Full Job Description
Look for more than answers.
Patients and Physicians rely on our diagnostic testing, information and services to help them make better healthcare decisions. These are often serious decisions with far-reaching consequences, and require sensitivity, tact and a clear dedication to service. It’s about providing clarity and hope.
As a Senior Security Specialist – Third Party Vendor Risk Management, you will work for the world leader in the industry, with a career where you can expand your skills and knowledge. You’ll have a role where you can act with professionalism, you can inspire colleagues, and you can care about the work we do and the people we serve.
This professional will work from our global headquarters in Secaucus, NJ.
Senior Security Specialist – Third Party Vendor Risk Management, the role:
Quest Diagnostics Third Party Vendor Risk Management Program performs the critical function of assessing the risks of new and existing vendors. The Senior Security Specialist will be responsible for working with business partners and purchasing to evaluate the risk posture of the vendors and to ensure that appropriate risk assessments, the contract and ancillary risk assessment documents are reviewed and implemented.
Perform risk assessments on vendors by analyzing questionnaires, supporting documentation and virtual / on-site audits.
Evaluate third party control effectiveness and review evidence of controls by applying audit, compliance, security, and regulatory framework knowledge and experience, including, but not limited to: HIPAA, PCI, NIST, HITRUST, ISO 27001, SIG, SOC reports, as well as Privacy and other risk domains.
Develop working knowledge of Quest Diagnostics business and operations to ensure alignment of due diligence reviews and risk assessments with business needs.
Provide strategic reporting and metrics in support of demonstrating the effectiveness of the vendor and risk management programs.
Contribute to the third-party risk management program for process enhancements and remediation efforts, as applicable.
Interact with the ERM and Procurement organizations in conducting related IT risk assessments and due diligence activities.
Perform ad-hoc IT risk assessments as required.
Maintain an up-to-date understanding of industry best practices and monitor the legal and regulatory environment for developments that could require changes to our vendor risk program.
Coordinate information security and risk management projects with personnel from the IT organization, lines of business, and other internal departments and organizations.
Manage deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure that appropriate remediation measures have been taken.
Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively and build consensus with teams across organizational lines.
To qualify, the ideal candidate will have the following skills and experience:
In-depth knowledge and understanding of information risk assessment methods, concepts and principles, as a means of relating business needs to security controls
Familiarity with management frameworks, such as PCI, HITRUST, FAIR and National Institute of Standards and Technology (NIST), SSAE 18 / SOC 2, ISO 27001
3+ years of experience with the implementation and support of an IT Security risk management program
B.S. Degree in Computer Systems Engineering, Computer Science, Computer Information Systems or equivalent education and experience required
CTPRP, CTPRA, CISA, CISSP, SSCP, GIAC with risk proficiency and other security-specific certifications preferred
Working knowledge of system design and configuration, vulnerability management, logging, monitoring, system infrastructure / cloud infrastructure (e.g. operating systems, networking devices, configuration)
Audit, compliance or governance experience is preferred.
Strong analytical skills to analyze requirements and relate them to appropriate risk controls.
Ability to interact with all levels of management
Strong written and verbal communication skills are important for this position
A strong customer/client focus, with the ability to manage expectations appropriately, to provide a superior customer/client experience and build long-term relationships
Excellent organizational and time management skills
Highly productive and resourceful, carries “Can do” attitude in approaching challenges, and a true self-starter
Ability to work independently
Join us for competitive benefits and development opportunities in a progressive and supportive environment. Help us improve our service, and the experiences of our patients and colleagues. Work with us and together we can be better.
Your Quest career. Seek it out.
All requirements are subject to possible modifications to reasonably accommodate individuals with disabilities. Quest Diagnostics is an Equal Opportunity Employer: Women / Minorities / Veterans / Disabled / Sexual Orientation / Gender Identity or Citizenship.