Job Summary

We are seeking an experienced Third-Party Risk Manager to join Tenet’s Cybersecurity team. The Third-Party Risk Manager plays a critical role in overseeing the assessment, monitoring, and mitigation of cybersecurity risks posed by third-party vendors, partners, and service providers. This role is responsible for leveraging modern approaches to ensure that Tenet makes risk-based decisions about its vendors and that vendor risk posture aligns with its risk appetite and meets regulatory obligations. The Third-Party Risk Manager will collaborate cross-functionally with procurement, legal, IT, compliance, and business unit leaders to mature the third-party risk management program.

Responsibilities

Some of the duties and responsibilities of this position include, but are not limited to:

• Develop, manage, and continuously improve the organization’s Third-Party Risk Management (TPRM) program and platform, including policies, procedures, risk methodologies, and performance metrics.
• Lead risk assessments and due diligence processes for new and existing third-party vendors, including IT, business services, SaaS providers, and critical suppliers.
• Build criteria and processes to evaluate AI-based vendor technologies to identify risk exposure.
• Evaluate vendor security practices, policies, and controls using industry frameworks (e.g., NIST CSF).
• Partner with Procurement, Legal, Compliance, IT, and business stakeholders to integrate risk assessments into the vendor lifecycle—from onboarding through termination and to review contracts, Business Associate Agreements (BAAs), and data-sharing agreements.
• Maintain a current and accurate vendor risk inventory and drive the development and execution of corrective action plans for vendors with risks or compliance gaps.
• Oversee the implementation of continuous monitoring controls and ensure timely reassessments of vendor risks.
• Collaborate with Internal Audit and Compliance teams to support external audits, regulatory requests, and risk reporting.
• Prepare executive-level reporting on third-party risk exposure and program effectiveness for GRC leadership and Board-level stakeholders.
• Stay current on emerging regulatory changes, industry standards (e.g., NIST, ISO, HIPAA, HITRUST), and best practices in third-party risk management, providing cybersecurity expertise and support for all IT Audit (SOX, PCI, HIPAA); Security Compliance (Vendor Security Assessments and Security Risk Analysis (SRA)); and Data Compliance (Data Classification and Automated / Continuous) audits.

Qualifications

Education Required:

• Four year degree in any business/ technical area or equivalent experience is preferred
• Certification Preferred - CISSP, CRISC, CTPRP, CTPRA or HCISPP

Required Experience:

The role will require the candidate to have a wide range of both technical and management skills. A minimum of 5-7 years of experience that includes the following:

• 5+ years of experience in third-party/vendor risk management, preferably within highly regulated industries such as healthcare, finance, or technology.
• Strong understanding of GRC frameworks, risk assessment methodologies, and regulatory requirements (e.g., HIPAA, GDPR, SOC 2, NIST CSF).
• Proven ability to communicate complex risk concepts clearly to both technical and non-technical stakeholders.
• Experience managing risk assessment platforms or GRC tools (e.g., Archer, ServiceNow, OneTrust, Prevalent or Safe Security).
• Excellent analytical, organizational, and interpersonal skills.
• Certifications such CISSP, CRISC, CTPRP, CTPRA or HCISPP
  

Compensation

• Pay: $118,560 - $191,360 annually. Compensation depends on location, qualifications, and experience.
• Position may be eligible for an Annual Incentive Plan bonus of 10%-40% depending on role level.
• Management level positions may be eligible for sign-on and relocation bonuses.

Benefits

The following benefits are available, subject to employment status:

• Medical, dental, vision, disability, AD&D and life insurance
• Manager Time Off – 20 days per year
• Discretionary 401k match
• 10 paid holidays per year
• Health savings accounts, healthcare & dependent flexible spending accounts
• Employee Assistance program, Employee discount program
• Voluntary benefits include pet insurance, legal insurance, accident and critical illness insurance, long term care, elder & childcare, auto & home insurance.
• For Colorado employees, paid leave in accordance with Colorado’s Healthy Families and Workplaces Act is available.

#LI-NO2

Employment practices will not be influenced or affected by an applicant’s or employee’s race, color, religion, sex (including pregnancy), national origin, age, disability, genetic information, sexual orientation, gender identity or expression, veteran status or any other legally protected status. Tenet will make reasonable accommodations for qualified individuals with disabilities unless doing so would result in an undue hardship.
Tenet participates in the E-Verify program. Follow the link below for additional information.
E-Verify: http://www.uscis.gov/e-verify
The employment practices of Tenet Healthcare and its companies comply with all applicable laws and regulations.