About this role
Job Summary
As a key member of the Digital Technology Risk Assurance team, the Technology Risk Analyst will leverage their practical knowledge and experience to independently assess and manage technology risks associated with third-party vendors. This role requires a proactive individual capable of tackling complex challenges with minimal guidance, contributing significantly to the organization's overall risk posture.
Essential Functions
Comprehensive Vendor Evaluation: Conduct in-depth evaluations of third-party vendors and service providers, encompassing their financial stability, operational performance, and adherence to regulatory compliance requirements.
Risk Identification and Mitigation: Proactively identify potential technology risks and vulnerabilities within third-party relationships, subsequently developing and implementing effective mitigation strategies and plans.
Cross-Functional Collaboration and Communication: Foster strong collaborative relationships with internal teams, including procurement, legal, IT, and compliance, to ensure a unified and consistent approach to third-party risk management. Communicate and interact effectively and professionally with all stakeholders, including co-workers, management, business partners, and customers.
Compliance and Standards Alignment: Ensure all third-party risk management practices are meticulously aligned with established industry standards, regulatory requirements, and the organization's strategic goals.
Continuous Monitoring and Oversight: Implement and maintain continuous monitoring of third-party performance and compliance through regular audits, reviews, and performance assessments.
Documentation and Record Keeping: Maintain thorough, accurate, and up-to-date records pertaining to all third-party risk management processes and activities.
Organizational Awareness and Best Practices: Actively contribute to raising awareness of critical third-party risk issues and promote best practices across the organization.
Qualifications
Required Experience:
2–4 years in technology risk, cybersecurity, audit, compliance, or third-party risk management.
Experience performing vendor risk assessments, due diligence, and ongoing monitoring.
Working knowledge of risk frameworks (e.g., NIST, ISO 27001).
Strong communication and stakeholder management skills.
Analytical and detail-oriented with the ability to identify and address risk gaps.
Familiarity with GRC or vendor risk management tools.
Preferred Experience:
3+ years of third-party risk management experience, including process or framework improvement.
Professional certifications (CISA, CISM, CRISC, CISSP, CTPRA, etc.).
Experience in regulated industries or familiarity with third-party risk regulations.
Understanding of IT and cybersecurity concepts (cloud, network, application security).
Experience automating TPRM workflows or using GRC platforms (e.g., ServiceNow).
Ability to work across teams such as Legal, Procurement, and Technology.
Experience managing the full vendor risk lifecycle (onboarding through offboarding).
Other facts
About Community Health Systems Professional Services Corporation
Community Health Systems is one of the nation’s leading healthcare providers. Developing and operating healthcare delivery systems across 14 states, CHS is committed to helping people get well and live healthier. CHS affiliates operate 70 acute-care hospitals and more than 1,000 other sites of care, including physician practices, urgent care centers, freestanding emergency departments, occupational medicine clinics, imaging centers, cancer centers and ambulatory surgery centers.
What you'll do
- The Technology Risk Analyst will assess and manage technology risks associated with third-party vendors, conducting evaluations and identifying potential risks. They will also collaborate with internal teams to ensure compliance and maintain thorough documentation.
Ready to join Community Health Systems Professional Services Corporation?
Take the next step in your career journey