The IT Risk Analyst will assist in reviewing cybersecurity-related terms and conditions (T&Cs) in contracts with healthcare partners and assess the alignment of existing practices with these T&Cs.

• Create and maintain an inventory of established contracts with healthcare partners and their associated cybersecurity-related T&Cs, identifying any accepted terms that may be misaligned with current practices.
• Evaluate established contracts with vendors and other third parties to determine if appropriate cybersecurity-related T&Cs have been included.
• Assist in developing ‘right to audit’ strategies to audit vendors and other third parties to determine if they are meeting the agreed-upon T&Cs. 
• Provide accurate information about existing cybersecurity practices to support go-to-market activities, such as security questionnaires and assessments from healthcare partners, while maintaining the confidentiality of sensitive company information.
• Monitor and analyze trends in healthcare partners’ cybersecurity requirements, including recurring inquiries or challenges, to gauge and communicate market demands to management.
• Assist in developing and maintaining comprehensive internal and public-facing content (knowledge base) related to existing cybersecurity practices and implemented controls.
• Assist with other relevant activities as needed.

• At least 2 years of experience in a cybersecurity risk or compliance function, preferably supply-chain risk management, or an Associate's degree in a relevant field plus 1 year of experience.
• Strong attention to detail, excellent organizational and time management skills, and the ability to prioritize multiple projects while meeting SLAs.
• Exceptional written and verbal communication skills.
• Customer-centric mindset with strong problem-solving abilities.
• Entry-level cybersecurity certification(s) preferred, though not mandatory.