Job Details

Engineer, Cybersecurity

The Engineer, Cybersecurity will serve as the subject matter expert (SME) for Third-Party Risk Management (TPRM) at Ensemble Health Partners. This role is responsible for leading the maturity and execution of enterprise-wide TPRM processes, including vendor risk assessments, platform administration, and reporting. The selected candidate will drive integration of the Prevalent tool into existing governance workflows and collaborate across risk, audit, compliance, and information security teams to ensure a robust vendor risk posture.

Core Responsibilities

• Serve as the TPRM SME, leading the development and execution of vendor risk management processes.
• Administer and optimize the Prevalent platform, including questionnaire workflows, risk scoring, reporting, and escalation procedures.
• Collaborate with stakeholders across risk, audit, compliance, and security to align third-party risk controls with enterprise governance.
• Develop and maintain SOPs for vendor onboarding, classification, reassessment, and issue remediation.
• Monitor and report on vendor risk metrics, including SLA adherence, remediation timelines, and risk trends.
• Lead cybersecurity tabletop exercises involving third-party breach scenarios and incident response coordination.
• Coordinate with internal teams and external vendors across multiple time zones and global environments.
• Apply frameworks such as NIST to assess and validate third-party compliance.

Additional Duties

• Manage third-party risk assessments and ensure timely completion of vendor reviews.
• Develop and maintain a repeatable reporting strategy for distributing vendor risk insights to leadership.
• Coordinate with procurement and legal teams to ensure third-party contracts align with cybersecurity requirements.
• Establish and maintain a metrics framework to measure the effectiveness of TPRM activities and vendor compliance.
• Collaborate with internal teams to remediate identified third-party risks and track resolution progress.
• Continuously evaluate and improve TPRM processes to align with evolving regulatory and business requirements.

Qualifications, Skills, and Experience

• 23 years of professional experience in Third-Party Risk Management or vendor risk operations.
• Hands-on experience with Prevalent or similar TPRM platforms.
• Strong understanding of GRC frameworks and their application to third-party risk.
• Strong understanding of NIST CSF, SOC 2 Type II, and HITRUST
• Bachelor's or Master's degree in Computer Science, Cybersecurity, or related field.
• 35 years of experience in Information Security, preferably in healthcare or vendor-heavy environments.
• Proven success managing vendor risk programs, including assessments, reporting, and remediation.