Manager, Cybersecurity Governance Risk & Compliance

 Posted 2 hours ago
     
 $118K - $167K per year
  
10+ years experience
Apply Now

Please mention DailyRemote when applying

AI Summary

Lead the operational execution and maturation of the Third-Party Risk Management (TPRM) program, overseeing vendor assessments and contract security reviews. Manage a team of professionals while partnering with cross-functional stakeholders to identify and mitigate cybersecurity risks associated with third parties.

Thank you for considering a career at Ensemble!

Ensemble is a leading provider of technology-enabled revenue cycle management solutions for health systems, including hospitals and affiliated physician groups. They offer end-to-end revenue cycle solutions as well as a comprehensive suite of point solutions to clients across the country.

Ensemble keeps communities healthy by keeping hospitals healthy. We recognize that healthcare requires a human touch, and we believe that every touch should be meaningful. This is why our people are the most important part of who we are. By empowering them to challenge the status quo, we know they will be the difference!

O.N.E Purpose:

  • Customer Obsession: Consistently provide exceptional experiences for our clients, patients, and colleagues by understanding their needs and exceeding their expectations.

  • Embracing New Ideas: Continuously innovate by embracing emerging technology and fostering a culture of creativity and experimentation.

  • Striving for Excellence: Execute at a high level by demonstrating our “Best in KLAS” Ensemble Difference Principles and consistently delivering outstanding results.

The Opportunity:

Job Summary

The Cybersecurity Manager – Third-Party Risk Management (TPRM) is responsible for the operational leadership, effectiveness, and continuous maturation of the organization's Third-Party Risk Management program. Working closely with the Director of TPRM, this role leads a team responsible for vendor risk assessments, contract security reviews, continuous monitoring, remediation governance, and risk reporting activities.

The Manager is accountable for team performance, assessment quality, risk-based decision making, stakeholder engagement, executive reporting, and successful execution of strategic initiatives. This role serves as a key partner to business, technology, legal, compliance, privacy, and procurement stakeholders to ensure vendor risks are identified, evaluated, and managed consistently across the organization.

The ideal candidate is an experienced people leader who thrives in a fast-paced environment, can effectively influence cross-functional stakeholders, and is passionate about building scalable, sustainable cybersecurity and risk management capabilities.

Essential Job Functions

Team Leadership & Development

  • Provide day-to-day leadership, guidance, and oversight for TPRM team members
  • Coach, mentor, and develop team members through performance feedback, career development planning, training opportunities, and formal performance evaluations.
  • Manage team capacity, workload prioritization, resource allocation, and operational challenges to ensure timely delivery of assessments, contract reviews, strategic initiatives, and departmental objectives.
  • Accountable for team performance, service delivery metrics, quality standards, and achievement of operational goals.
  • Lead recruiting, interviewing, onboarding, and performance management activities.
  • Identify staffing, skillset, and resource needs to support current operations and future program growth.
  • Foster a culture of accountability, collaboration, innovation, and continuous improvement.

Third-Party Risk Management Operations

  • Provide operational oversight and quality assurance for third-party risk assessments, contract security reviews, continuous monitoring activities, and risk evaluations, ensuring consistent application of established methodologies and quality standards.
  • Own the operational health of the enterprise third-party portfolio by ensuring assessment service levels, continuous monitoring, remediation tracking, and executive visibility objectives are achieved.
  • Serve as the primary escalation point for complex vendor risk decisions, including risk acceptances, exceptions, compensating controls, remediation plans, and vendor approval recommendations.
  • Provide oversight for contract security reviews and ensure risk-based recommendations for vendor approvals, exceptions, and escalations.
  • Review and approve high-risk assessment findings, risk ratings, remediation recommendations, and exception requests to ensure consistency with enterprise risk standards.
  • Ensure vendor risk decisions and recommendations are documented, defensible, and aligned with enterprise risk tolerance.
  • Collaborate with business stakeholders on critical vendor engagements and initiatives.

