Appalachian Regional Healthcare

Security Engineer - Vendor Risk Management Analyst

Job Locations US-Hazard | US-WV-Beckley | US-KY-South Williamson | US-KY-West Liberty | US-KY-Middlesboro | US-KY-Harlan | US-KY-Prestonsburg
Requisition ID
# of Openings
Business Professional
Posted Date
1 month ago(7/5/2022 9:53 AM)
Position Type
Regular Full-Time
Information Systems
Day Shift


The Vendor Risk Management Analyst is responsible for maintaining the vendor risk assessment process including the initiation and review of risk questionnaires, vendor soc assessments and independent security reviews. Analyst will be responsible for obtaining a list of existing vendors, risk ranking and performing selective reviews. As new vendors come onboard or as vendors change, security review questionnaires will be distributed. Analyst will track and follow up on all risk assessments.

The Vendor Risk Management Analyst supports the Cybersecurity team with reporting and monitoring of vendor risks, including data collection and analysis, periodic ongoing monitoring and reporting.

The Vendor Risk Management Analyst will also be responsible for keeping track of PCI-DSS compliance.

The position will also be involved in security policy reviews and ad hoc internal security reviews along with preparation of external review of ARH internal processes.


This position is Full-Time – Remote position.


• Inventory and risk rate all vendors.
• Enhance existing questionnaires and audit processes.
• Conduct reviews of existing and new vendors including PCI-DSS required vendors.
• Develop process and procedures for an ongoing vendor risk program.
• Work closely with Compliance and Legal on new and existing contracts.
• Audit internal ARH processes as required.
• Annual security policy reviews.
• Performs other responsibilities or tasks as requested.
Vendor Risk Management Analyst Requirements:
• Education. (Bachelor’s Degree)
• Work experience in a relevant IT role working with cybersecurity concepts & tools or security auditing role.
• Ability to work with stakeholders to assess potential risks.
• Ability to analyze existing security tools and provide software solution recommendations.
• Ability to translate business requirements into non-technical, lay terms.
• High-level written and verbal communication skills.
• Time management skills to work within the timeframe set out by the vendor or organization.
• Ability to work from home. This is full-time remote position.




Bachelor’s Degree or equivalent experience


Minimum Work Experience
5-7 years in a Cybersecurity or Security auditing.
2-5 years’ experience as an Information Security Risk Analyst or Information Security Auditor, preferable in the Healthcare industry.
Strong knowledge of third party assessments, IT risk management regulatory requirements and compliance.
4+ years’ experience in vendor security management, Cybersecurity, Internal Audit or related compliance field
Working knowledge of PCI-DSS requirements.


Required Skills, Knowledge, and Abilities
• Strong knowledge of HIPAA security rule and PCI-DSS standards.
• Strong work ethic, time management, detail oriented.
• Strong written and verbal communication skills.
• Demonstrated ability to meet deliverables on time.
• Proficient PC skills, specifically with business-oriented applications such as Word, Excel and PowerPoint.
• Strong excel skills including pivot tables, the ability to create charts and dashboards.
• Knowledge of risk and controls practices, procedures, and principles.



Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed