Apply now »

Lead Security GRC Analyst

About Providence

Providence, one of the US’s largest not-for-profit healthcare systems, is committed to high quality, compassionate healthcare for all. Driven by the belief that health is a human right and the vision, ‘Health for a better world’, Providence and its 121,000 caregivers strive to provide everyone access to affordable quality care and services.

Providence has a network of 51 hospitals, 1,000+ care clinics, senior services, supportive housing, and other health and educational services in the US.

Providence India is bringing to fruition the transformational shift of the healthcare ecosystem to Health 2.0. The India center will have focused efforts around healthcare technology and innovation, and play a vital role in driving digital transformation of health systems for improved patient outcomes and experiences, caregiver efficiency, and running the business of Providence at scale.


Why Us?

  • Best In-class Benefits
  • Inclusive Leadership
  • Reimagining Healthcare
  • Competitive Pay
  • Supportive Reporting Relation

Job Description – Lead, Third-Party Risk Management (TPRM)

Role Summary

The Lead – Third-Party Risk Management (TPRM) is responsible for leading and operating the organization’s third-party cybersecurity risk management program. This role ensures that cybersecurity risks introduced by vendors, suppliers, and partners are identified, assessed, monitored, and mitigated in alignment with enterprise risk appetite, regulatory requirements, and internal security standards.

The role provides hands-on program ownership, strong stakeholder coordination, and governance oversight across the complete third-party risk lifecycle, including onboarding, due diligence, periodic assessments, remediation tracking, renewals, and off-boarding.

Key Responsibilities

Third-Party Risk Program Ownership

- Lead the end-to-end third-party cybersecurity risk management lifecycle including vendor onboarding, risk assessments, renewals, and off-boarding

- Operationalize enterprise TPRM policies, standards, and minimum security requirements across all third-party engagements

- Define and maintain vendor risk tiering, assessment methodologies, and review frequency based on data sensitivity, criticality, and regulatory impact

- Ensure consistent application of risk assessment processes across business units

Risk Assessment & Issue Management

- Review and validate third-party security assessments, questionnaires, and supporting evidence

- Identify cybersecurity, privacy, and operational risks associated with third-party services

- Drive remediation plans with business owners and vendors for identified gaps and control deficiencies

- Support risk acceptance and exception processes, including documentation and leadership approvals

- Track remediation status, overdue actions, and residual risk

Stakeholder & Cross-Functional Collaboration

- Partner with Procurement, Legal, Privacy, Compliance, IT, and Business Owners throughout the vendor lifecycle

- Provide advisory input during contract reviews to ensure appropriate cybersecurity and data protection clauses are included

- Act as a trusted advisor to business stakeholders on third-party cyber risk implications and mitigation strategies

- Support onboarding of new vendors by guiding business teams through risk assessment requirements

Governance, Reporting & Continuous Monitoring

- Maintain accurate third-party risk records in enterprise GRC / TPRM platforms (e.g., ServiceNow)

- Develop and present executive-level dashboards, metrics, and risk summaries for leadership consumption

- Monitor third-party risk trends, concentration risks, and systemic control gaps

- Support internal and external audits, regulatory reviews, and compliance assessments related to third-party risk

Program Maturity & Continuous Improvement

- Identify opportunities to streamline, automate, and enhance third-party risk processes

- Contribute to the evolution of TPRM policies, standards, and operating procedures

- Support continuous monitoring initiatives and integration of external risk intelligence where applicable

- Drive consistent, scalable, and auditable TPRM practices across the enterprise

Required Skills & Experience

- 8+ years of experience in cybersecurity risk management, GRC, or third-party risk management

- Strong hands-on experience operating or leading TPRM programs in complex enterprise environments

- Solid understanding of security and regulatory frameworks such as NIST CSF, ISO 27001, HIPAA, HITRUST, and PCI-DSS

- Experience working with GRC / TPRM platforms and workflow tools (ServiceNow preferred)

- Strong analytical, documentation, and stakeholder communication skills

- Ability to clearly articulate risk to both technical and non-technical audiences

Preferred Qualifications

- Experience in healthcare or other highly regulated industries

- Professional certifications such as CISA, CRISC, CISM, CISSP, or equivalent

- Experience supporting audits and regulatory engagements related to vendor risk

Key Success Metrics

- Timely completion of third-party risk assessments

- Reduction in high-risk and overdue vendor findings

- Improved audit outcomes and regulatory alignment

- Increased visibility of third-party cyber risk for leadership

- Mature, consistent, and scalable TPRM operations

Providence’s vision to create ‘Health for a Better World’ aids us to provide a fair and equitable workplace for all in our employment, whether temporary, part-time or full time, and to promote individuality and diversity of thought and background, and acknowledge its role in the organization’s success. This makes us committed towards equal employment opportunities, regardless of race, religion or belief, color, ancestry, disability, marital status, gender, sexual orientation, age, nationality, ethnic origin, pregnancy, or related needs, mental or sensory disability, HIV Status, or any other category protected by applicable law. In furtherance to our mission in building a more inclusive and equitable environment, we shall, from time to time, undertake programs to assist, uplift and empower underrepresented groups including but not limited to Women, PWD (Persons with Disabilities), LGTBQ+ (Lesbian, Gay, Transgender, Bisexual or Queer), Veterans and others. We strive to address all forms of discrimination or harassment and provide a safe and confidential process to report any misconduct.

Contact our Integrity hotline also, read our Code of Conduct.

Apply now »