Third-Party Risk Management Specialist

Position Summary:

We are seeking a highly motivated and self-driven Third-Party Risk Management Specialist with a strong background in Third-Party Risk Management (TPRM) to join our Information Security team. This role will play a key part in our Governance, Risk, and Compliance (GRC) function, with a specific focus on TPRM. The ideal candidate will have a passion for information security and risk reduction, as well as experience working with industry-standard frameworks.

As a member of the Information Security team, you will play an important role in safeguarding the privacy, confidentiality, integrity, and availability of information and systems across the organization. Your primary focus will be conducting vendor assessments and identifying third-party risks and recommending appropriate mitigation strategies. Must be aware of and comply with all aspects of the RxSense Information Security Program and the policies contained therein. Must always understand the importance of maintaining Information Security.

Responsibilities:

• Lead and manage third-party risk assessments, ensuring vendors meet security and compliance standards
• Evaluate and monitor third-party controls to identify potential risks and recommend mitigation strategies
• Collaborate with legal, IT and business units to align vendor onboarding and risk processes
• Maintain compliance with SOC1, SOC2, HIPAA, HITRUST and ISO 27001
• Assist in the development and maintenance of policies, procedures, and standards related to third-party security
• Maintain inventory of third parties
• Track remediation efforts for identified vendor risks and ensure timely resolution
• Collaborate with the GRC Manager to continuously enhance and mature the TPRM Program
• Support audits and compliance initiatives related to vendor management and security
• Develop relationships within the team and across departments to encourage cooperation, communication, and respect

Requirements:

• 2 + plus year of experience with all aspects of TPRM
• Must maintain a clean and presentable appearance and work environment for video calls
• Excellent verbal and written communication skills
• Customer service orientation (e.g., patience, positive customer-friendly attitude, active listening, empathy, professionalism, etc.)
• Strong attention to detail
• Ability to manage multiple responsibilities and competing priorities, constantly reprioritizing based on new information or shifting deadlines
• Strong desire to learn new technologies, frameworks, and standards
• Maintain current skills and strive to acquire new knowledge based on current industry trends
• Highly motivated self-starter & independent worker who can produce high level results consistently with minimal supervision
• Must work well in a team environment and participate in working meetings over Zoom (or equivalent)
• Capable of analyzing data to evaluate risk and compliance
• Ability to travel when required for audits

Education:

• Bachelor’s degree or equivalent years of industry experience
• Security Certifications a plus
• Governance, Risk, and Compliance (GRC) experience a plus
• Basic Knowledge of information security frameworks (e.g., ISO 27001, HITRUST, and SOC 2) and regulatory requirements such as HIPAA a plus

Salary Range: 85,000 - 105,000