The Manager, Third Party Risk Management will be responsible for establishing, implementing, and or executing GRC Programs that are designed to effectively assess the Governance, Risk, and Compliance of Select Medical and its third parties including associated security policies, standards and guidelines related to all information systems. Responsibilities of this position include the monitoring of compliance to HIPAA, SOX, NIST, SOC, and PCI security requirements as well as the development and maintenance of security policies and procedures. The Manager, Third Party Risk Management will be directly responsible for the successful execution of third party risk assessments and third party risk lifecycle management. They will also be responsible for audit engagements, including the management of third party resources to conduct those audits, and the delivery and communication of third party audit results. The Manager, Third Party Risk Management will provide secondary support for the Information Service Department, while delivering quality customer service.
The Manager, Third Party Risk Management will be expected to effectively leverage their established subject matter expertise to drive progress and to overcome obstacles. This position will be expected to effectively interact with senior business leaders.
The Manager, Third Party Risk Management is challenged with evaluating the effectiveness of the stateof-the art security techniques that are employed to maintain the highest level of security for all platforms and applications maintained by the company. The Manager, Third Party Risk Management will leverage expert evaluation to identify gaps, evaluate the risk those gaps could represent to the organization, develop remediation plans, clearly communicate the risks and remediation plans with senior leadership, and collaborate with multidisciplinary and cross-functional teams to remediate those gaps.
Responsibilities Assess the governance, risk, and compliance aspects of prospective and incumbent third party vendors to ensure compliance to Select Medical requirements. Perform, and ensure the completion of, essential tasks throughout the third party risk management lifecycle (i.e. onboarding through offboarding) designed to assess, identify and mitigate risks that current and former third parties pose to Select Medical. Leverage individual expertise as well as certified third-party opinions to identify gaps, evaluate the risk those gaps could represent to the organization, develop remediation plans, clearly communicate the risks and remediation plans with senior leadership, and collaborate with multidisciplinary and cross-functional teams and third parties to remediate those gaps. Identify information protection goals and objectives within the scope of a strategic plan. Make meaningful contributions to the ongoing development of strategic plans, effectively leveraging their advanced experience to mentor and uplift the entire team. Serve as a trusted subject matter expert to teammates across shared services teams and business customers. Identify opportunities to improve security management practices in alignment with audit requirements and best practices. Keep abreast of “state of the art” security techniques to advise systems designers, users, teammates, and third parties on security methods that best implement stated policy and standards. Provide effective peer review of other team member assessments, audit findings and reports. Recognize and identify areas where existing policies and procedures require change, or where new ones need to be developed, especially regarding future business expansion, recommend ways to improve them to management and lead efforts to implement those plans once approved. Ensure compliance to HIPAA, SOX, and PCI security requirements. Support the mission of and direction of Select Medical Information Services both within the department and throughout the corporation. Build team spirit by assisting and coaching other staff members. Completion of any activities, tasks, and other projects as defined. Ensure all changes comply with the Change Management policies and procedures. Large-scale multi-site IS operations experience. Strong understanding of third-party specific risks and mitigating controls as well as how to effectively assess their efficacy. Strong understanding of HIPAA, Data Privacy, SOX, and PCI Security Regulations. Strong understanding of applicable control frameworks including, NIST RMF/CSF, and Mitre Att&ck a plus. Adept at effectively assessing the needs of Security in alignment with Business requirements; designing and communicating mutually agreeable solutions that satisfy all stakeholder needs. Excellent report writing skills. Experience mentoring junior staff. Healthcare experience a plus. Change Management experience. This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice. Qualifications Education/credentialsBachelor’s degree in BS or BA degree in Business Systems, Computer Science, Security Risk Analysis, Cybersecurity, Information Sciences and Technology or related field or commensurate experience. In lieu of an undergraduate degree, the ratio is 1:1 meaning one year of college is equal to one year of directly related work experience and vice versaJob-related experienceCustomarily has six (6) years of systems or other professional experience.Job-related skills/competenciesConcentra Core Competencies of Service Mentality, Attention to Detail, Sense of Urgency, Initiative and Flexibility Ability to make decisions or solve problems by using logic to identify key facts, explore alternatives, and propose quality solutions Outstanding customer service skills as well as the ability to deal with people in a manner which shows tact and professionalism The ability to properly handle sensitive and confidential information (including HIPAA and PHI) in accordance with federal and state laws and company policies Demonstrated experience constructing, improving and delivering enterprise wide GRC programs with strong, measurable results. Demonstrated experience collaborating with third parties to conduct audits of Information Systems Proven experience making impactful contributions to projects; serving in lead roles on successfully delivered projects while requiring minimal supervision. Trusted subject matter expert with a strong history of delivering high quality work product and requiring minimal supervision of tasks. Demonstrates superior teamwork skills. Strong interpersonal and communication skills a must. Excellent analytical and problem solving skills are essential. Must demonstrate a personal sense of urgency. Must demonstrate a heightened sense of personal ownership and accountability. Proven ability to effectively multi-task and adapt to changing business priorities. Superior customer service skills. Excellent time management and organizational skills are required. Excellent attention to detail. Additional DataEmployee Benefits
401(k) Retirement Plan with Employer MatchMedical, Vision, Prescription, Telehealth, & Dental PlansLife & Disability InsurancePaid Time OffColleague Referral Bonus ProgramTuition ReimbursementCommuter BenefitsDependent Care Spending AccountEmployee DiscountsWe will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation, if required.
*This job requires access to confidential and sensitive information, requiring ongoing discretion and secure information management*
Concentra is an Equal Opportunity Employer, including disability/veterans
Options Apply NowApplyShare Sorry the Share function is not working properly at this moment. Please refresh the page and try again later. Share on your newsfeed Need help finding the right job? We can recommend jobs specifically for you! Click here to get started. Application FAQs