PointClickCare is the leading healthcare technology platform enabling meaningful collaboration and access to real-time insights at any stage of a patient’s healthcare journey. PointClickCare’s single platform spans the care continuum, fostering proactive, holistic decision-making and improved outcomes for all. Over 25,000 long-term post-acute care providers, and over 2,700 hospitals use PointClickCare today, enabling care collaboration and value-based care delivery for over 195 million lives across the U.S.

For more information on PointClickCare, please connect with us on Glassdoor and LinkedIn.

Position Summary:

PointClickCare’s Security & Trust group is looking for a Sr. Third-Party Risk Analyst, GRC who will play a fundamental role in operationalizing and maturing our Third-Party Risk Management Program (TPRM) in alignment with our Governance, Risk Management, and Compliance (GRC) initiatives. The successful candidate will be reporting to the Information Security Manager, supporting key initiatives in identifying, assessing, and managing risks in PointClickCare’s third-party ecosystem. The candidate will not only be contributing to the operational excellence of PointClickCare’s TPRM program, but must also be able to research best practices, trends, and methodologies to mature internal processes while tailoring recommendations to align with the organization’s culture and risk appetite. This is an excellent opportunity for anyone who wants to innovate and build upon an existing Risk Management practice at a rapidly growing organization. Please note that all job offers are conditional upon a satisfactory background check.

Key Responsibilities

• Be a point of contact for net new or renewing vendors relationships which may impact the Security posture of PointClickCare, able to balance multiple requests with varying priorities
• Conduct Third-Party Risk Assessments using PointClickCare’s Risk Assessment framework
• Work regularly with stakeholders influencing business decisions for reducing risk to acceptable levels while achieving business objectives
• Collaborate with PointClickCare’s Legal group to identify information security contractual requirements with third parties
• Monitor and track any outstanding risks with third parties and/or internal stakeholders, contributing to our Enterprise Risk Register processes
• Review and comprehend data flow and architectural diagrams, identify, and contextualize risk around implementation, or integrations with, third-party solutions. Consult other subject matters as necessary
• Participate in proof of concept and other technical evaluations of technologies, designs, and solutions, providing recommendations
• Support development and maintenance of the TPRM program’s KPIs, and KRIs
• Participate in the development and enhancement of the Third-Party Risk Management policy, standards, and supporting procedures, with the aim of optimizing our service delivery to the organization while conforming to NIST CSF, NIST 800-53 Moderate Baseline, SOC 1/2, and HITRUST Controls
• Stay abreast of cybersecurity trends, tools, and techniques, which influence the internal development of PointClickCare’s Third-Party Risk Management program
• Support Customer Sales inquiries on security program matters; responding to security assessment questionnaires, Request for Proposals (RFPs) and security agreements

Essential Qualifications

• 3 to 5+ year experience with a mix of IT Security, Risk, Audit or Compliance roles
• Proven working experience performing risk assessments using common security frameworks such as Vendor Security Alliance (VSA), Cloud Assessment Initiative Questionnaire (CAIQ), SIG, SIG-Lite, NIST 800-53 moderate baseline or equivalent.
• Must have a strong understanding or experience across multiple cybersecurity domains (e.g. Policy, Personnel Security, Identity & Access Management, Vulnerability Management, Security Incident Response, Application Security, Encryption, Risk Management, Compliance)
• One or more professional security certifications (e.g. CISSP, CISM, CISA, CRISC, GRCP, CTPRP or similar) is an asset
• Solid background working in a heavily regulated environment (e.g. HIPAA) or worked within security programs aligned to best practice frameworks such as NIST, ISO2700x, HITRUST is an asset
• Hands on experience with Third Party Risk Management or GRC tools are an asset
• Ability to work in fast-paced environment, meeting multiple stakeholders demands, contributing to multiple projects within different lines of business

#LI-JW1

#LI-Remote

Working at PointClickCare goes beyond the resume, because the work we perform makes a true difference in people’s lives. We build innovative healthcare technology for seniors and their caregivers that improve their quality of life and well-being on a daily basis. We believe work is so much more meaningful when you’re doing it with a higher purpose.

For more information on PointClickCare, please visit us on Glassdoor and LinkedIn

It is the policy of PointClickCare to ensure equal employment opportunity without discrimination or harassment on the basis of race, religion, national origin, status, age, sex, sexual orientation, gender identity or expression, marital or domestic/civil partnership status, disability, veteran status, genetic information, or any other basis protected by law. PointClickCare welcomes and encourages applications from people with disabilities. Accommodations are available upon request for candidates taking part in all aspects of the selection process. Please contact [email protected] should you require any accommodations.

When you apply for a position, your information is processed and stored with Lever, in accordance with Lever’s Privacy Policy. We use this information to evaluate your candidacy for the posted position. We also store this information, and may use it in relation to future positions to which you apply, or which we believe may be relevant to you given your background. When we have no ongoing legitimate business need to process your information, we will either delete or anonymize it. If you have any questions about how PointClickCare uses or processes your information, or if you would like to ask to access, correct, or delete your information, please contact PointClickCare’s human resources team: [email protected]