IT Risk & Vendor Management Analyst (IT -- Managed Care)
IT Risk Management Professionals -- are you looking for a rewarding new position with an industry leader with a firm commitment to its employees? Join our team at MultiPlan! Founded in 1980, we are the industry's most comprehensive provider of healthcare cost management solutions. We have almost 1,000,000 healthcare providers under contract, an estimated 70 million consumers accessing our network products, and 45 million claims reduced through our network and non-network solutions each year.
We are currently seeking an experienced IT Risk & Vendor Management Analyst to work in our New York City office. We offer competitive compensation and fantastic benefits, as well as a collegial workplace in a business-casual dress environment. You'll also find plenty of options for professional development and advancement with us. If this sounds like the kind of career move you've been wanting to make, and if you meet our qualifications, we want to talk with you!
As an IT Risk & Vendor Management Analyst, you will support the full life cycle of risk and vendor management activities within the Information Technology department. The analyst will aid senior department management in the development, monitoring, and enforcement of MultiPlan's security policies, standards, and regulatory frameworks to protect the organization against the ever-changing threat landscape while keeping the company compliant with regulatory and legal requirements
Your specific duties in this role will include:
- Develop, maintain, monitor, improve, and enforce appropriate internal controls and policies to protect MultiPlan systems and data.
- Manage Third-Party Risk management program and ensure continual compliance with third-Party Risk Management Policies and Procedures. Identify, manage and mitigate security and compliance gaps related to Third-Parties.
- Evaluate and perform risk assessments on vendor firms, applications, processes, and procedures in accordance with firm risk management policy and Third Party Risk Management (TPRM) Procedures
- Receive, coordinate, manage, track, store, and respond to incoming Third-Party due diligence information requests. Manage and respond to client compliance requests.
- Aid in successful completion of annual audits and certifications (SOC1, SOC2, HITRUST).
- Stay abreast of changes to regulations and compliance guidelines; recommend proactive changes to controls, policies, and procedures to respond to these changes. Advise and assist department management in matters of risk management and vendor processes.
- Assist in implementation and ongoing maintenance of compliance processes in GRC (i.e., vendor management evidence collection, audit tracking).
- Perform internal security risk and compliance assessments in accordance with relevant industry frameworks (e.g., ISO, HITRUST, NIST CSF) and compliance requirements (e.g., SOC 1&2, HIPAA, etc.). Analyze potential risk scenarios and facilitating corrective action plans to ensure controls effectiveness for mitigating exposure to identified risks.
- Provide compliance, risk, and controls expertise to support various information security and compliance initiatives and activities. Collect and maintain evidence of compliance with information security policies and regulatory requirements.
- Aid in the regular review and updating of information security policies, procedures, standards, and other information security related documentation. Assist with the development and implementation of the organization's information security program which includes information security policies, risk assessments, security awareness training, etc.
- Collaborate across the organization on documenting, implementing, monitoring and managing information security controls. Train internal stakeholders on the workflow and the use of GRC processes.
- Ensure compliance with HIPAA regulations and requirements.
- Demonstrate Company's Core Competencies and values held within.
- The position responsibilities outlined above are in no way to be construed as all encompassing. Other duties, responsibilities, and qualifications may be required and/or assigned as necessary.
As an IT Risk & Vendor Management Analyst, you must be highly organized and detail-oriented, with strong analytical, problem solving, and prioritization skills. You should also be able to handle multiple tasks in a fast-paced, deadline-driven environment, both independently and as part of a team. It is also important that you display excellent verbal and written communication and interpersonal skills, as well as the ability to effectively present information and respond to questions from groups of managers and clients
Specific qualifications for the role include:
- Minimum Bachelor's degree in Information Technology, business or a similarly related field coupled with a minimum of three (3) years of experience with control testing, security standards/policy implementation, security audits, security risk management and/or vendor risk assessments.
- Strong compliance/IT controls or audit background
- Strong understanding of security controls, frameworks and practices.
- Thorough understanding of risk management principles and methodologies.
- Understanding of business processes, internal control risk management, IT controls and how they interact together
- Basic understanding of technical aspects of information security
- General knowledge of tools and services commonly employed within information security is a plus.
- Strong SharePoint and Excel skills; proficient with the use of Microsoft Office (Outlook, Word, and PowerPoint)
- Communication (written, verbal and listening), project management, problem solving, trouble-shooting, organizational, goal setting, and time management skills
- Ability to present technical subjects to non-technical audiences.
- Ability to transform abstract and vague regulatory requirements into cohesive actionable compliance tasks.
- Ability to understand policy and procedural documentation as required
- Ability to manage and prioritize multiple concurrent requests while setting realistic expectations with stakeholders.
- Ability to quickly develop a deep knowledge of the company, industry, products and services
- Ability to drive tasks through to completion
- Ability to communicate and present concisely and effectively based on appropriate level of management interaction
- Ability to multi task and work well under pressure with adherence to deadlines and changing priorities
- Ability to handle sensitive information with the highest degree of integrity and confidentiality
- Ability to work independently as well as part of a team at all levels and across all business units
- Individual in this position must be able to work in a standard office environment which requires sitting and viewing monitor(s) for extended periods of time, operating standard office equipment such as, but not limited to, a keyboard, copier and telephone
As an IT Risk & Vendor Management Analyst with MultiPlan, you will be part of an organization with a proud 30-year legacy of experience and growth. We realize that our employees are instrumental to our success, and we reward them accordingly with very competitive compensation and benefits packages, an incentive bonus program, as well as recognition and awards programs. Our work environment is friendly and supportive, and we offer flexible schedules whenever possible, as well as a wide range of live and web-based professional development and educational programs to prepare you for advancement opportunities.
Your benefits will include:
- Medical, dental, and vision coverage
- Life insurance
- Optional and dependent life insurance
- Short- and long-term disability
- Paid time off
- Paid company holidays
- Tuition reimbursement
- Flexible Spending Account
- Employee Assistance Program
Opportunity. Recognition. Satisfaction. Grow your career with MultiPlan!
As an Equal Opportunity Employer, the Company will provide equal consideration to all employees and job candidates without regard to sex, age, race, marital status, sexual orientation, religion, national origin, citizenship status, physical or mental disability, political affiliation, service in the Armed Forces of the United States, or any other characteristic protected by federal, state, or local law.
IT & Technical