Become a part of our caring community and help us put health first
The Third Party Cybersecurity Risk Manager 2 designs and manages strategies and initiatives to manage cybersecurity risks from third-party (i.e., Humana vendors, partner organizations, etc.) entities that may introduce risk to Humana’s cybersecurity risk posture. The Third Party Cybersecurity Risk Manager 2 work assignments are varied and frequently require interpretation and independent determination of the appropriate courses of action.
The Third-Party Cyber Risk Manager 2 supports the ongoing execution of the Third-Party Cyber Risk Management (TPCRM) program with a focus on connection due diligence, risk assessment, and vendor lifecycle governance. This role evaluates risks introduced by third-party connections, ensures appropriate reviews and approvals are completed, and supports the secure onboarding and off-boarding of vendors.
Because these programs are continuously evolving, the analyst must be flexible, adaptive, and proactive in identifying areas for improvement. This role is well-suited to someone who demonstrates a strong bias toward action and task completion, is eager to learn, and can help the team continuously refine processes.
Use your skills to make an impact
Key Responsibilities
Connection Due Diligence & Risk Review
- Review third-party connection requests (VPN, APIs, file transfers, SPO/Teams) for risk implications.
- Assess factors such as data sensitivity, access scope, system exposure, and business criticality.
- Partner with governance teams (TPCRM, DGPO, ETSS, UAC) to validate risks and recommend controls.
- Document and prepare approval packages for senior leadership review.
Vendor Lifecycle Governance
- Support secure onboarding and disengagement processes for third-party vendors.
- Ensure vendor off-boarding actions are fully executed (identity, DNS, credentials, tunnels, API endpoints).
- Track and escalate unresolved issues that pose ongoing risk.
Attestation & Oversight
- Oversee annual vendor attestation cycles by managing contractor output, providing escalation support, and validating results.
- Ensure business owners provide clear rationale for maintaining or terminating connections.
Metrics, Reporting & Process Iteration
- Maintain dashboards and reporting pipelines for leadership visibility (e.g., risk exposures, SLA adherence, escalation counts).
- Identify process inefficiencies and suggest improvements for greater consistency, clarity, and automation.
- Update procedural documentation to ensure accuracy as processes evolve.
Preferred Qualifications
- Bachelor’s degree in Cybersecurity, Information Systems, Risk Management, or related field (or equivalent experience).
- 1–3 years of experience in cybersecurity, IT operations, risk management, or governance (internships or project work acceptable).
- Strong organizational skills with ability to drive tasks to completion and follow through independently.
- Familiarity with risk assessment concepts — e.g., data classification, access risk, system exposure, threat impact.
- Experience with productivity and reporting tools (Microsoft 365, SharePoint, Power BI, OneTrust, ServiceNow/Jira).
- Effective written and verbal communication skills for summarizing risks and providing clear updates to stakeholders.
- Ability to adapt to evolving processes, remain flexible as programs mature, and recommend improvements.
- Bonus: Exposure to vendor risk tools (BitSight, SecurityScorecard, Archer) or automation concepts (Power Automate, RPA).
Remote/WAH requirements:
- WAH requirements: Must have the ability to provide a high speed DSL or cable modem for a home office. Associates or contractors who live and work from home in the state of California will be provided payment for their internet expense.
- A minimum standard speed for optimal performance of 25x10 (25mpbs download x 10mpbs upload) is required.
- Satellite and Wireless Internet service is NOT allowed for this role.
- A dedicated space lacking ongoing interruptions to protect member PHI / HIPAA information
Travel: While this is a remote position, occasional travel to Humana's offices for training or meetings may be required.
Scheduled Weekly Hours
40
Pay Range
The compensation range below reflects a good faith estimate of starting base pay for full time (40 hours per week) employment at the time of posting. The pay range may be higher or lower based on geographic location and individual pay will vary based on demonstrated job related skills, knowledge, experience, education, certifications, etc.
$89,000 - $121,400 per year
This job is eligible for a bonus incentive plan. This incentive opportunity is based upon company and/or individual performance.
Description of Benefits
Humana, Inc. and its affiliated subsidiaries (collectively, “Humana”) offers competitive benefits that support whole-person well-being. Associate benefits are designed to encourage personal wellness and smart healthcare decisions for you and your family while also knowing your life extends outside of work. Among our benefits, Humana provides medical, dental and vision benefits, 401(k) retirement savings plan, time off (including paid time off, company and personal holidays, volunteer time off, paid parental and caregiver leave), short-term and long-term disability, life insurance and many other opportunities.
Application Deadline: 11-15-2025
About us
Humana Inc. (NYSE: HUM) is committed to putting health first – for our teammates, our customers and our company. Through our Humana insurance services and CenterWell healthcare services, we make it easier for the millions of people we serve to achieve their best health – delivering the care and service they need, when they need it. These efforts are leading to a better quality of life for people with Medicare, Medicaid, families, individuals, military service personnel, and communities at large.
Equal Opportunity Employer
It is the policy of Humana not to discriminate against any employee or applicant for employment because of race, color, religion, sex, sexual orientation, gender identity, national origin, age, marital status, genetic information, disability or protected veteran status. It is also the policy of Humana to take affirmative action, in compliance with Section 503 of the Rehabilitation Act and VEVRAA, to employ and to advance in employment individuals with disability or protected veteran status, and to base all employment decisions only on valid job requirements. This policy shall apply to all employment actions, including but not limited to recruitment, hiring, upgrading, promotion, transfer, demotion, layoff, recall, termination, rates of pay or other forms of compensation and selection for training, including apprenticeship, at all levels of employment.