HealthEdge

Welcome page

Senior Technical Program Manager - Third Party Risk Management

Job Locations US-Remote
ID
2025-6745
Category
Information Technology
Position Type
Full-Time

Overview

Position Overview: 

The Senior Technical Program Manager for Third Party Risk Management will play a pivotal role in designing, implementing, and maintaining our organization's comprehensive third-party risk management program on an enterprise scale. You'll help ensure our vendor security capabilities are robust, dynamic, and aligned with industry best practices and regulatory requirements by leveraging your deep understanding of third-party risk principles, technical solutions, identity lifecycle management, and advanced risk assessment technologies. 

 

About Center of Excellence: 

Centers of Excellence (COE) are teams whose primary goal is to provide expertise in a specific field. COEs will usually provide support through training, research, and skilled leaders. In the case of HealthEdge, our Centers of Excellence incorporate the Human Resources, IT, Legal and Financial fields, all of which provide support to our Product divisions and allows the enterprise to move forward and achieve its goals. 
 

Your Impact: 

  • As a senior, you have deep knowledge of what great looks like as a TPRM program. You can not only start with the end in mind, but you can help build consensus with stakeholders and develop a plan of action with associated milestones and successfully execute that plan. You can navigate autonomy like a pro and drive programs and platforms that scale without limits. 
  • Strategic Leadership: You'll contribute to developing and communicating a strategic vision for our global third-party risk management program. Alignment of TPRM initiatives with business goals and our AI-first approach is key to our success.
  • Program Design: You'll help design and implement comprehensive third-party risk management frameworks that encompass vendor onboarding, continuous monitoring, MCP risk assessments, best practices in Procure to Pay, and vendor related Incident Response protocols.
  • Risk Management: Identifying and assessing third-party security risks and developing mitigation strategies to reduce those risks is a key skill set for this role. You'll have particular focus on AI/ML vendor risks and emerging technology considerations.
  • Technology Integration: You'll evaluate and drive the implementation of advanced TPRM technologies and solutions, working closely with procurement, legal, IT, and business teams to integrate risk controls into vendor selection and management processes.
  • Identity Lifecycles: You’ll partner closely with stakeholders to design best practices in identity fulfillment, driving technology adoption and workflow processes that embrace least privileged methodologies throughout the employee/contractor lifecycle. 
  • Automation: You'll leverage automation throughout our vendor risk assessment stack so we can make the whole greater than the sum of its parts when it comes to business investments.
  • You'll be laser focused on ensuring best practices are established with all facets of vendor security assessments and the continuous monitoring required for us to be secure. 
  • Stakeholder Management: You'll build bridges throughout our organization, leading with education and building influence. As a senior technical asset on our team, you'll foster a positive and fun environment with a strong emphasis on exceptional collaboration across procurement, legal, and business units. 

What You Bring: 

  • Experience: At least 7 years of experience in information security or risk management, with a focus on third-party risk management.

  • Extensive experience in conducting vendor security assessments and managing enterprise-scale TPRM programs.

  • Direct experience with procurement lifecycle management, not only with technology products but also with services such as contracted resources.

  • Experience with AI/ML vendor ecosystems and associated security considerations. Knowledge of risks and mitigations related to Model Context Protocol.

  • Experience with technical solutions that can facilitate least privileged access throughout multiple use cases. Exposure to integrating those solutions with IDP provider(s) is a big plus. 

  • A solid understanding of security frameworks, compliance requirements (SOC 2, HITRUST, HIPAA), AWS cloud security, and MCP risk assessment methodologies.

  • Experience building scalable and future-proofed TPRM solutions that embrace continuous monitoring and risk-based approaches.

  • Proven ability to influence and drive change across an organization, particularly in vendor selection and management processes.

  • Working knowledge of Identity and Access Management constructs and related solutions.  

Bonus Points: 

  • Knowledge of DevSecOps practices and integrating security assessments into the software development lifecycle.

  • Experience with GRC platforms and automated vendor risk management solutions.

  • Knowledge of emerging technology risks and best practices for assessing novel AI/ML platforms and services. 

HealthEdge commits to building an environment and culture that supports the diverse representation of our teams. We aspire to have an inclusive workplace. We aspire to be a place where all employees have the opportunity to belong, make an impact and deliver excellent software and services to our customers.

 

Geographic Responsibility: While HealthEdge is located in Burlington, MA you may live anywhere in the US 
Type of Employment: Full-time, permanent 

Work Environment: The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job:  

  • The employee is occasionally required to move around the office. Specific vision abilities required by this job include close vision, color vision, peripheral vision, depth perception, and ability to adjust focus.

  • Work across multiple time zones in a hybrid or remote work environment.

  • Long periods of time sitting and/or standing in front of a computer using video technology.

  • May require travel dependent on company needs. 

The above statements are intended to describe the general nature and level of the job being performed by the individual(s) assigned to this position. They are not intended to be an exhaustive list of all duties, responsibilities, and skills required. HealthEdge reserves the right to modify, add, or remove duties and to assign other duties as necessary. In addition, reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this position in compliance with the Americans with Disabilities Act of 1990. Candidates may be required to go through a pre-employment criminal background check. 
 

HealthEdge is an equal opportunity employer. We are committed to workforce diversity and actively encourage all qualified persons to seek employment with us, including, but not limited to, racial and ethnic minorities, women, veterans and persons with disabilities. 

  

#LI-Remote

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed