Req ID: 330612
NTT DATA strives to hire exceptional, innovative and passionate individuals who want to grow with us. If you want to be part of an inclusive, adaptable, and forward-thinking organization, apply now.
We are currently seeking a Software Development Senior Specialist to join our team in Bengaluru, Karnātaka (IN-KA), India (IN).
The Third Party Cybersecurity Risk Manager 2 will conduct cyber security risk assessments on Third Parties to Humana or its subsidiaries using a pre-defined security questionnaire. The role will be responsible for evaluating vendor responses, supporting documentation and evidence, identifying potential risk, reporting, and presenting the review for closure. The Third Party Cybersecurity Risk Manager 2 work assignments are varied and frequently require interpretation and independent determination of the appropriate courses of action.
Job Description
The Third Party Cybersecurity Risk Manager 2 will be required to understand the department, segment, and organizational strategy and operating objectives, including their linkages to related areas. Makes decisions regarding own work methods, occasionally in ambiguous situations, and requires minimal direction and receives guidance where needed. Follows established guidelines/procedures. The Third Party Cybersecurity Risk Manager 2 will be responsible for, but not limited to, the following tasks:
• Conduct cyber security risk assessments on Third Parties to Humana or its subsidiaries.
• Provide recommendations to reduce vendor risk and follow-up to ensure remediation plans are timely, effective, and appropriately implemented
• Report engagement status and results, both verbally and in writing, to management
• Review and analyze technologies, processes, documentation, and data to identify any gaps in the effectiveness of TPM cybersecurity controls and operations
• Presenting information, updates, results, etc. to associates and leaders
• Gap Remediation
Additional Job Description
• This role will be performing security risk assessments on our third party vendor population for companies that Humana acquires through the M&A process. Not on the acquired company itself, but the vendors who support their business.
o We are using OneTrust for our GRC platform to perform these assessments.
o The control set we leverage for these reviews is based on the HITRUST framework.
1. Schedule call with vendor to discuss scope of services provided to us, then determine based on the conversation whether an assessment is warranted
2. We send the questionnaire to the vendors, they provide Yes/No/Not Applicable responses to the questions, return the assessment to the assigned assessor with evidence in the form of policies/procedure/implementation
3. The assessor reviews provided evidence to validate the vendor has the proper controls in place
4. Identifies potential risks from not being able to validate controls as in place
5. Hold closing call with vendor to discuss open items
6. Write report about the assessment, create risks within the GRC tool, present to the rest of the team
7. Work with the business to acknowledge the completed assessment
8. Work with the vendor to remediate identified risk to closure
Required Qualifications
• Bachelor’s Degree in Business, Information Technology, or a related field
• Proficient understanding of – and experience with – audit, regulatory requirements, and standards (SOC2, ISO, HITRUST), and other related standards and certification processes required
• A minimum of 3 years’ experience in IT audit, compliance, and/or IT security
• Strong ability to assess urgency and prioritization and make good decisions based upon situational circumstances
• Excellent communication skills with the ability to influence others
• Analytical and problem-solving skills
• Must be passionate about contributing to an organization focused on continuously improving consumer experiences
Preferred Qualifications
• Knowledge of key compliance and IT frameworks such as: SSAE16 SOC2, HITRUST, SOX, etc.
• Healthcare experience a plus but not required
• Additional Industry Certifications: CISA, CISSP, HCISPP, CCSP, CISM, CTPRP, etc.
• Master’s Degree in Computer Science, Information Technology, or a related field
About NTT DATA
NTT DATA is a $30 billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long term success. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure and connectivity. We are one of the leading providers of digital and AI infrastructure in the world. NTT DATA is a part of NTT Group, which invests over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. Visit us at us.nttdata.com
NTT DATA endeavors to make https://us.nttdata.com accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact us at https://us.nttdata.com/en/contact-us. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications. NTT DATA is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status. For our EEO Policy Statement, please click here. If you'd like more information on your EEO rights under the law, please click here. For Pay Transparency information, please click here.