Third Party Risk Management Analyst 10/9/2017
JOB DESCRIPTIONAPPLY For more than 30 years, CDPHP has been providing outstanding health care coverage in the Capital Region of New York and beyond. Based in Albany, NY, the physician-guided not-for-profit offers plans in 24 counties. CDPHP cares deeply about the health and well-being of its members as well as its employees. The company values integrity, diversity, and innovation, and its corporate culture supports those values wholeheartedly. At CDPHP, the employees have a voice and are encouraged to make an impact at both the company and community levels through engagement and volunteer opportunities. CDPHP invests in employees who share these values and invites you to be a part of that experience.
The Third Party Risk Management (TPRM) Analyst is a risk professional responsible for assisting TPRM Practitioner(s) and TPRM Manager in ensuring CDPHP can identify, assess and monitor the risk introduced by contracting with third parties in the execution of various business operations. The incumbent will focus on complex data sharing via cloud which is becoming more widely used, increasing risk related to third parties. The TPRM Analyst will support CDPHP s enterprise wide TPRM Program which is a part of CDPHP s Information Risk and Governance team. Additionally, the incumbent will be tasked with supporting all aspects of the CDPHP s Third Party Risk Assessment process.
* Bachelor s degree required. 7 years relevant experience may be substituted for degree.
* CISSP, CRISC, CISA, CISM, or other related certifications are a plus but not a requirement. Individual must be willing to obtain such certifications as directed by management.
* Three (3) years in third party / vendor risk management, information risk management, information risk assessment, or IT auditing preferred. Internship experience may be substituted for work experience.
* Strong analytical and technical skills including the ability to research problems, understand vendor controls, determine root causes and suggest appropriate remediation preferred.
* Experience with a large insurance company or health plan or financial services organization preferred.
* Knowledge of control and risk identification and ability to assess the strength of controls in relation to multi risk factors operating in complex situations and systems.
* Ability to assess IT and security processes, controls, and governance as well as identify gaps, recommendations, and mitigating controls.
* Working Knowledge of audit skills preferred.
* Working knowledge of security and privacy regulations for all state and federal agencies such as HIPAA, HITECH, NYS Breach Law, DFS, DOH and CMS preferred.
* Working knowledge of regulatory compliance, risk management, auditing, and/or healthcare industry.
* Working knowledge of audit, control and security frameworks including CoBIT, NIST/FIPS, PCI, HITRUST, Model Audit Rule or Sarbanes Oxley preferred.
* Working knowledge of SOC assessments and reporting preferred.
* Working knowledge of information technology and the risks associated with these technologies.
* Excellent verbal and written communications skills are required.
* Demonstrated ability to assess risk, controls, and processes and make solid recommendations required.
* Demonstrated ability to work collaboratively in the team environment is required.
* Decision making/judgment.
* Ability to work independently.
As an Equal Opportunity / Affirmative Action Employer, CDPHP will not discriminate in its employment practices due to an applicant s race, color, creed, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, transgender status, age, national origin, marital status, citizenship, physical and mental disability, criminal record, genetic information, predisposition or carrier status, status with respect to receiving public assistance, domestic violence victim status, a disabled, special, recently separated, active duty wartime, campaign badge, Armed Forces service medal veteran, or any other characteristics protected under applicable law.