Itss-security Consultant-humjp00023689 @ Baxter India

Job Description

The Third Party Cybersecurity Risk Manager 2 will be required to understand the department, segment, and organizational strategy and operating objectives, including their linkages to related areas. Makes decisions regarding own work methods, occasionally in ambiguous situations, and requires minimal direction and receives guidance where needed. Follows established guidelines/procedures. The Third Party Cybersecurity Risk Manager 2 will be responsible for, but not limited to, the following tasks:
Conduct cyber security risk assessments on Third Parties to Humana or its subsidiaries.
Provide recommendations to reduce vendor risk and follow-up to ensure remediation plans are timely, effective, and appropriately implemented
Report engagement status and results, both verbally and in writing, to management
Review and analyze technologies, processes, documentation, and data to identify any gaps in the effectiveness of TPM cybersecurity controls and operations
Presenting information, updates, results, etc. to associates and leaders
Gap Remediation

Additional Job Description
This role will be performing security risk assessments on our third party vendor population for companies that Humana acquires through the M&A process. Not on the acquired company itself, but the vendors who support their business.
o We are using OneTrust for our GRC platform to perform these assessments.
o The control set we leverage for these reviews is based on the HITRUST framework.
1. Schedule call with vendor to discuss scope of services provided to us, then determine based on the conversation whether an assessment is warranted
2. We send the questionnaire to the vendors, they provide Yes/No/Not Applicable responses to the questions, return the assessment to the assigned assessor with evidence in the form of policies/procedure/implementation
3. The assessor reviews provided evidence to validate the vendor has the proper controls in place
4. Identifies potential risks from not being able to validate controls as in place
5. Hold closing call with vendor to discuss open items
6. Write report about the assessment, create risks within the GRC tool, present to the rest of the team
7. Work with the business to acknowledge the completed assessment
8. Work with the vendor to remediate identified risk to closure

Required Qualifications
Bachelor s Degree in Business, Information Technology, or a related field
Proficient understanding of and experience with audit, regulatory requirements, and standards (SOC2, ISO, HITRUST), and other related standards and certification processes required
A minimum of 3 years experience in IT audit, compliance, and/or IT security
Strong ability to assess urgency and prioritization and make good decisions based upon situational circumstances
Excellent communication skills with the ability to influence others
Analytical and problem-solving skills
Must be passionate about contributing to an organization focused on continuously improving consumer experiences
Preferred Qualifications
Knowledge of key compliance and IT frameworks such as: SSAE16 SOC2, HITRUST, SOX, etc.
Healthcare experience a plus but not required
Additional Industry Certifications: CISA, CISSP, HCISPP, CCSP, CISM, CTPRP, etc.
Master s Degree in Computer Science, Information Technology, or a related field

Job Segment: Computer Science, Technology

Employement Category:

Employement Type: Full time
Industry: IT - Software
Role Category: General / Other Software
Functional Area: Not Applicable
Role/Responsibilies: Itss-security Consultant-humjp00023689

+ View Contact

Keyskills:   grc sap troubleshooting environment customer relations it audit music making security risk cyber security problem solving computer science communication skills information technology regulatory requirements it tpm iso sox set gap