Security Third Party Specialist

Job Posting Title

Security Third Party Specialist

Agency

807 HEALTH CARE AUTHORITY

Supervisory Organization

Business Enterprises

Job Posting End Date

Refer to the date listed at the top of this posting, if available. Continuous if date is blank.

Note: Applications will be accepted until 11:59 PM on the day prior to the posting end date above.

Estimated Appointment End Date (Continuous if Blank)

Full/Part-Time

Full time

Job Type

Regular

Compensation

$68,049.00 / annual

Job Description

Agency/Division Information

The Oklahoma Health Care Authority (OHCA) works to ensure Oklahomans have access to better health and better care. The agency's core values include passion for purpose, trust and transparency, empowerment and accountability, best in class and outcome-driven, and servant leadership. As part of the interview process, candidates may be required to attend an in-person interview at our Oklahoma City office.

Position Purpose

The Security Third Party Specialist at the Oklahoma Health Care Authority (OHCA) is responsible for ensuring compliance with state and federal regulations while supporting key security and risk management functions targeted towards supply chain and third-party risks. This position provides technical expertise, initiates security program development, manages vulnerability submissions, and vendor security metrics. It plays a critical role in evaluating third-party security documentation, maintaining related security standards, and ensuring the effectiveness of our compliance programs based on NIST 800-53r5. The Security Third Party Specialist collaborates closely with both internal and external stakeholders to mitigate risks, enhance security protocols, and maintain the integrity of organizational processes, aligning with OHCA's core values of accountability, transparency, and excellence. The successful candidate will be able to lead and develop strategies.

Principal Activities May Include:

• Vulnerability management and monitoring; This includes understanding vulnerability management principles and technical scan reports for working with system vendors to review and develop relevant risks metric reports.

• Provide technical expertise and analysis; Keep aware of current industry trends and news to be more proactive in efforts. Be able to handle and interpret more technical questions and information. Must be proficient in data analysis and related tools such as MS Excel to identify issues, trends, patterns, track information and other techniques to achieve objectives and craft usable report summaries. This includes skilled use of formulas, pivot tables, and principles of good design.

• Third Party Document Reviews; Support Business Enterprise projects by providing expertise in reviewing security documentation providing comments and escalation of any issue identified as appropriate. May be required to attend project meetings to clarify comments and listen for other security concerns that may need coordination. Coordination with subject matter experts or stakeholders may be required for detailed issues and resolutions.

• Coordinate workgroup meetings to identify, address, and drive third party risk and issues.

• Coordinate closely with Risk and Compliance Manager to support; Communicate and coordinate effectively with teams to identify support needs.

• Draft and Maintain Security Documentation; This includes, but is not limited to, Standards, Guidance, and Supply Chain Risk Management (SCRM) Plan related to NIST 800-161. Documents shall be reviewed annually or during significant changes for updates and maintenance. Technical concepts should be written at a level commensurate with the audience for the document.

• Other duties as assigned.

To be considered for this position your application must include a resume/CV with complete work and education history.

Education and/or Experience:

• A bachelor's degree AND

• 3 years of professional Information Security experience, preference for being in a federal and/or healthcare environment OR

• An equivalent combination of education and experience, substituting 1 year of qualifying graduate experience in Business or IT Security for each year of the required experience.

Preference may be given to candidates with:

• Certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Health Care Compliance (CHC) Certification, Certified Information Systems Auditor (CISA), or HIPAA Certification.

• Strong knowledge in NIST SP 800 series guidance and control standards.

• Strong knowledge of HIPAA standards for security and privacy.

• Strong experience with supply chain/third party governance programs in a large complex environment.

• Work experience in a federal government and/or healthcare environment.

Physical Demands:

• Must be able to remain sitting for prolonged periods at a desk and working on a computer.
• Must be able to move or lift up to 15 pounds at various times.

Work Environment

The office work environment includes regular exposure to general office equipment such as computer equipment, phones, and copy machines.

Why You'll Love Working Here

At the Oklahoma Health Care Authority (OHCA), we're proud to create a workplace where employees thrive. Named a Top Workplace in Oklahoma for five consecutive years, this achievement reflects the dedication and collaborative spirit of our incredible team. Here's what we offer to support employees and their family:

• Generous state-paid benefit allowance to offset insurance premiums.

• A wide selection of top-tier health insurance plans.

• Optional flexible spending accounts for health care or dependent care expenses.

• Employee Assistance Program (EAP) offering confidential support.

• Wellness benefits, including an on-site gym and fitness center discounts.

• 11 paid holidays annually.

• 15 vacation days and 15 sick days in your first year.

• Retirement Savings Plan with substantial employer contributions.

• Longevity Bonus to reward years of service.

• Public Service Loan Forgiveness eligibility and reimbursement for educational expenses.

• Professional development training opportunities, including CEU support.

Accommodation Statement:

The Oklahoma Health Care Authority complies with applicable State and Federal civil rights laws and does not discriminate. All qualified applicants will receive consideration for employment without regard to race, color, sex, religion, disability, age, national origin, or genetic information. If a reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact the Civil Rights Coordinator at 405-522-7335.

Notice to applicants:

Please add OHCAHR@okhca.org to the address book or "safe-senders" list in your email. All correspondence will come from this address. Be sure to check your junk folder. If you have questions about the status of your application, you can contact the HR team at 405-522-7093.

Note: Applications will be accepted until 11:59 PM on the day prior to the posting end date above.

Current State of Oklahoma employees must apply for open positions internally through Workday Jobs Hub.

Equal Opportunity Employment

The State of Oklahoma is an equal opportunity employer and does not discriminate on the basis of genetic information, race, religion, color, sex, age, national origin, or disability.

Current active State of Oklahoma employees must apply for open positions internally through the Workday Jobs Hub.

If you are needing any extra assistance or have any questions relating to a job you have applied for, please click the link below and find the agency for which you applied for additional information:

Agency Contact