Sentara Healthcare Jobs

Manager -Cybersecurity Third Party Risk

Sentara Healthcare

Manager -Cybersecurity Third Party Risk

Posted 5 Days Ago

Be an Early Applicant

Hiring Remotely in Norfolk, VA, USA

In-Office or Remote

117K-217K Annually

Senior level

Healthtech

The Role

Lead and operate the cybersecurity third‑party risk and enterprise risk program: manage a risk team, run assessments, maintain risk registers and KPIs, coordinate vendor/third‑party assessments, report to executives/board, and drive continuous improvement and remediation in a healthcare environment.

Summary Generated by Built In

City/State

Norfolk, VA

Work Shift

First (Days)

Overview:

Overview

As a Cyber Security Third-Party Risk Manager, you will play a critical role developing, enhancing and executing the third-party risk management program including onboarding, maintenance and ongoing monitoring, and offboarding of third-party suppliers. Your primary responsibilities will include identifying and categorizing third party vendors based on risk, understanding and prioritizing the risks, establishing and enforcing key controls to mitigate the risk, perform continuous monitoring that tracks and reassesses third parties, and ensure third party contractual compliance with Sentara policy and standards. You will also be responsible for negotiating and maintaining the information security exhibit with the vendors through the contracting process.

Key Responsibilities

Regularly interact with all levels of management to present and discuss third-party risk management
Conduct comprehensive risk assessments of third-party vendors based on risk
Manage a team of assessors for performing vendor assessments and vendor contracts negotiations
Analyze and prioritize risks based on their potential impact on the organization’s operations, data, and reputation.
Develop and streamline the third-party risk management process.
Identify and assess vulnerabilities within vendor systems, networks, and applications.
Collaborate with cross-functional teams, including IT, security, and compliance, to develop and implement risk mitigation strategies.
Prepare detailed third-party risk assessment reports, including findings, recommendations, and mitigation plans, for presentation to management.
Maintain accurate and up-to-date documentation of third-party risk assessment activities, findings, and risk treatment plans.
Assist in audits and assessments to demonstrate compliance with cybersecurity standards.

Education:

Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field (preferred)

(OR)

Experience in lieu of Bachelor's Degree- 7+ years of experience in cybersecurity, with at least 3 years in risk management

Certification/Licensure

CISSP (Certified Information Systems Security Professional) (Preferred)
CISM (Certified Information Security Manager)(Preferred)
CRISC (Certified in Risk and Information Systems Control)(Preferred)
CISA (Certified Information Systems Auditor)(Preferred)

Experience

5+ years of experience in cybersecurity, with at least 3 years in risk management with a degree (Required)
7+ years of experience in cybersecurity, with at least 3 years in risk management without a degree) (Required)
Strong understanding of cybersecurity principles, risk assessment methodologies, and threat landscape analysis.
3 years’ experience managing a third-party risk management program and team
Proficiency in performing third-party risk assessments and negotiating contractual security language
Knowledge of regulatory compliance requirements and industry standards.
Excellent analytical and problem-solving skills.
Effective communication and interpersonal abilities to collaborate with multidisciplinary teams.
Experience in healthcare or other highly regulated industries preferred
Deep understanding of cybersecurity frameworks (NIST CSF, NIST 800-53, ISO 27001, HITRUST)
Knowledge of healthcare regulations (HIPAA, HITECH) and their technical requirements
Familiarity with risk assessment methodologies and tools
Understanding of security technologies, controls, and best practices
Experience with GRC (Governance, Risk, and Compliance) platforms such as ServiceNOW, OneTrus

Keyword, Cybersecurity Risk, TPRM Talroo - IT

We provide market-competitive compensation packages, inclusive of base pay, incentives, and benefits. The base pay rate for Full Time employment is:$116,729.60-$216,777.60. Additional compensation may be available for this role such as shift differentials, standby/on-call, overtime, premiums, extra shift incentives, or bonus opportunities.

