EEOC Statement
“Lifepoint Health is an Equal Opportunity Employer. Lifepoint Health is committed to Equal Employment Opportunity for all applicants and employees and complies with all applicable laws prohibiting discrimination and harassment in employment.”
You must be authorized to work in the United States without employer sponsorship.
Work environment and travel requirements
- Onsite: Monday - Thursday (Friday - Remote) - Brentwood, TN
- Travel requirements: Less than 20%
Job Summary
The Cybersecurity Risk Engineer is responsible for providing vendor security oversight through risk-based evaluation, ongoing exposure awareness, and vendor engagements to maintain alignment with LifePoint technical security standards with a primary focus on Technology Review Board (TRB) engagement and Third‑Party (3P) Risk Management. The Cybersecurity Risk Engineer evaluates security risks associated with technologies and vendors, engages directly with third parties to validate controls and remediation plans, and ensures vendor alignment with Lifepoint Health security requirements. The role bridges technical security engineering and governance translating complex technical findings into actionable, risk‑based recommendations for stakeholders.
Essential Function
- Serve as the primary cybersecurity subject matter expert for Technology Review Board (TRB) submissions and discussions.
- Drive vendor security engagement by validating assessment responses, reviewing supporting evidence, and tracking remediation commitments and timelines.
- Perform security risk assessments for new and existing technologies, SaaS platforms, cloud services, and third‑party vendors.
- Evaluate third‑party security posture, including architecture, control maturity, access models, and data handling practices.
- Establish vendor risk conditions for acceptance (e.g., contractual safeguards, monitoring expectations, remediation plans) and communicate these requirements through TRB risk review deliverables.
- Partner with appropriate stakeholders to support third‑party risk decisions.
- Translate technical risks into clear, actionable recommendations for technical and non‑technical stakeholders.
- Maintain risk documentation across company platforms in accordance with policy.
- Support continuous improvement of TRB and third‑party risk workflows, documentation, and efficiency.
- Maintain awareness of emerging threats, third‑party risk trends, and industry best practices.
Job Requirements
- Education: Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Risk Management, or equivalent experience. Master’s Degree a plus.
- Experience: 5+ years in cybersecurity engineering, security architecture, risk management, third‑party risk, or related technical roles.
- Certifications (preferred): CRISC, CCSP, or equivalent certifications.
- Clearances/Background: Able to pass healthcare compliance/background checks.
Required Skills
- Curiosity and willingness to learn new technologies, including AI-enabled security capabilities.
- Strong understanding of cybersecurity principles including cloud security, SaaS risk, identity, data protection, and access models.
- Demonstrated experience performing third‑party/vendor security assessments and communicating risk findings in formal governance processes.
- Familiarity with vendor security assessments, SOC reports, control frameworks, and assurance documentation.
- Ability to communicate risk effectively to technical, operational, and executive audiences.
- Strong analytical and critical‑thinking skills with a risk‑based mindset.
- Proficient use of risk management, governance, collaboration, and documentation tools.
- Ability to work cross‑functionally with cybersecurity, engineering, architecture, and leadership teams.
- Strong written and verbal communication skills.
- Ability to organize and manage multiple assessments and stakeholder engagements simultaneously.
- Ability to follow defined governance processes while identifying improvement opportunities.
Functional Demands
- Ability to sit for extended periods and operate a computer.
- Occasional lifting up to 20 pounds.
- Extended screen time; rapid context switching; occasional high‑stress major‑incident participation.
- Ability to prioritize tasks and manage multiple tickets simultaneously.
- Attention to detail and consistency in documentation.
- Frequent context switching between technical details and risk communication.
- Ability to participate in discussions involving complex or sensitive risk topics.
- Occasional participation in high‑priority risk reviews or governance forums.