The PRA Health Sciences Data Privacy and Cybersecurity Office seeks a Third Party Risk Management (TPRM) Analyst to execute and manage projects related to information security third party risks. This role will partner with various Business Units to execute the TPRM program as well as strategize to implement more effective and efficient processes in the future. PRA is a leading contract research organization based in Raleigh, NC. This role will be based in the corporate headquarters and report to the Senior Manager of Cybersecurity Risk Management.
Note: PRA's Data Privacy and Cybersecurity Office believes strongly in continuous education and is supportive of enhancing technical knowledge and skillsets through training and education to bolster our group.
Actively participate in the TPRM lifecycle processes, including planning, due diligence, contract negotiation, ongoing monitoring and termination for concepts pertaining to information security.
Administer and provide support for the Vendor Risk Management software, which includes the maintenance of workflows, assessment templates and other configuration changes in accordance with user requirements.
Facilitate Inherent Risk Assessments and coordinate with prospective vendors in performing Control Assessment Questionnaires pertaining to information security.
Maintain an inventory of third parties using Vendor Risk Management software.
Participate in the development of training and communication materials for key stakeholders of the TPRM program (e.g., Vendor Management teams, Legal, IT, Data Privacy, Quality Assurance).
Track open issues with third parties through closure, and perform ongoing risk monitoring, due diligence and assessments.
Participate in site visits and reviews for vendors, as needed (estimated travel 5-10% annually).
Align third party risk mitigation activities with the cybersecurity risk management strategy in accordance with industry standard frameworks (e.g., NIST RMF and COSO).
Participate in authoring and reviewing information security policies and procedures pertaining to TPRM.
Prepare reports for key stakeholders to provide insight on the effectiveness of the TPRM program.
Perform ancillary tasks to support the strategic mission and objectives of the Data Privacy and Cybersecurity Office, as needed.
Research and stay current on new technical literature applicable to information security and TPRM.
Working technical knowledge of industry best practices and commonly used frameworks & standards (e.g., NIST, COSO, SOC/SSAE18, COBIT, ISO 27001-2).
Possess intermediate-level understanding of risks and controls pertaining to logical security, system development lifecycle, business continuity, disaster backup recovery, data center controls, cloud computing, and privacy (e.g., GDPR).
Proven experience identifying failures or inefficiencies in processes, conflicting business practices and integration issues, and providing alternative solutions.
Experience using GRC, IRM and/or IT Vendor Risk Management software.
Gathering functional requirements for processes and translating them into technical requirements via a solution.
Holds a CISSP, CISM, CISA, CRISC or similar certification.
Bachelor's degree in Computer Science, Information Systems, Cybersecurity, Enterprise Risk Management or related field or equivalent experience.
3+ years in third party risk management and/or cybersecurity or related field.
Strong written and verbal communication skills, including listening and interviewing skills.
Read, write and speak fluent English, with strong documentation and organizational skills.
PRA is an EEO/AA employer and is committed to providing opportunities to minorities, women, veterans and individuals with disabilities.
To qualify, applicants must be legally authorized to work in the United States, and should not require, now or in the future, sponsorship for employment visa status.