3rd Party Information Security Assurance Specialist

The 3rd Party Information Security Assurance Specialist, as a part of the Enterprise Security team will safeguard information system assets by developing an understanding of the security requirements of the company 3rd parties and their information systems to identify potential or actual security compliance issues.

Required Experience:

5

+ Years
Job Locations:

Remote/Florida Hybrid

Location Restrictions:

Travel

Basic Qualifications and

The 3rd Party Information Security Assurance Specialist, as a part of the Enterprise Security team will safeguard information system assets by developing an understanding of the security requirements of the company 3rdparties and their information systems to identify potential or actual security compliance issues. The 3rd Party Assurance Team supports the business in assessing 3rd parties that may access, process, transmit and/or store company Data such as Protected Health Information (PHI), Payment Card Industry (PCI), or Personally Identifiable Information (PII). 

 

PRINCIPAL DUTIES AND JOB RESPONSIBILITIES:

  • Determine vendor risk level using risk tier toolkit(s)
  • Send security questionnaire to vendors based on risk level
  • Partner with vendor point of contact to ensure responses are received within agreed upon timelines
  • Examine records, reports, operating practices, and evidence gathered from vendor to finalize assessment report and remediation plan
  • Provide documentation of 3rd party findings with identified assessment gaps, information security risks and remediation recommendations in Governance, Risk, and Compliance platform
  • Negotiate vendor remediation planning and implementation efforts to reduce organizational risk
  • Facilitate the use of Governance, Risk, and Compliance technology-based tools to review, design and/or deliver services
  • Build and maintain knowledge of information security controls, standards, and best practices related to information security and compliance e.g., PCI-DSS and HITRUST with standards, laws, and regulations e.g., AICPA and HIPAA
  • Contribute in the delivery of a comprehensive 3rd party information security assurance program through the continual review, evaluation, and testing of administrative, physical and technical controls to assess effectiveness 
  • Exercise professional judgment in evaluating information, making recommendations, and maintaining confidentiality of data per ADH policies, avoiding conflict of interests
  • Build and actively support mentoring relationships within the team, department, and organization
  • Ability to elicit and understand customer needs

Responsibilities
Required Skills and Experience

KNOWLEDGE AND SKILLS REQUIRED:

  • Background in IT, information security, applications, and/or data centers
  • Enterprise-wide Information Security controls, IT processes, procedures, testing concepts, and audit reporting
  • Cloud-based application/environment security requirements
  • Interpretation of Generally Accepted Auditing Standards (GAAS), and/or SSAE-16/18 reports
  • IIA and ISACA standards, including preparation of detailed work papers adequately supporting conclusions to ensure a complete work product
  • Complimenting assessments with the knowledge of various technologies to help AHS achieve its information security compliance objectives
  • Effectively communicate both verbal and written
  • Time management skills
  • Multi-tasking, prioritization, decision making, project management, presentation, and strong interpersonal skills
  • Ability to negotiate remediation planning and efforts with the 3rd party
  • Ability to work independently and efficiently with minimum supervision
  • Ability to elicit and understand customer needs

KNOWLEDGE AND SKILLS PREFERRED:

  • Information Security Standards and Frameworks such as HITRUST, NIST, and PCI-DSS.
  • GRC tools (Keylight/Archer highly desirable).
  • IT, information security, applications, and/or healthcare.

EDUCATION AND EXPERIENCE REQUIRED:

  • Bachelor’s degree in Business Administration, Information Security or other related field
  • Minimum of 4 years’ experience with Information Security risk assessments or 3rd Party Information Security Assurance, and/or Compliance programs.

EDUCATION AND EXPERIENCE PREFERRED:

  • Master’s degree in Computer Sciences, Information Systems, Cybersecurity, Business Administration or other related field
  • Three or more years of experience executing Information security audit and compliance initiatives within large complex organizations
  • Three or more years of experience in a healthcare environment

LICENSURE,CERTIFICATION OR REGISTRATION REQUIRED:

  • Security +
  • Have or obtain one of the preferred certifications within 1 year of employment

LICENSURE,CERTIFICATION OR REGISTRATION PREFERRED:

One of the following

  • Certified Information Systems Auditor (CISA)
  • Certified Information Systems Security Professional     (CISSP)

Interested in this position?
Fill out the form below!