Thank you for considering a career at Bon Secours Mercy Health!
Supports the Cybersecurity Risk and Assurance risk management program by conducting independent and comprehensive assessments of the vendors, service providers and third party companies that manage systems or information for Bon Secours Merch Health to determine the overall effectiveness of its controls and is responsible for identifying opportunities for risk reduction in operational risk management and vendor risk management to include an understanding of third party vendor system use and securing of operating systems, network infrastructure, software applications, web servers, and databases. Makes actionable recommendations to mitigate third party risk. Partner with Audit, Compliance, and Legal to manage cybersecurity third party risk and compliance.Essential Functions (7-10) Statements -
List the essential functions of the job. Essential functions are the reasons a job exists.
Plan and conduct security assessments of BSMH clients third parties' vendors focusing on compliance with regulations, company policies, and internal controls.
Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each third-party software application, system, network or third-party vendor.
Monitor and evaluate third parties' compliance with information technology (IT) security, resilience, and dependability requirements across all capabilities using implemented capabilities.
Use of third-party risk evaluation tools to help reduce organizational cyber risk with third parties
Perform security reviews, identify gaps in security architecture and develop a third-party risk management plan.
Perform risk analysis on third party capabilities (i.e. threat, vulnerability and probability of occurrence) whenever an application or system undergoes a major change.
Compose and presents assessment report containing findings and recommendations and present to BSMH clients
Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
Accountable for partnering with the Business owners in a meaningful and collaborative manner to ensure that as risks are identified, they are managed and/or mitigated in a way that reduces organizational risks and allows for the Mission of BSMH to continue its outreach to the communities it serves.
Participate in Cybersecurity Risk Governance process to provide security risks, mitigations and input on other technical risks.
Draft and provide input into the Cybersecurity Risk Management Framework process activities and related documentation pertaining to third party risk management
Identify opportunities to improve processes and procedures to document the execution of the analysis and assessments of third-party risk management (TPRM)
Supports the development of key performance indicators and reporting key metrics to leadership in a timely manner.
Maintain information systems assurance and accreditation materials for all efforts relating to the third-party risk management that keep the program in line with best practices.
Develop specifications to ensure risk, compliance, and assurance efforts conform with security, resilience, and dependability requirements at the software application, system, and network environment level within the Third-party risk environment.
Contribute to other Cybersecurity Risk and Assurance programs and functions as needed.
All other duties as assigned.
Bon Secours Mercy Health is an equal opportunity employer.
We'll also reward your hard work with:
Scheduled Weekly Hours:
- Comprehensive, affordable medical, dental and vision plans
- Prescription drug coverage
- Flexible spending accounts
- Life insurance w/AD&D
- An employer-matched 403(b) for those who qualify
- Paid time off
- Educational Assistance
- And much more
SS I&T - Info Security
All applicants will receive consideration for employment without regard to race, color, national origin, religion, sex, sexual orientation, gender identity, age, genetic information, or protected veteran status, and will not be discriminated against on the basis of disability. If you'd like to view a copy of the affirmative action plan or policy statement for Mercy Health - Youngstown, Ohio or Bon Secours - Franklin, Virginia; Petersburg, Virginia; and Emporia, Virginia, which are Affirmative Action and Equal Opportunity Employers, please email If you are an individual with a disability and would like to request a reasonable accommodation as part of the employment selection process, please contact The Talent Acquisition Team at