Third Party Risk Analyst, GRC at PointClickCare (Remote)
Sorry, this job was removed at 9:17 p.m. (CST) on Tuesday, April 19, 2022
PointClickCare is the leading healthcare technology platform enabling meaningful collaboration and access to real-time insights at any stage of a patient’s healthcare journey. PointClickCare’s single platform spans the care continuum, fostering proactive, holistic decision-making and improved outcomes for all. Over 25,000 long-term post-acute care providers, and over 2,700 hospitals use PointClickCare today, enabling care collaboration and value-based care delivery for over 195 million lives across the U.S.
For more information on PointClickCare, please connect with us on Glassdoor and LinkedIn.
PointClickCare’s Security & Trust group is looking for a Sr. Third-Party Risk Analyst, GRC who will play a fundamental role in operationalizing and maturing our Third-Party Risk Management Program (TPRM) in alignment with our Governance, Risk Management, and Compliance (GRC) initiatives. The successful candidate will be reporting to the Information Security Manager, supporting key initiatives in identifying, assessing, and managing risks in PointClickCare’s third-party ecosystem. The candidate will not only be contributing to the operational excellence of PointClickCare’s TPRM program, but must also be able to research best practices, trends, and methodologies to mature internal processes while tailoring recommendations to align with the organization’s culture and risk appetite. This is an excellent opportunity for anyone who wants to innovate and build upon an existing Risk Management practice at a rapidly growing organization. Please note that all job offers are conditional upon a satisfactory background check.
- Be a point of contact for net new or renewing vendors relationships which may impact the Security posture of PointClickCare, able to balance multiple requests with varying priorities
- Conduct Third-Party Risk Assessments using PointClickCare’s Risk Assessment framework
- Work regularly with stakeholders influencing business decisions for reducing risk to acceptable levels while achieving business objectives
- Collaborate with PointClickCare’s Legal group to identify information security contractual requirements with third parties
- Monitor and track any outstanding risks with third parties and/or internal stakeholders, contributing to our Enterprise Risk Register processes
- Review and comprehend data flow and architectural diagrams, identify, and contextualize risk around implementation, or integrations with, third-party solutions. Consult other subject matters as necessary
- Participate in proof of concept and other technical evaluations of technologies, designs, and solutions, providing recommendations
- Support development and maintenance of the TPRM program’s KPIs, and KRIs
- Participate in the development and enhancement of the Third-Party Risk Management policy, standards, and supporting procedures, with the aim of optimizing our service delivery to the organization while conforming to NIST CSF, NIST 800-53 Moderate Baseline, SOC 1/2, and HITRUST Controls
- Stay abreast of cybersecurity trends, tools, and techniques, which influence the internal development of PointClickCare’s Third-Party Risk Management program
- Support Customer Sales inquiries on security program matters; responding to security assessment questionnaires, Request for Proposals (RFPs) and security agreements
- 3 to 5+ year experience with a mix of IT Security, Risk, Audit or Compliance roles
- Proven working experience performing risk assessments using common security frameworks such as Vendor Security Alliance (VSA), Cloud Assessment Initiative Questionnaire (CAIQ), SIG, SIG-Lite, NIST 800-53 moderate baseline or equivalent.
- Must have a strong understanding or experience across multiple cybersecurity domains (e.g. Policy, Personnel Security, Identity & Access Management, Vulnerability Management, Security Incident Response, Application Security, Encryption, Risk Management, Compliance)
- One or more professional security certifications (e.g. CISSP, CISM, CISA, CRISC, GRCP, CTPRP or similar) is an asset
- Solid background working in a heavily regulated environment (e.g. HIPAA) or worked within security programs aligned to best practice frameworks such as NIST, ISO2700x, HITRUST is an asset
- Hands on experience with Third Party Risk Management or GRC tools are an asset
- Ability to work in fast-paced environment, meeting multiple stakeholders demands, contributing to multiple projects within different lines of business
Working at PointClickCare goes beyond the resume, because the work we perform makes a true difference in people’s lives. We build innovative healthcare technology for seniors and their caregivers that improve their quality of life and well-being on a daily basis. We believe work is so much more meaningful when you’re doing it with a higher purpose.
For more information on PointClickCare, please visit us on Glassdoor and LinkedIn
It is the policy of PointClickCare to ensure equal employment opportunity without discrimination or harassment on the basis of race, religion, national origin, status, age, sex, sexual orientation, gender identity or expression, marital or domestic/civil partnership status, disability, veteran status, genetic information, or any other basis protected by law. PointClickCare welcomes and encourages applications from people with disabilities. Accommodations are available upon request for candidates taking part in all aspects of the selection process. Please contact [email protected] should you require any accommodations.
More Information on PointClickCare
PointClickCare operates in the Healthtech industry. PointClickCare was founded in 2000. It has 1557 total employees. It offers perks and benefits such as Disability Insurance, Dental Benefits, Health Insurance Benefits, 401(K), Remote Work Program and Paid Holidays. To see all 47 open jobs at PointClickCare, click here.
Read Full Job Description