The IT Risk Analyst will assist in reviewing cybersecurity-related terms and conditions (T&Cs) in contracts with healthcare partners and assess the alignment of existing practices with these T&Cs.
What will you do?
Create and maintain an inventory of established contracts with healthcare partners and their associated cybersecurity-related T&Cs, identifying any accepted terms that may be misaligned with current practices.
Evaluate established contracts with vendors and other third parties to determine if appropriate cybersecurity-related T&Cs have been included.
Assist in developing ‘right to audit’ strategies to audit vendors and other third parties to determine if they are meeting the agreed-upon T&Cs.
Provide accurate information about existing cybersecurity practices to support go-to-market activities, such as security questionnaires and assessments from healthcare partners, while maintaining the confidentiality of sensitive company information.
Monitor and analyze trends in healthcare partners’ cybersecurity requirements, including recurring inquiries or challenges, to gauge and communicate market demands to management.
Assist in developing and maintaining comprehensive internal and public-facing content (knowledge base) related to existing cybersecurity practices and implemented controls.
Assist with other relevant activities as needed.
Qualifications
At least 2 years of experience in a cybersecurity risk or compliance function, preferably supply-chain risk management, or an Associate's degree in a relevant field plus 1 year of experience.
Strong attention to detail, excellent organizational and time management skills, and the ability to prioritize multiple projects while meeting SLAs.
Exceptional written and verbal communication skills.
Customer-centric mindset with strong problem-solving abilities.
Entry-level cybersecurity certification(s) preferred, though not mandatory.