Third shift h1.location_city

Third Party Risk Analyst (TPRA)

For more than 45 years, Careington International has been a leader in the health and wellness benefits space. Since its founding in 1979, Careington has been delivering dental discount solutions as its core competency. Today, Careington has expanded to offer a growing portfolio of 150+ health, wellness, lifestyle and virtual health products and services designed to deliver cost savings across a spectrum of life needs. Through its affiliated nationally licensed third-party administrator (TPA), Careington also delivers full-scale administrative services, including customer service, licensed enrollment, claims administration, individual and group billing, and more.

We are based in Frisco, TX and employ prospective candidates that are open to a Hybrid work environment, three days per week in the office, two from home. If you are looking for a great company culture filled with rewarding career advancement opportunities, this is the place for you.

The Third Party Risk Analyst is responsible for supporting the organization's Vendor Management and Third-Party Risk Management (TPRM) programs. This position plays a crucial role in evaluating vendor relationships, conducting risk assessments, and ensuring compliance with relevant laws, regulations, and internal standards. The ideal candidate combines strong analytical, organizational, and communication skills with hands-on experience in risk identification, mitigation, and reporting.

Key Responsibilities:

• Vendor Management & Strategy
• Support the development and maintenance of the vendor management framework, including policies, procedures, and risk assessment methodologies.
• Vendor contract review and negotiation to review compliance, assess risk, negotiate business terms with vendors, and maximize price efficiency
• Manage and operate vendor risk controls, acceptance processes, and key risk indicator (KRI) reporting.
• Maintain accurate vendor profiles, risk ratings, and performance data within the vendor management platform.
• Collaborate with internal stakeholders to ensure proper vendor selection, contracting, and monitoring processes.
• Responsible for managing service agreements across software, hardware, telecommunications, and other Services.
• Ensure all vendor relationships have metrics to evaluate performance and ensure adherence to SLAs through surveys and scorecards.
• Third Party Risk Assessments
• Conduct risk assessments of new and existing vendors, focusing on financial health, operational resilience, cybersecurity, data privacy, and regulatory compliance.
• Conduct review of vendor third party security attestations (SOC2, ISO, HiTrust) to ensure vendors security aligns with Careington requirements
• Conduct thorough due diligence reviews, including evaluations of documentation and questionnaires, and provide recommendations for mitigating risks.
• Develop corrective action plans and control documentation for identified risks.
• Monitor and evaluate vendor remediation efforts to ensure timely resolution of issues.
• Collaboration & Reporting
• Prepare and deliver risk reports and dashboards for leadership and governance committees.
• In collaboration with Leadership, evaluate, vet, and actively participate in vendor selection and the RFP process.
• Partner with business units to support risk-aware decision-making and continuous improvement of third-party risk practices.
• Participate in vendor incident response and escalation processes.
• Stay current on industry trends, regulatory updates, and emerging risks impacting third-party relationships.

Qualifications:

• Bachelor's degree in Business, Risk Management, Information Security, or related field preferred.
• 3+ years of experience in risk management, vendor management, or compliance, preferably in health insurance or other regulated industry.
• Strong understanding of third-party oversight and regulatory requirements (e.g., PCI, SOC 1 & 2, ISO, HITECH, HIPAA, and data privacy laws).
• Industry certifications such as CTPRP, CTPRA, C3PRMP, TPRA CRISC are a plus
• A strong working knowledge of legal, privacy/security, and technical business requirements (i.e., SLAs and SLOs) Experience using vendor management or GRC (Governance, Risk, and Compliance) platforms.
• Proficient in Microsoft Office Suite.
• Excellent written and verbal communication skills, with the ability to present complex information clearly to different audiences.
• Knowledge of cloud service provider risk management is a plus.
• Ability to travel as business needs require.

Preferred Attributes:

• Strategic and analytical thinker with strong problem-solving abilities.
• Highly organized and meticulous with the ability to manage multiple priorities.
• Collaborative team player comfortable engaging with senior leadership and cross-functional partners.
• Results-oriented, adaptable, and committed to continuous improvement in vendor risk practices.

Equal Opportunity Employer This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.