Security Third Party Specialist

About The Position

Requirements

• A bachelor's degree AND
• 3 years of professional Information Security experience, preference for being in a federal and/or healthcare environment OR
• An equivalent combination of education and experience, substituting 1 year of qualifying graduate experience in Business or IT Security for each year of the required experience.

Nice To Haves

• Certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Health Care Compliance (CHC) Certification, Certified Information Systems Auditor (CISA), or HIPAA Certification.
• Strong knowledge in NIST SP 800 series guidance and control standards.
• Strong knowledge of HIPAA standards for security and privacy.
• Strong experience with supply chain/third party governance programs in a large complex environment.
• Work experience in a federal government and/or healthcare environment.

Responsibilities

• Vulnerability management and monitoring; This includes understanding vulnerability management principles and technical scan reports for working with system vendors to review and develop relevant risks metric reports.
• Provide technical expertise and analysis; Keep aware of current industry trends and news to be more proactive in efforts. Be able to handle and interpret more technical questions and information. Must be proficient in data analysis and related tools such as MS Excel to identify issues, trends, patterns, track information and other techniques to achieve objectives and craft usable report summaries. This includes skilled use of formulas, pivot tables, and principles of good design.
• Third Party Document Reviews; Support Business Enterprise projects by providing expertise in reviewing security documentation providing comments and escalation of any issue identified as appropriate. May be required to attend project meetings to clarify comments and listen for other security concerns that may need coordination. Coordination with subject matter experts or stakeholders may be required for detailed issues and resolutions.
• Coordinate workgroup meetings to identify, address, and drive third party risk and issues.
• Coordinate closely with Risk and Compliance Manager to support; Communicate and coordinate effectively with teams to identify support needs.
• Draft and Maintain Security Documentation; This includes, but is not limited to, Standards, Guidance, and Supply Chain Risk Management (SCRM) Plan related to NIST 800-161. Documents shall be reviewed annually or during significant changes for updates and maintenance. Technical concepts should be written at a level commensurate with the audience for the document.
• Other duties as assigned.

Benefits

• Generous state-paid benefit allowance to offset insurance premiums.
• A wide selection of top-tier health insurance plans.
• Optional flexible spending accounts for health care or dependent care expenses.
• Employee Assistance Program (EAP) offering confidential support.
• Wellness benefits, including an on-site gym and fitness center discounts.
• 11 paid holidays annually.
• 15 vacation days and 15 sick days in your first year.
• Retirement Savings Plan with substantial employer contributions.
• Longevity Bonus to reward years of service.
• Public Service Loan Forgiveness eligibility and reimbursement for educational expenses.
• Professional development training opportunities, including CEU support.