Enterprise Third Party Risk Manager (REMOTE)

Job Summary

This role serves as a senior-level consultant with experience implementing and influencing the adoption of Third-Party risk management (TPRM) capabilities. TPRM is a critical function needed to both ensure value creation and management of financial, information security, legal, operational, regulatory/contractual, reputation and strategic risks. The role helps ensure the GuideWell enterprise employs a responsive, targeted enterprise-wide framework to evaluate, respond to, and monitor third party risk. Incumbents may directly manage a small number of direct reports; the primary function of the role is consulting.

What You Will Be Doing:

• The essential functions listed represent the major duties of this role, additional duties may be assigned.
• Manages work related to the third-party risk management program, including ensuring policies and procedures are in place to enable effective oversight of the overall Enterprise Third-party Risk Management program.
• Interacts with third-parties as point of contact for all third-party reviews relating to the following control and process areas: information technology/security, operational, business resiliency, and regulatory/contractual compliance. Where appropriate, facilitate and ensure successful completion of those reviews through internal or vendor-supplied subject matter experts
• Develops ongoing integration with Procurement, BEIC, Information Technology and operations management to identify and assess third-party risks and to develop and implement solutions that meet business needs and timeframes.
• Acts as third-party risk subject matter expert in performing due diligence reviews for potential business partners to determine the adequacy of financial, operational and IT internal controls.
• Play a Second Line-of-Defense role with respect to third party activities (Onboarding, Due Diligence, Monitoring, Termination Plans, Off-boarding) that includes performing annual risk assessments of third-parties across the following risk domains: financial, legal, information security, regulatory/contractual compliance, operational, reputational and strategic.
• Monitors, facilitates and ensures compliance with applicable laws, regulations, other government mandates, professional standards, conformance to industry best practices and relevance to the Company's business and IT and Information Security environments.
• Works through complexities associated with coordination across multiple areas, conflicting efforts, and limited resources.
• Develops and sponsors tactics to achieve business unit objectives.

What You Must Have:

6+ years related work experience OR 3+ years of relevant Big Four work experience may be considered. Experience Details: Third-party risk management related experience that includes exposure to Information Security, Technology and Operational process assessments, including 3 or more years recent IT audit or third-party risk management activities.

Related Bachelor's degree or additional related equivalent work experience Accounting, Finance, Risk Management, Accounting Information Systems, Computer Information Systems or related field

Additional Required Qualifications

At least one of the following: Certified Information Systems Auditor (CISA) or Certified Internal Auditor (CIA) or Certified Third-Party Risk Management Professional (C3PRMP) or Certified Third Party Risk Professional (CTPRP) Extensive knowledge of information security concepts, practices, and tools. Broad knowledge of health care industry practices and applicable regulatory requirements. Proven ability to maintain confidentiality regarding sensitive information. Broad knowledge of the Third-Party Management Life Cycle and associated procurement functions. Broad knowledge of the Three Lines of Defense Risk Management and Controls Assessment Model. Strong business-focused decision making and problem-solving skills. Excellent interpersonal and leadership skills with a demonstrated ability to establish relationships with senior executives across all business units.

What We Would Prefer You Have:

Experience at a regional or international accounting and/or consulting firm. Additional certifications that may include Certified Information Systems Auditor (CISA) or Certified Internal Auditor (CIA) or Certified Third-Party Risk Manager (CTPRM) Familiarity with a Governance, Risk and Compliance suite of tools, preferably RSA Archer Third-party Risk Management use case.

General Physical Demands

Sedentary work: Exerting up to 10 pounds of force occasionally to move objects. Jobs are sedentary if traversing activities are required only occasionally.

Physical/Environmental Activities

Must be able to travel to multiple locations for work (i.e. travel to attend meetings, events, conferences). Occasionally

We are an Equal Opportunity/Protected Veteran/Disabled Employer committed to creating a diverse, inclusive and equitable culture for our employees and communities.