Senior Program Manager IT

About R1

R1 is a leading provider of technology-driven solutions that help hospitals and health systems to manage their financial systems and improve patients experience. We are the one company that combines the deep expertise of a global workforce of revenue cycle professionals with the industrys most advanced technology platform encompassing sophisticated analytics Al intelligent automation and workflow orchestration. R1 is a place where we think boldly to create opportunities for everyone to innovate and grow. A place where we partner with purpose through transparency and inclusion. We are a global community of engineers front-line associates healthcare operators and RCM experts that work together to go beyond for all those we serve. Because we know that all this adds up to something more a place where were all together better

R1 India is proud to be recognized amongst Top 25 Best Companies to Work For 2024 by the Great Place sto Work Institute. This is our second consecutive recognition on this prestigious Best Workplaces list building on the Top 50 recognition we achieved in 2023. Our focus on employee wellbeing and inclusion and diversity is demonstrated through prestigious recognitions with R1 India being ranked amongst Best in Healthcare Top 100 Best Companies for Women by Avtar & Seramount and amongst Top 10 Best Workplaces in Health & Wellness. We are committed to transform the healthcare industry with our innovative revenue cycle management services. Our goal is to make healthcare work better for all by enabling efficiency for healthcare systems hospitals and physician practices. With over 30000 employees globally we are about 16000 strong in India with presence in Delhi NCR Hyderabad Bangalore and Chennai. Our inclusive culture ensures that every employee feels valued respected and appreciated with a robust set of employee benefits and engagement activities.

To learn more visit:

Position Title: Sr. Manager - Cybersecurity (Third Party Cyber Risk Management)

Summary: We are seeking an experienced Sr. Manager Third party Cyber Risk Management to lead our Third-party Cybersecurity risk and governance efforts for India/Philippines market of R1 RCM. The Senior Manager Third-Party Cyber Risk Management is responsible for leading and executing the organizations cybersecurity oversight of vendors suppliers partners and other external entities. This role ensures that all third-party relationships align with enterprise security policies regulatory obligations and risk tolerance levels. The individual will own the third-party risk management (TPRM) lifecycle from onboarding and due diligence to continuous monitoring and remediation and will serve as the subject matter expert on vendor security governance.

Key Duties & Responsibilities: -

Program Leadership & Governance

• Design implement and mature the Third-Party Cyber Risk Management Program aligned with frameworks such as NIST CSF ISO 27001 HIPAA CIS Controls and SOC2.

• Develop and maintain policies standards and procedures governing vendor security due diligence onboarding monitoring and offboarding.

• Establish and iterate security exhibit for contracts enforce compliance and iterate wherever needed.

• Lead governance committees or working groups to discuss vendor risk posture key issues and remediation progress with business procurement and legal teams.

• Define and track Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) for vendor risk and present them to leadership and risk committees.

Vendor Risk Assessment & Due Diligence

• Oversee end-to-end third-party risk assessments including questionnaires evidence review and validation of security controls.

• Evaluate vendors against recognized security frameworks (e.g. SOC 2 ISO 27001 PCI DSS NIST CSF HIPAA/HITRUST).

• Manage inherent and residual risk scoring models to prioritize vendors based on business impact and data sensitivity.

• Perform or oversee onsite or virtual vendor audits for high-risk vendors and ensure timely closure of identified gaps.

• Work closely with Procurement and Legal to integrate cybersecurity clauses and right-to-audit provisions in vendor contracts.

Continuous monitoring and remediation:

• Implement and manage continuous monitoring tools and processes (e.g. Security Scorecard Recorded Future) to detect vendor security posture changes.

• Ensure that remediation plans are documented tracked and closed within defined SLAs.

• Coordinate periodic reassessments of critical and high-risk vendors to verify ongoing compliance.

• Manage escalation processes for non-compliant or high-risk vendors including executive reporting and remediation oversight.

• Perform internal audits against client security requirements to proactively prepare and improve organizational security posture

Collaboration and stakeholder management

• Partner with Business Units Procurement Legal Privacy and IT Security teams to ensure security risk is addressed in all third-party engagements.

• Collaborate with Legal Compliance to support external audits and regulatory reviews involving third-party risk.

• Provide subject matter expertise during M&A due diligence supplier transitions or strategic partnerships.

• Deliver training and awareness to business and procurement teams on vendor security best practices.

Reporting and metrics

• Maintain a vendor risk register and ensure accurate documentation of risk decisions exceptions and compensating controls.

• Prepare executive dashboards and periodic reports summarizing vendor risk trends findings and remediation status.

• Support board-level reporting on supply chain and vendor cyber risks.

Qualification:
Bachelors or Masters degree in Technology Cybersecurity Risk Management or a related field.

Experience Skills and Knowledge:

• 7-10 years of total experience in information security risk or compliance roles.

• At least 5 years of direct experience in third-party or vendor cyber risk management.

• Strong understanding of supply chain security cloud vendor assessments data privacy and regulatory compliance (HIPAA PCI DSS GDPR etc.).

• Experience using GRC and vendor risk management platforms (e.g. Archer Audit boardor similar).

• Proven track record of leading remediation governance and cross-functional collaboration across business IT and legal teams. Proven experience managing third-party cybersecurity risk and audit programs at scale.

• Excellent communication skills with ability to interface with clients vendors operational legal and IT leadership.

Key competency profile:

• Certified Information Security Manager (CISM)

• Certified Information Systems Auditor (CISA)

• Certified in Risk and Information Systems Control (CRISC)

• HITRUST CCSFP or ISO 27001 Lead Implementer

Working in an evolving healthcare setting we use our shared expertise to deliver innovative solutions. Our fast-growing team has opportunities to learn and grow through rewarding interactions collaboration and the freedom to explore professional interests.

Our associates are given valuable opportunities to contribute to innovate and create meaningful work that makes an impact in the communities we serve around the world. We also offer a culture of excellence that drives customer success and improves patient care. We believe in giving back to the community and offer a competitive benefits package. To learn more visit:

Visit us on Facebook