Senior Specialist, Information Security Third Party Risk Management

Telecommuter
Office of the Chief Information Officer (COO) – Information Security /
Full Time - Union /
Remote
Planned Parenthood is the nation’s leading provider and advocate of high-quality, affordable sexual and reproductive health care for all people, as well as the nation’s largest provider of sex education. With more than 600 health centers across the country, Planned Parenthood organizations serve all patients with care and compassion, with respect, and without judgment, striving to create equitable access to health care. Through health centers, programs in schools and communities, and online resources, Planned Parenthood is a trusted source of reliable education and information that allows people to make informed health decisions. We do all this because we care passionately about helping people lead healthier lives.

Planned Parenthood Federation of America (PPFA) is a 501(c)(3) charitable organization that supports the independently incorporated Planned Parenthood affiliates operating health centers across the U.S. Planned Parenthood Action Fund is an independent, nonpartisan, not-for-profit membership organization formed as the advocacy and political arm of Planned Parenthood Federation of America. The Action Fund engages in educational, advocacy, and electoral activity, including grassroots organizing, legislative advocacy, and voter education.

Planned Parenthood Federation of America (PPFA) and Planned Parenthood Action Fund (PPAF) seek a dynamic and hands-on Associate Director, Third Party InfoSec Risk. This job reports directly to the National Dir, Security Architect in the Information Security division of PPFA. Information Security provides the strategy and implementation of the information security program that safeguards the data entrusted to Planned Parenthood by its patients, supporters, donors and staff.
Purpose: The Senior Specialist Third Party InfoSec Risk is responsible for applying, collaborating, and supporting the Third Party Risk Management Program strategic vision in the execution of day-to-day functions as it applies to PPFA and Affiliates. The Third Party InfoSec Risk program ensures that new and existing third parties are assessed and meet established Information Security, Compliance, Operational Risk, and Reporting guidelines.

Delivery:

●The Senior Specialist Third Party InfoSec Risk will deliver by utilizing the third-party assessment tools and implementing all processes to support the Third Party Assessment Program for PPFA and Affiliates.
●Educate staff and Affiliates on the importance of Third Party Risk Management, the third-party risk management due diligence process, and how to leverage the results of the third-party assessment tools.
●Using Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs), including Service Level Agreements (SLA) and risk ratings, proactively monitor the performance of the Program, escalating issues to management as appropriate.
●Develop a long-term dynamic strategy for the growth and maturation of the third-party risk management program in conjunction with rising novel cybersecurity threats in the healthcare industry
●Facilitate regular communication concerning third-party performance and risk trends to relevant committees, senior management, and executive sponsors.
●Identify and execute continuous process improvements to drive effective third-party risk capabilities across the Federation.
●Maintain report metrics data around third-party risk management activities on a regular frequency and/or as needed.
●Support the maintenance of a centralized vendor database and repository to centralize information and increase data accuracy and visibility

Engagement:

●The Senior Specialist, Third Party InfoSec Risk will be part of the InfoSec Architecture team and engage with all team members in Information Security, IT Operations, DevSecOps, Architecture, Information Technology, PPFA strategic business partners, and management staff within PPFA.
●Engage with senior-level staff both within PPFA and Affiliates. They will also be leading and mentoring direct and indirect reports as well as managing consultants.
●Works with vendors to drive adherence to third-party risk management process
●Partner with InfoSec Shared Services team on Affiliate engagement framework, communication processes and education sessions for this core service in alignment with the service delivery framework
●Works with the Affiliate leadership to drive processes and communications
●Works with Affiliates to identify remediation options
●Works with external risk review support parties, such as CORL and BitSight, to gather resources for PPFA staff and Affiliates as well as carry out critical risk assessment services
●Works with internal teams to review Vendor Risk replies from Coupa for vendor onboarding

Knowledge, Skills and Abilities (KSAs): 

Reports to the National Director, InfoSec Architect and will work closely with Third Party InfoSec Risk Analyst. Candidates must have knowledge of the tools and processes to provide risk assessment support and mitigation guidance. Bachelor's degree preferred in Information Security, Information Systems, Information Technology or related field, or equivalent experience.
●Bachelor’s degree and 2+ years of experience in a financial services, consulting organization, information security, risk management, or audit role
●Two (2) years of working in third-party risk management, assessment, governance, procurement, or related experience
●Two (2) years of vendor management, supplier management, or related experience
●Experience with program development and implementing standard operating procedures
●Experience in basic contract management which includes reviewing contracts, understanding basic terms and general contract language, especially legal documents that require data privacy and security language
●Ability to work in a dynamic, fast-paced environment, managing competing cross-functional priorities and complex requirements.
●Industry certification preferred (e.g. CISA, CISM, CRISC)

Travel: This is a Telecommuter position and 0-10% travel, as needed

$87,000 - $97,000 a year
Total offer package to include generous vacation + sick leave + paid holidays, individual/family provided medical, dental and vision benefits effective day 1, life insurance, short/long term disability, paid family leave and 401k. We also offer voluntary opt-in for Flexible Spending Account (FSA) and Transportation/Commuter accounts.   

We value a truly diverse workforce and a culture of inclusivity and belonging. Our goal is to attract qualified candidates and encourage applications from all individuals without regard to race, color, religion, sex, national origin, age, disability, veteran status, marital status, sexual orientation, gender identity, or any other characteristic protected by applicable law.  We're committed to creating a dynamic work environment that values diversity and inclusion, respect and integrity, customer focus, and innovation.

PPFA participates in the E-Verify program and is an Equal Opportunity Employer.

#LI-SY1
*PDN-HR

Roles that are denoted as NYC, DC, or both will work a hybrid schedule, requiring 2-3 days per week in the office unless the role is denoted as onsite, which requires working onsite full time or 5 days per week.