Job Information
HEALTHEQUITY, INC. Director Third Party Risk in DRAPER, Utah
Director Third Party Risk
Job Locations
US-Remote
Our Mission
Our mission is to SAVE AND IMPROVE LIVES BY EMPOWERING HEALTHCARE CONSUMERS. Come be part of remarkable.
Overview
How you can make a difference
The Director of Third-Party Risk is a strategic leadership role responsible for overseeing and evolving the third-party risk management program. This position plays a key role in driving the organization's vision for comprehensive third-party risk management, ensuring alignment with enterprise strategy. The Director will lead a growing team and collaborate cross-functionally to identify, assess, and mitigate risks across cybersecurity, resiliency, financial, and operational domains. By conducting in-depth risk analyses and driving remediations, this role ensures third-party relationships align with the company's risk tolerance and strategic objectives, while fostering a culture of accountability and resilience.
What you'll be doing (Job Duties and Responsibilities)
Third-Party Risk Program Leadership: Develop and execute a Third-Party Risk Management (TPRM) strategy that integrates cybersecurity, resiliency, and financial risks into enterprise objectives.
Oversee third-party risk assessments, including initial due diligence, ongoing monitoring, and periodic reassessments.
Design policies and scalable processes to streamline assessments and automate control assurance.
Identify and proactively address risks, engaging stakeholders to drive effective remediation.
Act as an InfoSec SME, supporting Legal and Procurement in third-party contract negotiations.
Risk Assessment and Remediation: Lead the creation, execution, and automation of security assessments for third-party partners.
Periodically reassess critical third-party risks, applying lessons learned to enhance risk management practices.
Policy and Governance: Establish and maintain policies, procedures, and controls to effectively manage third-party risk.
Ensure compliance with financial services, healthcare, and data privacy regulations (e.g., HIPAA, SOC 2, PCI-DSS, GDPR).
Cross-Functional Collaboration: Partner with Legal, Compliance, Information Security, Procurement, and Business Units to drive risk mitigation strategies and vendor oversight.
Build strong relationships with IT, Security, Procurement, Legal, and Risk stakeholders.
Issue and Incident Management: Identify, assess, and manage third-party security incidents, ensuring timely resolution and reporting.
Support audit inquiries and regulatory reviews to maintain compliance.
Performance and Reporting: Develop risk metrics and dashboards to monitor trends, findings, and program effectiveness.
Vendor Lifecycle Management: Oversee risk-based vendor segmentation, contract risk assessments, and exit strategies for high-risk vendors.
Technology and Automation: Leverage tools and technology to streamline TPRM processes and improve efficiency.
Provide regular risk updates to senior leadership and the board.
What you will need to be successful (Skills, Knowledge, and Experience)
Bachelor's degree in Risk Management, Finance, Information Security, or a related field or equivalent experience.
10+ years of experience in risk management, third-party/vendor risk, compliance, or related fields, with at least 5 years in a leadership role.
Proven experience in third-party risk management frameworks, regulatory requirements, with a strong understanding of technical assurance and holistic risk management.
Experience in developing and driving risk management programs.
Proficiency in risk assessment methodologies, contract risk reviews, and vendor due diligence processes.
Familiarity with risk management platforms (e.g., Archer, ServiceNow, OneTrust) and data analytics tools.
Exceptional leadership,... For full info follow app ication link.