Job Summary:
Collaborate with key stakeholders and customers in the execution of the processes and controls related to information security third party risk and compliance in order to protect business interests and achieve business goals.
Essential Functions:
- Collaborate with key stakeholders and customers in the execution of the processes and controls related to information security third party risk and compliance in order to protect business interests and achieve business goals
- Maintain a baseline of information security (IS) related third party risk, identify areas of potential exposure, develop, and align third party risk management strategies with CareSource goals and objectives, and execute program ensuring consistency
- Support and mature a common and consistent information security third party risk management (ISTPRM) program to effectively manage third party risk in accordance with internal policy and Federal/ State Regulatory requirements
- Maintain a structured internal governance framework, to ensure effective oversight of IS third party risk compliance related to information security
- Provide guidance to the business, Strategic Sourcing and other stakeholders to ensure ISTPRM requirements are fully understood
- Identify and communicate IS related third party risk findings to key stakeholders (Business/Sourcing/Legal/IT) and collaborate to determine reasonable solutions to mitigate and/or manage risk to acceptable levels
- Review and update template information security language to include in third party contracts; review and suggest alternative language as needed commensurate with risk during the contracting process; add additional language to contracts to include mitigation plans related to IS risks identified in the third-party risk review
- Provide and maintain IS third party risk reporting mechanisms, and track and report outcomes from IS third party management activities
- Complete assessments, requests, and other team activities when demand increases
- Collect, organize, and distribute reports and documents and recommend enhancements to reporting and audit tools
- Stay informed about the latest developments in the third-party risk management field as well as information security best practices
- Responsible for leading, developing, coaching direct reports; in collaboration with HR, conduct performance reviews, and disciplinary action
- Perform any other job duties as requested
Education and Experience:
- Bachelor of Science/Arts degree or equivalent work experience is required. Master’s or JD is preferred.
- Five (5) or more years of IT experience preferably in a medium to large technical operating environment required
- Three (3) years of experience in the practice of risk management such as assessment of risk, risk-to-business decision making, and maintenance of an effective and comprehensive third party risk management framework required
- Five (5) years of experience in IT Management is preferred
- Two (2) years of experience with contract negotiation is preferred
- Experience with ServiceNow is preferred
- Experience supporting complex projects and programs strongly preferred
Competencies, Knowledge and Skills:
- Effective oral and written communication skills
- Executive presence and comfortable speaking to senior leaders
- Knowledge of contemporary information security risk management and control techniques and frameworks
- Knowledge of management information systems terminology, concepts, and practices
- Considerable knowledge of industry program policies, procedures, regulations, and laws as they relate to security
- Strong decision making/problem solving skills
- Strategic management skills
- Organization skills with strong attention to detail
- Ability to set and manage priorities judiciously
- Ability to present ideas in business-friendly and user-friendly language
- Exceptionally self-motivated and directed
- Superior analytical, evaluative, and problem-solving abilities
- Ability to motivate in a team-oriented, collaborative environment
Licensure and Certification:
- Certifications in Information Security Management, such as CISSP, CRISC, CISA, CISM preferred
Working Conditions:
- General office environment; may be required to sit or stand for extended periods of time
Compensation Range:
$90,500.00 - $158,400.00
CareSource takes into consideration a combination of a candidate’s education, training, and experience as well as the position’s scope and complexity, the discretion and latitude required for the role, and other external and internal data when establishing a salary level. We are highly invested in every employee’s total well-being and offer a substantial and comprehensive total rewards package.
Compensation Type (hourly/salary):
Salary
Organization Level Competencies
This job description is not all inclusive. CareSource reserves the right to amend this job description at any time. CareSource is an Equal Opportunity Employer. We are dedicated to fostering an inclusive environment that welcomes and supports individuals of all backgrounds.