Welcome to the new standard of healthcare! Premise Health is the world’s leading healthcare access provider. We deliver purpose-driven career experiences in a culture-centric work environment—ensuring that employees at the nation's best companies get, stay, and be well. In a changing healthcare environment, we know there's a better way for organizations to help their people live healthier lives by delivering the right care at the right time, right where they work. Partnered with visionary organizations around the globe, we offer a broad range of healthcare services and deliver an effortless patient experience that raises the bar, lowers costs, and redefines the meaning of quality care. By shifting the conversation from cost to return and from treatment to prevention, we are committed to help people, their families, and the organizations they work for be at their best. We are looking for a Manager of Governance, Risk Management, and Compliance (GRC) Vendor Risk Management to work at our Corporate office in Brentwood, TN! If you possess a “whatever it takes attitude” keep reading. It’s hard to pinpoint a “typical” day here (and who wants typical anyway?), but as a member of Premise Health’s IT Governance, Risk, & Compliance (GRC) team, the GRC Vendor Risk Management (VRM) Manager oversees the Vendor Assessment, Remediation, and Risk Management program. The GRC VRM Manager regulates risk management systems across platforms and identifies opportunities for automation. The GRC VRM Manager also regularly interacts with external vendors, business partners, and third parties. This position manages at least one direct report. This position is in Franklin, TN. What You’ll Do for Us: Responsible for administering, maintaining, and optimizing vendor risk management platform, as well as; evaluates and implements additional toolsets or features Continuously improves, streamlines, and automates internal and external workflows within the vendor risk management toolsets and enterprise workflow tools Aligns assessment criteria and contractual terms with requirements of Premise Health for vendors and third-parties Responsible for risk management of all Premise Health vendors including compliance, scheduling, and issue reporting and remediation Tracks all external risks/issues including remediation efforts Identifies potential investment risks (e.g. asset types and values, legal and ownership structures, professional reputations, customer bases, industry segments) Evaluates vendor risk assessment results and delivers decisions and recommendations to business stakeholders Creates program dashboard reports within vendor risk management platform to present program data used for internal decision-making Coordinates vendor pen testing with IT Security Engineering; documents testing requirements Analyzes budget needs for contracted services Manages multiple partnerships and contract resources used in support of the vendor risk management program Partners with external consultants to develop risk-assessment models Coordinates vendor assessment demands; serves as internal point of contact for third party security authorizations Education: Bachelor’s or master’s degree from an accredited university preferred, or equivalent work experience.) CISA or CISSP is strongly preferred. Certification will be required for candidates who do not currently possess it. Experience: 5-10 years of experience in IT security/IT risk management (IT, healthcare, or federal sectors are pluses) At least 5 years of direct experience in vendor/third-party risk management Experience with standard GRC products (e.g. ProcessUnity, ServiceNow, Archer, RSAM) Experience with BCP/DR programs At least 3 years of managerial experience Knowledge and Skills: Knowledge of standard GRC products (e.g. ServiceNow, Archer, RSAM) and ability to manage/administer such enterprise platforms Knowledge of emerging trends tools, methodologies and best practices in information technology Knowledge of Information Security principles, policies, and practices; web application security; information controls and audit methodology for business systems and data processing environments Knowledge of IT risk controls and compliance frameworks (e.g. SOC2, ISO 27001, NIST 800 series, ITIL) Knowledge of risk management theory, industry best practices, and quality frameworks (e.g. ISO, Lean Six Sigma, CMMi and ITIL) Strong working knowledge and application of Microsoft Office Suite (Word, Excel, PowerPoint, SharePoint) Working knowledge of key compliancy regulations and requirements specific to HIPAA, HITRUST, and PCI-DSS Exceptional written, presentation and oral communication skills Ability to work with teams and management on complex projects Ability to work in a team-oriented, collaborative environment Ability to learn and research new concepts, ideas, and technologies quickly Ability taking a concept from idea to completion What We’ll Do for You: At Premise Health, you’re not an employee – you’re a team member. We have health centers, pharmacies, fitness centers and offices scattered across the country, but we’re all working together to deliver exemplary and delightful service to our clients, their employees and family members. We’re proud of the culture we’ve built, and we aim to assist our team members in living their best life – in and out of the workplace. That’s why you’ll find us taking a yoga class together or starting a book club. We know that we can only help people get, stay, and be well if we do the same for ourselves. We’re also not afraid to share what we’re up to – check out some of our smiling faces. As an employer, we want to compensate you for the work you do with more than a paycheck (although you’ll get one of those too). Premise Health offers competitive benefits packages including medical, dental, vision, life insurance, 401(k), paid holidays and vacation time, and a company-sponsored wellness program. We are an equal opportunity employer of nice people and value inclusion at our company. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.