vendors to identify potential risks to the organization
- This includes evaluating their security practices, data handling procedures, and regulatory compliance (e.g., HIPAA)
- Prepare detailed risk assessment reports, clearly articulating findings and recommendations
- Maintain a comprehensive repository of all third-party risk assessments and associated documentation

Required Skills

- Education Level: Bachelor's Degree in Computer Science, Cyber Security, Information Technology, or related field (In lieu of a Bachelor's degree, an additional 4 years of relevant work experience is required in addition to the required work experience)
- Experience: 6+ years / 8+ years relevant information security experience. Must have 3rd party risk assessment (supplier risk) knowledge
- Must have diverse background in both on-prem and off-prem (cloud) platforms
- Ability to prefer SOC Reporting / Hitrust knowledge
- Any knowledge of HIPPA / PHI security standards considered BIG PLUS
- Preferred Tools: Whistic, Risk Recon
- Knowledge of cyber security related risk management techniques
- Knowledge of network architecture and firewall security
- Understanding of business needs and commitment to delivering high-quality, prompt, and efficient service

** Preferred Licenses/Certifications **
-CISSP - Certified Information Systems Security Professional Upon Hire Pref or
-CRISC - Certified Risk and Information Systems Controls
-CISM - Certified Information Security Manager Upon Hire Pref or
-Certified Ethical Hacker (CEH) Upon Hire Pref