Engineer, Cyber Security Risk

About The Position

Requirements

• Education: Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Risk Management, or equivalent experience.
• Experience: 5+ years in cybersecurity engineering, security architecture, risk management, third‑party risk, or related technical roles.
• Clearances/Background: Able to pass healthcare compliance/background checks.
• Curiosity and willingness to learn new technologies, including AI-enabled security capabilities.
• Strong understanding of cybersecurity principles including cloud security, SaaS risk, identity, data protection, and access models.
• Demonstrated experience performing third‑party/vendor security assessments and communicating risk findings in formal governance processes.
• Familiarity with vendor security assessments, SOC reports, control frameworks, and assurance documentation.
• Ability to communicate risk effectively to technical, operational, and executive audiences.
• Strong analytical and critical‑thinking skills with a risk‑based mindset.
• Proficient use of risk management, governance, collaboration, and documentation tools.
• Ability to work cross‑functionally with cybersecurity, engineering, architecture, and leadership teams.
• Strong written and verbal communication skills.
• Ability to organize and manage multiple assessments and stakeholder engagements simultaneously.
• Ability to follow defined governance processes while identifying improvement opportunities.
• Ability to sit for extended periods and operate a computer.
• Occasional lifting up to 20 pounds.
• Extended screen time; rapid context switching; occasional high‑stress major‑incident participation.
• Ability to prioritize tasks and manage multiple tickets simultaneously.
• Attention to detail and consistency in documentation.
• Frequent context switching between technical details and risk communication.
• Ability to participate in discussions involving complex or sensitive risk topics.
• Occasional participation in high‑priority risk reviews or governance forums.

Nice To Haves

• Master’s Degree a plus.
• Certifications (preferred): CRISC, CCSP, or equivalent certifications.

Responsibilities

• Serve as the primary cybersecurity subject matter expert for Technology Review Board (TRB) submissions and discussions.
• Drive vendor security engagement by validating assessment responses, reviewing supporting evidence, and tracking remediation commitments and timelines.
• Perform security risk assessments for new and existing technologies, SaaS platforms, cloud services, and third‑party vendors.
• Evaluate third‑party security posture, including architecture, control maturity, access models, and data handling practices.
• Establish vendor risk conditions for acceptance (e.g., contractual safeguards, monitoring expectations, remediation plans) and communicate these requirements through TRB risk review deliverables.
• Partner with appropriate stakeholders to support third‑party risk decisions.
• Translate technical risks into clear, actionable recommendations for technical and non-technical stakeholders.
• Maintain risk documentation across company platforms in accordance with policy.
• Support continuous improvement of TRB and third‑party risk workflows, documentation, and efficiency.
• Maintain awareness of emerging threats, third‑party risk trends, and industry best practices.