Benefits: Caring For Your Family and Your Career

• Medical, Dental, Vision plans

• Adoption, Fertility and Surrogacy Reimbursement up to $10,000

• Paid Time Off and Sick Leave

• Paid Parental & Family Caregiver Leave

• Emergency Backup Care

• Long-Term, Short-Term Disability, and Critical Illness plans

• Life Insurance

• 401k/403B with Employer Match

• Tuition Assistance – $5,250/year and discounted educational opportunities through Guild Education

• Student Debt Pay Down – $10,000

• Reimbursement for certifications and free access to complete CEUs and professional development

•Pet Insurance
•Legal Resources Plan
•Colleagues have the opportunity to earn an annual discretionary bonus if established system and employee eligibility criteria is met.

Sentara Health is an equal opportunity employer and prides itself on the diversity and inclusiveness of its close to an almost 30,000-member workforce. Diversity, inclusion, and belonging is a guiding principle of the organization to ensure its workforce reflects the communities it serves.

In support of our mission “to improve health every day,” this is a tobacco-free environment.

For positions that are available as remote work, Sentara Health employs associates in the following states:

Alabama, Delaware, Florida, Georgia, Idaho, Indiana, Kansas, Louisiana, Maine, Maryland, Minnesota, Nebraska, Nevada, New Hampshire, North Carolina, North Dakota, Ohio, Oklahoma, Pennsylvania, South Carolina, South Dakota, Tennessee, Texas, Utah, Virginia, Washington, West Virginia, Wisconsin, and Wyoming.

Skills Required

5+ years of experience in cybersecurity with at least 3 years in risk management (with degree)
7+ years of experience in cybersecurity with at least 3 years in risk management (experience in lieu of degree)
3+ years of experience in a leadership or management role
Deep understanding of cybersecurity frameworks (NIST CSF, NIST 800-53, ISO 27001, HITRUST, NIST 800-171)
Knowledge of healthcare regulations and technical requirements (HIPAA, HITECH, PCI)
Familiarity with risk assessment methodologies and tools
Experience with GRC platforms such as ServiceNOW and OneTrust
Understanding of security technologies, controls, and best practices
Experience in healthcare or other highly regulated industries
CISSP, CISM, CRISC, or CISA certification
Bachelor's degree in Cybersecurity, IT, Computer Science or related field (preferred)

Sentara Healthcare Compensation & Benefits Highlights

The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Sentara Healthcare and has not been reviewed or approved by Sentara Healthcare.

Parental & Family Support — Four weeks of paid parental leave at full base pay and two weeks of job‑protected family caregiver leave support major life and care needs. Emergency back‑up care and reimbursements for infertility, adoption, and surrogacy further bolster family support.
Retirement Support — A 401(A) plan alongside 403(B)/401(K) employer matching is designed to strengthen long‑term financial security. Company‑paid life insurance with buy‑up options adds additional protection for families.
Flexible Benefits — Choice of medical plan designs and dental/vision options enables tailoring coverage to individual needs. An annual election between tuition assistance and student‑loan repayment offers flexibility to align with financial or education priorities.

Learn more about Sentara Healthcare's Compensation & Benefits →

Sentara Healthcare Insights

What's It Like to Work at Sentara Healthcare? Sentara Healthcare Culture & Values Sentara Healthcare Career Growth & Development What's the Work-Life Balance Like at Sentara Healthcare? Sentara Healthcare Leadership & Management Sentara Healthcare Company Growth, Stability & Outlook

View all jobs at Sentara Healthcare

View Sentara Healthcare Profile

Report Job

Am I A Good Fit?

beta

Get Personalized Job Insights.

Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company

HQ: Norfolk, VA

10,975 Employees

Year Founded: 1888

What We Do

Sentara Healthcare celebrates a 130-year history of innovation, compassion and community benefit. Based in Norfolk, VA, Sentara is a diverse not-for-profit family of 12 hospitals, an array of integrated services and a team of nearly 30,000 strong on a mission to improve health every day. This mandate is pursued through a disciplined strategy to achieve Top 10% performance in key measures through shared best practices, transformation of primary care through clinical integration and strategic growth that adds value to the communities we serve in Virginia and North Carolina.