As a Senior Third-Party Security Risk Analyst in BSWH, you will be part of a team who is reviewing, assessing and managing the Third-Party Information Security Risk across the organization. As part of the team, you will perform security risk analysis of external vendor and other third party organizations, lead initiatives and assessments, including; core assessments of a Third Party technical, administrative, and physical controls, Cloud solutions, Mobile solutions and Application solutions. The ideal candidate should; have a good understanding of regulations that governs this space, be well versed in risk management and can help counterparts and peers manage cybersecurity risk.
Support the Technology Risk Advisory function by understanding the business needs and helping to shape the Third-Party Technology Risk strategy, be part of a team that assess risk and work with Business Units to manage risk portfolios.
Represent BSWH TPRM in the negotiation of information security contracts with external third parties
Work with TPRM leadership and legal team in developing security contract templates
Develop security questionnaires (e.g. SIG) tailored to vendor's risk tiers
Review and manage SIG responses from external parties, receiving and responding to SIG artifacts
Review and assess audit reports (e.g. SOC 2) and other reports (e.g. system audit logs, pen tests)
In partnership with BSWH vendors, develop risk mitigation plans for vendors
Evaluate security risk tiering/prioritization of external parties
Mentor junior analysts
Have a good understanding of regulations that govern this space.
Be well versed in risk assessments and have a demonstrated ability in helping counterparts manage risk.
Have an experience in a contract review and negotiations.
Understanding of industry recognized risk management frameworks and a proven track record of implementation.
Working knowledge of regulatory landscape and information security management controls and frameworks (e.g., HIPAA, HITRUST, PCI; NIST, ISO 27000/27001, SSAE-18).
Good understanding of information security controls, along with preferred and alternative implementations.
Have a good understanding in conducting audits.
Have a technical knowledge of network infrastructure, cyber security risks, web and cloud based applications.
Proficient verbal and written communication skills
Bachelor of Science in Computer Science, System/Computer Engineering, Cyber-Security, Information Security, Information Technology or Risk Management is preferred
2 years of experience in cyber security (system, network, application, cloud, mobile)
3 years of experience developing risk mitigation plans
4 years of experience in conducting risk assessment and audits
One or more of the following Certificates (Highly desirable): CISA, CRISC, CISM, CISSP
Location/Facility – Administrative Building - Dallas
For more information on the facility, please click our Locations link.
Specialty/Department/Practice – IT / Identity & Access Management
-Immediate eligibility for health and welfare benefits
-401(k) savings plan with dollar-for-dollar match up to 5%
-PTO accrual beginning Day 1
*Note: Benefits may vary based upon position type and/or level.
- EDUCATION - Bachelors or Equivalent Exp
- EXPERIENCE - A minimum of 5 years experience required
- EXTENSIVE EXPERIENCE - In third party security risk management
Internal Number: 20011908
About Baylor Scott & White Health
Baylor Scott & White Health (BSWH) is the largest not-for-profit health care system in Texas and one of the largest in the United States. With a commitment to and a track record of innovation, collaboration, integrity and compassion for the patient, BSWH stands to be one of the nation’s exemplary health care organizations. Our mission is to serve all people by providing personalized health and wellness through exemplary care, education and research as a Christian ministry of healing. Joining our team is not just accepting a job, it’s accepting a calling!