Additional Job Description
This role will be performing security risk assessments on our third party vendor population for companies that Humana acquires through the M&A process. Not on the acquired company itself, but the vendors who support their business.
o We are using OneTrust for our GRC platform to perform these assessments.
o The control set we leverage for these reviews is based on the HITRUST framework.
1. Schedule call with vendor to discuss scope of services provided to us, then determine based on the conversation whether an assessment is warranted
2. We send the questionnaire to the vendors, they provide Yes/No/Not Applicable responses to the questions, return the assessment to the assigned assessor with evidence in the form of policies/procedure/implementation
3. The assessor reviews provided evidence to validate the vendor has the proper controls in place
4. Identifies potential risks from not being able to validate controls as in place
5. Hold closing call with vendor to discuss open items
6. Write report about the assessment, create risks within the GRC tool, present to the rest of the team
7. Work with the business to acknowledge the completed assessment
8. Work with the vendor to remediate identified risk to closure
Required Qualifications
Bachelor s Degree in Business, Information Technology, or a related field
Proficient understanding of and experience with audit, regulatory requirements, and standards (SOC2, ISO, HITRUST), and other related standards and certification processes required
A minimum of 3 years experience in IT audit, compliance, and/or IT security
Strong ability to assess urgency and prioritization and make good decisions based upon situational circumstances
Excellent communication skills with the ability to influence others
Analytical and problem-solving skills
Must be passionate about contributing to an organization focused on continuously improving consumer experiences
Preferred Qualifications
Knowledge of key compliance and IT frameworks such as: SSAE16 SOC2, HITRUST, SOX, etc.
Healthcare experience a plus but not required
Additional Industry Certifications: CISA, CISSP, HCISPP, CCSP, CISM, CTPRP, etc.
Master s Degree in Computer Science, Information Technology, or a related field
Job Segment: Computer Science, Technology
Keyskills: grc sap troubleshooting environment customer relations it audit music making security risk cyber security problem solving computer science communication skills information technology regulatory requirements it tpm iso sox set gap
A leader in healthcare for more than 75 years. Baxter assists healthcare professionals and their patients with treatment of complex medical conditions. Information on our business and leadership is available here.