IT Risk & Vendor Management Analyst (IT -- Managed Care)
IT Risk Management Professionals -- are you looking for a rewarding new position with an industry leader with a firm commitment to its employees? Join our team at MultiPlan! Founded in 1980, we are the industry's most comprehensive provider of healthcare cost management solutions. We have almost 1,000,000 healthcare providers under contract, an estimated 70 million consumers accessing our network products, and 45 million claims reduced through our network and non-network solutions each year.
We are currently seeking an experienced IT Risk & Vendor Management Analyst to work in our New York City office. We offer competitive compensation and fantastic benefits, as well as a collegial workplace in a business-casual dress environment. You'll also find plenty of options for professional development and advancement with us. If this sounds like the kind of career move you've been wanting to make, and if you meet our qualifications, we want to talk with you!
As an IT Risk & Vendor Management Analyst, you will support the full life cycle of risk and vendor management activities within the Information Technology department. The analyst will aid senior department management in the development, monitoring, and enforcement of MultiPlan's security policies, standards, and regulatory frameworks to protect the organization against the ever-changing threat landscape while keeping the company compliant with regulatory and legal requirements
Your specific duties in this role will include:
- Develop, maintain, monitor, improve, and enforce appropriate internal controls and policies to protect MultiPlan systems and data.
- Manage Third-Party Risk management program and ensure continual compliance with third-Party Risk Management Policies and Procedures. Identify, manage and mitigate security and compliance gaps related to Third-Parties.
- Evaluate and perform risk assessments on vendor firms, applications, processes, and procedures in accordance with firm risk management policy and Third Party Risk Management (TPRM) Procedures
- Receive, coordinate, manage, track, store, and respond to incoming Third-Party due diligence information requests. Manage and respond to client compliance requests.
- Aid in successful completion of annual audits and certifications (SOC1, SOC2, HITRUST).
- Stay abreast of changes to regulations and compliance guidelines; recommend proactive changes to controls, policies, and procedures to respond to these changes. Advise and assist department management in matters of risk management and vendor processes.
- Assist in implementation and ongoing maintenance of compliance processes in GRC (i.e., vendor management evidence collection, audit tracking).
- Perform internal security risk and compliance assessments in accordance with relevant industry frameworks (e.g., ISO, HITRUST, NIST CSF) and compliance requirements (e.g., SOC 1&2, HIPAA, etc.). Analyze potential risk scenarios and facilitating corrective action plans to ensure controls effectiveness for mitigating exposure to identified risks.
- Provide compliance, risk, and controls expertise to support various information security and compliance initiatives and activities. Collect and maintain evidence of compliance with information security policies and regulatory requirements.
- Aid in the regular review and updating of information security policies, procedures, standards, and other information security related documentation. Assist with the development and implementation of the organization's information security program which includes information security policies, risk assessments, security awareness training, etc.
- Collaborate across the organization on documenting, implementing, monitoring and managing information security controls. Train internal stakeholders on the workflow and the use of GRC processes.
- Ensure compliance with HIPAA regulations and requirements.
- Demonstrate Company's Core Competencies and values held within.
- The position responsibilities outlined above are in no way to be construed as all encompassing. Other duties, responsibilities, and qualifications may be required and/or assigned as necessary.