Cyber Risk Assessor

Labcorp has an exciting opportunity for an experienced third-party risk professional to join our Cyber GRC team, within the Office of Information Security. This individual will be responsible for performing third party risk assessments of our vendors and also supporting the risk operations team with all aspects of the Cyber Risk program. This individual will also be hands on in supporting the identification of control gaps, remediation of issues, and influencing business decisions.
This position supports a global business dedicated to improving health and improving lives; as such, the individual will be expected to operate with a high level of integrity, be professional, and always work in the best interest of the company, its customers, and its stakeholders. Labcorp is looking for a collaborative self-starter to integrate into the business workflow providing guidance, oversight, and actionable risk analysis to enable the business to achieve their objectives in a secure manner, while maintaining compliance and ensuring patient safety.
Responsibilities:
Risk Assessment and Analysis:

• Conduct thorough risk assessments of third-party vendors to identify potential cybersecurity and compliance risks. Manage the entire assessment process for new and existing third parties, including scheduling, coordination, and review.
• Examine SOC and HITRUST reports, vulnerability assessments, policies, procedures, and standard documents to evaluate compliance. This involves reviewing system configurations, security protocols, access controls, encryption measures, and incident response plans.

• Monitor and manage issues identified during assessments, collaborating with business owners and risk analysts to develop and track remediation plans. Document and communicate issues, resolutions, and improvements to enhance the overall risk management process.
• Review internal policy deviation requests and document evaluate risk acceptance requests.

TPRM Advocacy and Program Support:

• Serve as the go-to contact for assessment related inquiries and support business teams throughout the TPRM lifecycle. Develop and maintain positive relationships with stakeholders from various departments and lines of business and educate them on the TPRM process.
• Support on going education to enterprise relating to the over risk operations and risk acceptance process.

Quality and Improvement:

• Participate in quality peer reviews to ensure high standards and continuous improvement.
• Contribute to the ongoing development and improvement of the TPRM program, including processes, frameworks, and risk indicators.
• Promote a risk-aware culture and ensure adherence to internal standards and regulations for effective risk and compliance management.

Knowledge and Expertise:

• Maintain broad knowledge of best practices and trends in Third-Party Risk Management through continuous learning and research.
• Handle confidential and sensitive information with the utmost integrity and discretion.
• Communicate effectively with all levels of the organization, tailoring messages and explanations to different audiences.

Teamwork and Collaboration:

• Manage responsibilities effectively and take ownership of tasks.
• Work seamlessly with team members to achieve shared goals and resolve issues.
• Assist management in the design and delivery of organizational training and education in support of the overall Risk Operations program.

Requirements:

• 5+ years of proven experience in third-party risk management or a related field.
• Strong analytical skills and attention to detail.
• Certifications such as CRISC, CTPRP, or equivalent.
• Have experience with industry frameworks and regulations (e.g. NIST, PCI, HIPAA).
• Keep abreast of cyber, information security, technology, and associated trends and risks, as well as an understanding of existing and upcoming regulations.
• Be able to present risks and recommendations in business oriented terms.
• Possess strong written and verbal communication skills, and the ability to adjust communication style for the audience.
• Build and maintain effective relationships across the organization.
• Effectively manage competing priorities.
• Be passionate about their work and supporting customers.

Education:

• Bachelor's degree in a relevant field (e.g., cybersecurity, information technology, risk management, business administration).

Labcorp is proud to be an Equal Opportunity Employer:
As an EOE/AA employer, Labcorp strives for diversity and inclusion in the workforce and does not tolerate harassment or discrimination of any kind. We make employment decisions based on the needs of our business and the qualifications of the individual and do not discriminate based upon race, religion, color, national origin, gender (including pregnancy or other medical conditions/needs), family or parental status, marital, civil union or domestic partnership status, sexual orientation, gender identity, gender expression, personal appearance, age, veteran status, disability, genetic information, or any other legally protected characteristic. We encourage all to apply.
For more information about how we collect and store your personal data, please see our Privacy Statement.