Third-Party Risk Manager, Cybersecurity - Onsite in Dallas, TX or Remote based in US if not local

We are seeking an experienced Third-Party Risk Manager to join Tenet’s Cybersecurity team. The Third-Party Risk Manager plays a critical role in overseeing the assessment, monitoring, and mitigation of cybersecurity risks posed by third-party vendors, partners, and service providers. This role is responsible for leveraging modern approaches to ensure that Tenet makes risk-based decisions about its vendors and that vendor risk posture aligns with its risk appetite and meets regulatory obligations. The Third-Party Risk Manager will collaborate cross-functionally with procurement, legal, IT, compliance, and business unit leaders to mature the third-party risk management program.

Some of the duties and responsibilities of this position include, but are not limited to:

• Develop, manage, and continuously improve the organization’s Third-Party Risk Management (TPRM) program and platform, including policies, procedures, risk methodologies, and performance metrics.
• Lead risk assessments and due diligence processes for new and existing third-party vendors, including IT, business services, SaaS providers, and critical suppliers.
• Build criteria and processes to evaluate AI-based vendor technologies to identify risk exposure.
• Evaluate vendor security practices, policies, and controls using industry frameworks (e.g., NIST CSF).
• Partner with Procurement, Legal, Compliance, IT, and business stakeholders to integrate risk assessments into the vendor lifecycle—from onboarding through termination and to review contracts, Business Associate Agreements (BAAs), and data-sharing agreements.
• Maintain a current and accurate vendor risk inventory and drive the development and execution of corrective action plans for vendors with risks or compliance gaps.
• Oversee the implementation of continuous monitoring controls and ensure timely reassessments of vendor risks.
• Collaborate with Internal Audit and Compliance teams to support external audits, regulatory requests, and risk reporting.
• Prepare executive-level reporting on third-party risk exposure and program effectiveness for GRC leadership and Board-level stakeholders.
• Stay current on emerging regulatory changes, industry standards (e.g., NIST, ISO, HIPAA, HITRUST), and best practices in third-party risk management, providing cybersecurity expertise and support for all IT Audit (SOX, PCI, HIPAA); Security Compliance (Vendor Security Assessments and Security Risk Analysis (SRA)); and Data Compliance (Data Classification and Automated / Continuous) audits.

Education Required:

• Four year degree in any business/ technical area or equivalent experience is preferred
• Certification Preferred - CISSP, CRISC, CTPRP, CTPRA or HCISPP

Required Experience:

The role will require the candidate to have a wide range of both technical and management skills. A minimum of 5-7 years of experience that includes the following:

• 5+ years of experience in third-party/vendor risk management, preferably within highly regulated industries such as healthcare, finance, or technology.
• Strong understanding of GRC frameworks, risk assessment methodologies, and regulatory requirements (e.g., HIPAA, GDPR, SOC 2, NIST CSF).
• Proven ability to communicate complex risk concepts clearly to both technical and non-technical stakeholders.
• Experience managing risk assessment platforms or GRC tools (e.g., Archer, ServiceNow, OneTrust, Prevalent or Safe Security).
• Excellent analytical, organizational, and interpersonal skills. 
• Certifications such CISSP, CRISC, CTPRP, CTPRA or HCISPP
   

Compensation

• Pay: $118,560 - $191,360 annually. Compensation depends on location, qualifications, and experience. 
• Position may be eligible for an Annual Incentive Plan bonus of 10%-40% depending on role level.
• Management level positions may be eligible for sign-on and relocation bonuses.

Benefits

The following benefits are available, subject to employment status:

• Medical, dental, vision, disability, AD&D and life insurance
• Manager Time Off – 20 days per year
• Discretionary 401k match
• 10 paid holidays per year
• Health savings accounts, healthcare & dependent flexible spending accounts
• Employee Assistance program, Employee discount program
• Voluntary benefits include pet insurance, legal insurance, accident and critical illness insurance, long term care, elder & childcare, auto & home insurance.
• For Colorado employees, paid leave in accordance with Colorado’s Healthy Families and Workplaces Act is available. 

#LI-NO2