Third Party Risk Analyst ( TPRA )

About The Position

Requirements

• Bachelor's degree in Business, Risk Management, Information Security, or related field preferred.
• 3+ years of experience in risk management, vendor management, or compliance, preferably in health insurance or other regulated industry.
• Strong understanding of third-party oversight and regulatory requirements (e.g., PCI, SOC 1 & 2, ISO, HITECH, HIPAA, and data privacy laws).
• Industry certifications such as CTPRP, CTPRA, C3PRMP, TPRA CRISC are a plus
• A strong working knowledge of legal, privacy/security, and technical business requirements (i.e., SLAs and SLOs) Experience using vendor management or GRC (Governance, Risk, and Compliance) platforms.
• Proficient in Microsoft Office Suite.
• Excellent written and verbal communication skills, with the ability to present complex information clearly to different audiences.
• Knowledge of cloud service provider risk management is a plus.
• Ability to travel as business needs require.

Nice To Haves

• Strategic and analytical thinker with strong problem-solving abilities.
• Highly organized and meticulous with the ability to manage multiple priorities.
• Collaborative team player comfortable engaging with senior leadership and cross-functional partners.
• Results-oriented, adaptable, and committed to continuous improvement in vendor risk practices.

Responsibilities

• Support the development and maintenance of the vendor management framework, including policies, procedures, and risk assessment methodologies.
• Vendor contract review and negotiation to review compliance, assess risk, negotiate business terms with vendors, and maximize price efficiency
• Manage and operate vendor risk controls, acceptance processes, and key risk indicator (KRI) reporting.
• Maintain accurate vendor profiles, risk ratings, and performance data within the vendor management platform.
• Collaborate with internal stakeholders to ensure proper vendor selection, contracting, and monitoring processes.
• Responsible for managing service agreements across software, hardware, telecommunications, and other Services.
• Ensure all vendor relationships have metrics to evaluate performance and ensure adherence to SLAs through surveys and scorecards.
• Conduct risk assessments of new and existing vendors, focusing on financial health, operational resilience, cybersecurity, data privacy, and regulatory compliance.
• Conduct review of vendor third party security attestations (SOC2, ISO, HiTrust) to ensure vendors security aligns with Careington requirements
• Conduct thorough due diligence reviews, including evaluations of documentation and questionnaires, and provide recommendations for mitigating risks.
• Develop corrective action plans and control documentation for identified risks.
• Monitor and evaluate vendor remediation efforts to ensure timely resolution of issues.
• Prepare and deliver risk reports and dashboards for leadership and governance committees.
• In collaboration with Leadership, evaluate, vet, and actively participate in vendor selection and the RFP process.
• Partner with business units to support risk-aware decision-making and continuous improvement of third-party risk practices.
• Participate in vendor incident response and escalation processes.
• Stay current on industry trends, regulatory updates, and emerging risks impacting third-party relationships.