The IT Security Specialist will be responsible for supporting the security and privacy aspects of assessments, continuous monitoring, and audits of third-party relationships. Manages and executes the third-party risk assessment process, from initial third-party intake through risk analysis, tracking and remediation of technical, operational, and contractual issues resulting from these relationships. Drives the transformation of the Third-Party Cyber Risk Management program with timely execution of internal and external assessments and relevant communication to all stakeholders.

PRINCIPAL DUTIES AND RESONSIBILITIES

Identify key points of contact, establish communication channels.

Monitor queues and coordinate completion of third-party reviews.

Manage timelines for all phases of review.

Contributes to the development of the information security requirements of vendor and customer contracts to ensure information assets are protected, and all terms follow Fresenius Medical Care standards and compliance obligations.

Ensure all vendor controls meet company standards for confidentiality, integrity, availability, and defense in depth security principles.

Assist in performing & documenting risk assessments with focus on identifying known and unknown vulnerabilities utilizing different assessment techniques.

Assist in developing mitigation strategies for identified vulnerabilities across product lines.

Support the deployment, integration, and initial configuration of all new security solutions and of any enhancements to existing security solutions.

Learns to use professional concepts. Applies company policies and procedures to resolve routine issues.

Works on various third-party risk management problems, following standard practices and procedures in analyzing situations or data.

Understand and stay current on best practices and guidance on achieving security.

Understand and ensure compliance with current and applicable laws and regulations that affect the healthcare industry.

Builds stable working relationships internally.

Assists with various projects as assigned by direct supervisor.

Performs other duties as assigned.

QUALIFICATIONS:

A critical thinker, able to identify information security deficiencies, frame risks by understanding the nature of third-party engagements, and coordinate acceptable resolution paths for information security issues, incidents, and inquiries.

3-6 years of experience in third-party IT security risk management, including conducting third party security assessments

Bachelor's degree or an equivalent mix of education and experience in Cyber Security, Risk Management and Governance Risk and Compliance.

Strong experience leveraging third party tools (OneTrust preferred).

Strong knowledge of industry frameworks including related regulatory compliance requirements (NIST 800-161, NIST CSF, ISO27001, HITRUST).

Experience with ensuring adherence to both U.S. (e.g., HIPAA) and global data privacy regulations (e.g., GDPR).

Practical knowledge of cybersecurity controls, standards, and best practices.

Understanding of information security testing methods, including vulnerability assessments and penetration testing.

Experience with a global healthcare organization

Amenable in mid-shift schedule and hybrid working setup