Info Sec Engineer IV

Change Healthcare   •  

Nashville, TN

Industry: Healthcare


Less than 5 years

Posted 60 days ago

This job is no longer available.

Change Healthcare is seeking an Information Security Risk Management Analyst to assist in the execution of the Vendor Risk Assessment Program that includes vendor registration, risk assessments, monitoring and issue management, and reporting. Our team is a part of the Information Security organization and partners with our vendors, using an established process, to ensure compliance with the overall program and reduction of information security risks associated with vendors. The right person for this role has a strong drive to solve security challenges in an agile and expanding environment with a desire to implement best-in-class security measures.


  • Engage with stakeholders to drive registration of vendors into GRC platform
  • Initiate assessments per established criteria with outsourced provider and track status
  • Maintain relationships with stakeholders to support completion of assessments
  • Confirm vendor's compliance to security controls using established procedures
  • Analyze and communicate identified risks to stakeholders and organize remediation action plans including tracking risks to closure
  • Conduct assessments of offshore vendor facilities as directed
  • Deliver monthly metric risk reporting to leadership
  • Manage audit requests as they pertain to the program
  • Identify process improvement opportunities

Knowledge/Skill Sets

  • Willing and able to deliver challenging messages to stakeholders in a diplomatic fashion
  • Able to explain security controls to individuals who are not security experts
  • Able to identify alternative methods for achieving compliance to required controls
  • Able to establish strong working relationships with IT teams, internal business customers, external customers, and peers
  • Excellent written and oral skills
  • Strong time management skills/flexible work style to prioritize work efforts
  • Solid knowledge of information security and information systems standards and practices
  • 2-5 years of experience in a risk management, security assessment, or internal audit capacity
  • Knowledge of common InfoSec regulation & frameworks (PCI, HIPAA, ISO 27001, HITRUST, FISMA) is a plus
  • Experience executing audit plans or performing assessments using defined control frameworks is a plus
  • Experience with Lockpath Keylight GRC suite is a plus


  • Bachelor's degree (Computer Science preferred) or equivalent work experience in information systems/security, audit, or vendor risk management required