Information Security Analyst III (Vendor Risk Management)

Company: Change Healthcare Solutions
Location: Alpharetta
Posted on: June 23, 2022

Job Description:

TitleInformation Security Analyst III (Vendor Risk Management)Overview of PositionThe Security Analyst will assist in the execution of the Vendor Risk Assessment Program that includes vendor registration, risk assessments, monitoring and issue management, and reporting. Our team is a part of the Information Security organization and partners with our vendors, using an established process, to ensure compliance with the overall program and reduction of information security risks associated with vendors.What will be my duties and responsibilities in this job?Lead and execute third-party risk assessments of Change Healthcare's vendors which includes: Confirming vendor's compliance to security controls using established proceduresAssessing vendor's controls, processes, and/or systems to identify the threats and vulnerabilities that lead to riskDeveloping plans to mitigate against risks, and managing the remediation plan to completionEngage with vendors and internal stakeholders on an ongoing basis to:Manage audit requests as they pertain to the programCoordinate the gathering of information needed for periodic validations and auditsCommunicate identified assessment resultsDrive registration of vendors into Information Security's GRC platformDevelop and deliver monthly metrics and risk reporting dashboards to leadershipWhat are the requirements needed for this position?Bachelor's degree in MIS, IT, Related Field, or equivalent experience2-5 years of experience in a vendor risk management or security assessment capacityExperience assessing third-party security risk and performing security assessmentsKnowledge of information security concepts and theory, and the application of such through technical and non-technical methodsSolid understanding of a wide variety of IT risk domains related to confidentiality, integrity, and availabilityAble to establish strong working relationships with IT leadership and technical teams, business customers, vendors and peersAble to interface, influence and communicate (written and verbally) with all levels of management, industry organizations, and customersStrong time management skills/flexible work style to prioritize work effortsWhat other skills/experience would be helpful to have? Knowledge of common InfoSec regulation & frameworks (PCI, HIPAA, ISO 27001, HITRUST, FISMA) is a plusExperience executing audit plans or performing assessments using defined control frameworks is a plusExperience with OneTrust GRC suite is a plusOne or more of the following certifications is a plus: CISSP, CISM, CEH, Security+, MCSE, CWTS, CISA, CNDA, CCNP, CCIE, CCNA, CISO, AWS.How much should I expect to travel?Employees in roles that require travel will need to be able to qualify for a company credit card or be able to use their own personal credit card for travel expenses and submit for reimbursement.Join our team today where we are creating a better coordinated, increasingly collaborative, and more efficient healthcare system! COVID Vaccination RequirementsWe remain committed to doing our part to ensure the health, safety, and well-being of our team members and our communities. As such, we require all employees to disclose COVID-19 vaccination status prior to beginning employment and we may require periodic testing for certain roles. In addition, some roles require full COVID-19 vaccination as an essential job function. Change Healthcare adheres to COVID-19 vaccination regulations as well as all client COVID-19 vaccination requirements and will obtain the necessary information from candidates prior to employment to ensure compliance. Equal Opportunity/Affirmative Action Statement Change Healthcare is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, genetic information, national origin, disability, or veteran status. To read more about employment discrimination protections under federal law, read EEO is the Law at https://www.eeoc.gov/employers/eeo-law-poster and the supplemental information at https://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCP_EEO_Supplement_Final_JRF_QA_508c.pdf.If you need a reasonable accommodation to assist with your application for employment, please contact us by sending an email to applyaccommodations@changehealthcare.com with "Applicant requesting reasonable accommodation" as the subject. Resumes or CVs submitted to this email box will not be accepted.Click here https://www.dol.gov/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf to view our pay transparency nondiscrimination policy.California (US) Residents: By submitting an application to Change Healthcare for consideration of any employment opportunity, you acknowledge that you have read and understood Change Healthcare's Privacy Notice to California Job Applicants Regarding the Collection of Personal Information.Change Healthcare maintains a drug free workplace and conducts pre-employment drug-testing, where applicable, in accordance with federal, state and local laws.

Keywords: Change Healthcare Solutions, Alpharetta , Information Security Analyst III (Vendor Risk Management), Executive , Alpharetta, Georgia