Information Security Analyst III (Vendor Risk Management) – Change Healthcare – Wyoming

Title
Information Security Analyst III (Vendor Risk Management)

Overview of Position
The Security Analyst will assist in the execution of the Vendor Risk Assessment Program that includes vendor registration, risk assessments, monitoring and issue management, and reporting. Our team is a part of the Information Security organization and partners with our vendors, using an established process, to ensure compliance with the overall program and reduction of information security risks associated with vendors.

What will be my duties and responsibilities in this job?

• Lead and execute third-party risk assessments of Change Healthcare’s vendors which includes:
  • Confirming vendor’s compliance to security controls using established procedures
  • Assessing vendor’s controls, processes, and/or systems to identify the threats and vulnerabilities that lead to risk
  • Developing plans to mitigate against risks, and managing the remediation plan to completion
• Engage with vendors and internal stakeholders on an ongoing basis to:
  • Manage audit requests as they pertain to the program
  • Coordinate the gathering of information needed for periodic validations and audits
  • Communicate identified assessment results
  • Drive registration of vendors into Information Security’s GRC platform
• Develop and deliver monthly metrics and risk reporting dashboards to leadership

What are the requirements needed for this position?

• Bachelor’s degree in MIS, IT, Related Field, or equivalent experience
• 2-5 years of experience in a vendor risk management or security assessment capacity
• Experience assessing third-party security risk and performing security assessments
• Knowledge of information security concepts and theory, and the application of such through technical and non-technical methods
• Solid understanding of a wide variety of IT risk domains related to confidentiality, integrity, and availability
• Able to establish strong working relationships with IT leadership and technical teams, business customers, vendors and peers
• Able to interface, influence and communicate (written and verbally) with all levels of management, industry organizations, and customers
• Strong time management skills/flexible work style to prioritize work efforts

What other skills/experience would be helpful to have?

• Knowledge of common InfoSec regulation & frameworks (PCI, HIPAA, ISO 27001, HITRUST, FISMA) is a plus
• Experience executing audit plans or performing assessments using defined control frameworks is a plus
• Experience with OneTrust GRC suite is a plus
• One or more of the following certifications is a plus: CISSP, CISM, CEH, Security+, MCSE, CWTS, CISA, CNDA, CCNP, CCIE, CCNA, CISO, AWS.

How much should I expect to travel?

Employees in roles that require travel will need to be able to qualify for a company credit card or be able to use their own personal credit card for travel expenses and submit for reimbursement.

Join our team today where we are creating a better coordinated, increasingly collaborative, and more efficient healthcare system!

COVID Vaccination Requirements

We remain committed to doing our part to ensure the health, safety, and well-being of our team members and our communities. As such, we require all employees to disclose COVID-19 vaccination status prior to beginning employment and we may require periodic testing for certain roles. In addition, some roles require full COVID-19 vaccination as an essential job function. Change Healthcare adheres to COVID-19 vaccination regulations as well as all client COVID-19 vaccination requirements and will obtain the necessary information from candidates prior to employment to ensure compliance.

Equal Opportunity/Affirmative Action Statement

Change Healthcare is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, genetic information, national origin, disability, or veteran status. To read more about employment discrimination protections under federal law, read EEO is the Law at https://www.eeoc.gov/employers/eeo-law-poster and the supplemental information at https://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCP_EEO_Supplement_Final_JRF_QA_508c.pdf.

If you need a reasonable accommodation to assist with your application for employment, please contact us by sending an email to [email protected] with “Applicant requesting reasonable accommodation” as the subject. Resumes or CVs submitted to this email box will not be accepted.

Click here https://www.dol.gov/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf to view our pay transparency nondiscrimination policy.

California (US) Residents: By submitting an application to Change Healthcare for consideration of any employment opportunity, you acknowledge that you have read and understood Change Healthcare’s Privacy Notice to California Job Applicants Regarding the Collection of Personal Information.

Change Healthcare maintains a drug free workplace and conducts pre-employment drug-testing, where applicable, in accordance with federal, state and local laws.