Program Development & Governance

  • Lead continuous maturation of the Third-Party Risk Management program through improvements to governance processes, operating models, methodologies, documentation standards, and automation capabilities.
  • Develop, maintain, and improve cybersecurity policies, standards, procedures, and governance frameworks.
  • Identify and implement automation opportunities to improve operational efficiency and program effectiveness.
  • Serve as the primary point of contact for internal and external audit and regulatory requests related to TPRM controls and processes; ensure supporting evidence, documentation, and remediation status are maintained in an audit-ready state.

Artificial Intelligence (AI) Governance

  • Partner with enterprise stakeholders to incorporate AI-related cybersecurity, privacy, legal, compliance, and operational risk considerations into third-party risk management processes.
  • Monitor emerging AI governance expectations and recommend enhancements to assessment methodologies, controls, and governance practices as appropriate.
  • Define and maintain assessment criteria for AI-enabled third parties in partnership with Legal, Privacy, and Compliance.

Strategic Project Leadership

  • Lead strategic initiatives that improve Third-Party Risk Management capabilities, operational efficiency, program maturity, and risk visibility.
  • Develop and execute program roadmaps, establish priorities, coordinate cross-functional stakeholders, remove delivery obstacles, and ensure successful execution of key initiatives.
  • Lead implementation and optimization of supporting technologies, automation solutions, and reporting capabilities.

Executive & Cross-Functional Partnership

  • Serve as a trusted advisor to business leaders by providing practical guidance that enables informed business decisions while protecting the organization.
  • Escalate significant vendor risks and emerging program issues to the Director of TPRM while recommending practical courses of action.
  • Build trusted relationships with stakeholders across Cybersecurity, Legal, Procurement, Privacy, Compliance, Internal Audit, and Technology teams.
  • Own end-to-end executive reporting for the TPRM program (dashboards, KPIs/KRIs, portfolio risk posture) and translate technical risk into business-relevant insights for leadership.
  • Establish operational metrics that demonstrate program effectiveness, efficiency, and risk reduction.
  • Present findings and strategic recommendations to leadership and the Director of TPRM, driving informed decision-making.
  • Translate technical cybersecurity risks into business-focused insights and actionable recommendations.

Employment Qualifications

Required Qualifications

  • Bachelor's degree in Cybersecurity, Information Technology, Information Systems, Computer Science, or a related field, or equivalent combination of education and experience.
  • Minimum 8 years of cybersecurity, risk management, governance, compliance, or third-party risk management experience.
  • Minimum 2-3 years of direct people leadership experience.
  • Experience leading enterprise Third-Party Risk Management programs or significant cybersecurity governance initiatives.
  • Experience developing executive-level reporting, performance metrics, and strategic communications.
  • Demonstrated experience leading teams responsible for complex vendor risk assessments and cybersecurity evaluations.
  • Strong understanding of third-party risk management practices, cybersecurity controls, and risk assessment methodologies.
  • Experience developing policies, standards, and governance processes within cybersecurity or risk management functions.
  • Strong project management, organizational, and analytical skills.
  • Excellent written, verbal, and presentation skills with the ability to communicate effectively to both technical and executive audiences.
  • Ability to balance strategic planning with hands-on execution in a dynamic environment.

Preferred Certifications

One or more of the following certifications is preferred:

  • CISSP (Certified Information Systems Security Professional)
  • CISM (Certified Information Security Manager)
  • CRISC (Certified in Risk and Information Systems Control)
  • CISA (Certified Information Systems Auditor)
  • CCSP (Certified Cloud Security Professional)
  • CCSK (Certificate of Cloud Security Knowledge)

