Engineer, Cyber Security Risk

EEOC Statement

Lifepoint Health is an Equal Opportunity Employer. Lifepoint Health is committed to Equal Employment Opportunity for all applicants and employees and complies with all applicable laws prohibiting discrimination and harassment in employment.

You must be authorized to work in the United States without employer sponsorship.

Work environment and travel requirements

• Onsite: Monday - Thursday (Friday - Remote) - Brentwood TN
• Travel requirements: Less than 20%

Job Summary

The Cybersecurity Risk Engineer is responsible for providing vendor security oversight through risk-based evaluation ongoing exposure awareness and vendor engagements to maintain alignment with LifePoint technical security standards with a primary focus on Technology Review Board (TRB) engagement and ThirdParty (3P) Risk Management. The Cybersecurity Risk Engineer evaluates security risks associated with technologies and vendors engages directly with third parties to validate controls and remediation plans and ensures vendor alignment with Lifepoint Health security requirements. The role bridges technical security engineering and governance translating complex technical findings into actionable riskbased recommendations for stakeholders.

Essential Function

• Serve as the primary cybersecurity subject matter expert for Technology Review Board (TRB) submissions and discussions.
• Drive vendor security engagement by validating assessment responses reviewing supporting evidence and tracking remediation commitments and timelines.
• Perform security risk assessments for new and existing technologies SaaS platforms cloud services and thirdparty vendors.
• Evaluate thirdparty security posture including architecture control maturity access models and data handling practices.
• Establish vendor risk conditions for acceptance (e.g. contractual safeguards monitoring expectations remediation plans) and communicate these requirements through TRB risk review deliverables.
• Partner with appropriate stakeholders to support thirdparty risk decisions.
• Translate technical risks into clear actionable recommendations for technical and nontechnical stakeholders.
• Maintain risk documentation across company platforms in accordance with policy.
• Support continuous improvement of TRB and thirdparty risk workflows documentation and efficiency.
• Maintain awareness of emerging threats thirdparty risk trends and industry best practices.

Job Requirements

• Education: Bachelors degree in Cybersecurity Information Technology Computer Science Risk Management or equivalent experience. Masters Degree a plus.
• Experience: 5 years in cybersecurity engineering security architecture risk management thirdparty risk or related technical roles.
• Certifications (preferred): CRISC CCSP or equivalent certifications.
• Clearances/Background: Able to pass healthcare compliance/background checks.

Required Skills

• Curiosity and willingness to learn new technologies including AI-enabled security capabilities.
• Strong understanding of cybersecurity principles including cloud security SaaS risk identity data protection and access models.
• Demonstrated experience performing thirdparty/vendor security assessments and communicating risk findings in formal governance processes.
• Familiarity with vendor security assessments SOC reports control frameworks and assurance documentation.
• Ability to communicate risk effectively to technical operational and executive audiences.
• Strong analytical and criticalthinking skills with a riskbased mindset.
• Proficient use of risk management governance collaboration and documentation tools.
• Ability to work crossfunctionally with cybersecurity engineering architecture and leadership teams.
• Strong written and verbal communication skills.
• Ability to organize and manage multiple assessments and stakeholder engagements simultaneously.
• Ability to follow defined governance processes while identifying improvement opportunities.

Functional Demands

• Ability to sit for extended periods and operate a computer.
• Occasional lifting up to 20 pounds.
• Extended screen time; rapid context switching; occasional highstress majorincident participation.
• Ability to prioritize tasks and manage multiple tickets simultaneously.
• Attention to detail and consistency in documentation.
• Frequent context switching between technical details and risk communication.
• Ability to participate in discussions involving complex or sensitive risk topics.
• Occasional participation in highpriority risk reviews or governance forums.