Cybersecurity Third Party Risk Manager - Remote

About The Position

Requirements

• 5+ years of experience in cybersecurity, with at least 3 years in risk management with a degree (Required)
• 7+ years of experience in cybersecurity, with at least 3 years in risk management without a degree) (Required)
• 3+ years of experience in a leadership or management role
• Deep understanding of cybersecurity frameworks (NIST CSF, NIST 800-53, ISO 27001, HITRUST)
• Knowledge of healthcare regulations (HIPAA, HITECH) and their technical requirements
• Familiarity with risk assessment methodologies and tools
• Understanding of security technologies, controls, and best practices
• Experience with GRC (Governance, Risk, and Compliance) platforms such as ServiceNOW, OneTrust

Nice To Haves

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field (preferred)
• CISSP (Certified Information Systems Security Professional) (Preferred)
• CISM (Certified Information Security Manager)(Preferred)
• CRISC (Certified in Risk and Information Systems Control)(Preferred)
• CISA (Certified Information Systems Auditor)(Preferred)
• Experience in healthcare or other highly regulated industries preferred

Responsibilities

• Lead team of cyber security risk professionals to design, implement and operationalize Sentara Healthcare’s risk management program.
• Provide management oversight and serve as the leadership point of contact for the cyber security risk team.
• Ownership of cyber security risk strategy and programs risk and performance indicators, executive and board reporting.
• Be responsible for overall cyber security risk management using continuous self-assessments and executive reporting.
• Provide continuous input to leadership and help measure the cyber security risk posture of Sentara Healthcare.
• Understand key security and risk frameworks including but not limited to HIPAA, HITRUST, NIST800-171, PCI, and laws/regulations.
• Provide leadership and engage with the business to perform security assessments and ensure timely execution of projects and programs while mitigating any security risks.
• Work closely with internal groups such as Human Resources, Enterprise Risk Management, Internal Audit, Privacy, Legal, and Compliance on matters of policy and risk management.
• Develop and improve KPI/KRIs, metrics, risk register and trending.
• Mentor, coach, and train security staff.
• Maintain risk registers and ensure timely remediation of identified risks.
• Manage day-to-day operations of the cybersecurity risk management function.
• Provide coaching and professional development opportunities for team members.
• Foster a culture of security awareness and risk-conscious decision-making.
• Collaborate with executives, clinical leaders, IT teams, legal, compliance, and other stakeholders across the organization.
• Lead cross-functional meetings to discuss risk priorities, mitigation strategies, and security initiatives.
• Present cybersecurity risk reports and recommendations to senior leadership and board committees.
• Translate complex technical risks into business terms for non-technical audiences.
• Build strong relationships to promote security and best practices throughout the organization.
• Lead cybersecurity risk assessment engagements from initiation through completion.
• Manage multiple concurrent projects and programs related to cybersecurity risk reduction.
• Develop project plans, timelines, and resource allocation strategies.
• Track project milestones and ensure deliverables meet quality standards and deadlines.
• Coordinate third-party risk assessments for vendors and business partners.
• Stay current with emerging threats, vulnerabilities, and healthcare cybersecurity trends.
• Recommend and implement improvements to cybersecurity controls and risk management processes.
• Participate in incident response activities and post-incident risk assessments.
• Support the development of cybersecurity policies, standards, and procedures.
• Contribute to the organization's overall cybersecurity strategy and roadmap.

Benefits

• Medical, Dental, Vision plans
• Adoption, Fertility and Surrogacy Reimbursement up to $10,000
• Paid Time Off and Sick Leave
• Paid Parental & Family Caregiver Leave
• Emergency Backup Care
• Long-Term, Short-Term Disability, and Critical Illness plans
• Life Insurance
• 401k/403B with Employer Match
• Tuition Assistance – $5,250/year and discounted educational opportunities through Guild Education
• Student Debt Pay Down – $10,000
• Reimbursement for certifications and free access to complete CEUs and professional development
• Pet Insurance
• Legal Resources Plan
• Annual discretionary bonus