Preferred Qualifications

  • 6–10+ years of experience in cybersecurity, GRC, or vendor risk management.
  • Experience leading or significantly contributing to a mature Third-Party Risk Management or Governance, Risk & Compliance (GRC) program.
  • Experience implementing or optimizing TPRM platforms and related technologies.
  • Experience leading organizational change, process transformation, and automation initiatives within cybersecurity or risk management programs.
  • Experience developing executive dashboards, KPIs and operational reporting for cybersecurity or risk management programs.
  • Experience leading audit readiness, regulatory compliance, and risk reporting initiatives.
  • Knowledge of AI governance principles, AI risk management frameworks, and emerging AI regulations
  • Knowledge of cybersecurity frameworks and standards such as NIST, ISO 27001, HITRUST, SOC 2, CIS Controls, and related industry frameworks.
  • Demonstrated ability to influence stakeholders and drive change without direct authority.
  • This position pays between $118,000-$167,700 based on experience 
  • This is a remote position; however, candidates must be willing and able to travel to and work onsite at client, temporary, or corporate office locations as business needs require.

This posting addresses s state specific requirements to provide pay transparency.  Compensation decisions consider many job-related factors, including but not limited to geographic location; knowledge; skills; relevant experience; education; licensure; internal equity; time in position.  A candidate entry rate of pay does not typically fall at the minimum or maximum of the role’s range.

#LI-LP1

#LI-Remote

Join an award-winning company

Five-time winner of “Best in KLAS” 2020-2022, 2024-2025

Black Book Research's Top Revenue Cycle Management Outsourcing Solution 2021-2024

22 Healthcare Financial Management Association (HFMA) MAP Awards for High Performance in Revenue Cycle 2019-2024

Leader in Everest Group's RCM Operations PEAK Matrix Assessment 2024

Clarivate Healthcare Business Insights (HBI) Revenue Cycle Awards for strong performance 2020, 2022-2023

Energage Top Workplaces USA 2022-2024

Fortune Media Best Workplaces in Healthcare 2024

Monster Top Workplace for Remote Work 2024

Great Place to Work certified 2023-2024

  • Innovation

  • Work-Life Flexibility

  • Leadership

  • Purpose + Values

Bottom line, we believe in empowering people and giving them the tools and resources needed to thrive. A few of those include:

  • Associate Benefits –  We offer a comprehensive benefits package designed to support the physical, emotional, and financial health of you and your family, including healthcare, time off, retirement, and well-being programs. 

  • Our Culture – Ensemble is a place where associates can do their best work and be their best selves. We put people first, last and always. Our culture is rooted in collaboration, growth, and innovation.  

  • Growth – We invest in your professional development. Each associate will earn a professional certification relevant to their field and can obtain tuition reimbursement. 

  • Recognition – We offer quarterly and annual incentive programs for all employees who go beyond and keep raising the bar for themselves and the company. 

Ensemble is an equal employment opportunity employer. It is our policy not to discriminate against any applicant or employee based on race, color, sex, sexual orientation, gender, gender identity, religion, national origin, age, disability, military or veteran status, genetic information or any other basis protected by applicable federal, state, or local laws.  Ensemble also prohibits harassment of applicants or employees based on any of these protected categories.

Ensemble provides reasonable accommodations to qualified individuals with disabilities in accordance with the Americans with Disabilities Act and applicable state and local law. If you require accommodation in the application process, please contact TA@ensemblehp.com.

This posting addresses state specific requirements to provide pay transparency.  Compensation decisions consider many job-related factors, including but not limited to geographic location; knowledge; skills; relevant experience; education; licensure; internal equity; time in position.  A candidate entry rate of pay does not typically fall at the minimum or maximum of the role’s range.

Employment Disclaimers – Ensemble

Similar Jobs

See all Remote Legal jobs →

Personalize your Remote Job Search in 3 Easy Steps!

Discover remote opportunities in Legal

Answer easy questions

Answer easy questions

200,000+ jobs across 15+ categories

Get your best job matches

Get your best job matches

Only hand-screened, legit jobs

Find a remote job faster

Find a remote job faster

No ads, scams, or junk

I was the first applicant for a remote marketing position that got listed on the company website the same day I applied. Had an interview within 48 hours!

Sarah J. — Sarah J. · Marketing Manager ★★★★★ Verified