Third-Party Risk Management Specialist

RxSense is a leading healthcare technology company delivering innovative solutions for pharmacy benefits and prescription savings. Our enterprise platform brings transparency, flexibility, and efficiency to pharmacy benefit management, helping clients streamline operations and enabling consumers to save on prescriptions. By integrating intelligence across the pharmacy ecosystem, RxSense makes cost-effective healthcare more accessible. Whether for PBMs, pharmacies, or individuals, our solutions help modernize operations, reduce costs, and improve outcomes. 

RxSense also owns and operates SingleCare, a free prescription savings service that offers consumers access to consistently low prices on prescription drugs. Through its partnerships with the country’s largest pharmacies and grocers, including CVS, Walgreens, Walmart, Kroger and Albertsons, SingleCare improves access and adherence to affordable medications and has helped millions of Americans save over $11 billion on their medications. 

RxSense is a great place to work! Our company has earned several prestigious awards, including Fast Company’s Most Innovative Companies, Forbes’ Top Startup Employers, Modern Healthcare's Best Places to Work in Healthcare, and Inc’s Best in Business and Best Workplaces.

Position Summary:

We are seeking a highly motivated and self-driven Third-Party Risk Management Specialist with a strong background in Third-Party Risk Management (TPRM) to join our Information Security team. This role will play a key part in our Governance, Risk, and Compliance (GRC) function, with a specific focus on TPRM. The ideal candidate will have a passion for information security and risk reduction, as well as experience working with industry-standard frameworks.

As a member of the Information Security team, you will play an important role in safeguarding the privacy, confidentiality, integrity, and availability of information and systems across the organization. Your primary focus will be conducting vendor assessments and identifying third-party risks and recommending appropriate mitigation strategies. Must be aware of and comply with all aspects of the RxSense Information Security Program and the policies contained therein. Must always understand the importance of maintaining Information Security.

Responsibilities:

• Lead and manage third-party risk assessments, ensuring vendors meet security and compliance standards
• Evaluate and monitor third-party controls to identify potential risks and recommend mitigation strategies
• Collaborate with legal, IT and business units to align vendor onboarding and risk processes
• Maintain compliance with SOC1, SOC2, HIPAA, HITRUST and ISO 27001
• Assist in the development and maintenance of policies, procedures, and standards related to third-party security
• Maintain inventory of third parties
• Track remediation efforts for identified vendor risks and ensure timely resolution
• Collaborate with the GRC Manager to continuously enhance and mature the TPRM Program
• Support audits and compliance initiatives related to vendor management and security
• Develop relationships within the team and across departments to encourage cooperation, communication, and respect

Requirements:

• 2 + plus year of experience with all aspects of TPRM
• Must maintain a clean and presentable appearance and work environment for video calls
• Excellent verbal and written communication skills
• Customer service orientation (e.g., patience, positive customer-friendly attitude, active listening, empathy, professionalism, etc.)
• Strong attention to detail
• Ability to manage multiple responsibilities and competing priorities, constantly reprioritizing based on new information or shifting deadlines
• Strong desire to learn new technologies, frameworks, and standards
• Maintain current skills and strive to acquire new knowledge based on current industry trends
• Highly motivated self-starter & independent worker who can produce high level results consistently with minimal supervision
• Must work well in a team environment and participate in working meetings over Zoom (or equivalent)
• Capable of analyzing data to evaluate risk and compliance
• Ability to travel when required for audits

Education:

• Bachelor’s degree or equivalent years of industry experience
• Security Certifications a plus
• Governance, Risk, and Compliance (GRC) experience a plus
• Basic Knowledge of information security frameworks (e.g., ISO 27001, HITRUST, and SOC 2) and regulatory requirements such as HIPAA a plus

Salary Range: 85,000 - 105,000

RxSense believes that a diverse workforce is a more talented and productive workforce. As such, we are an Equal Opportunity and Affirmative Action employer. Our recruitment process is free from discriminatory hiring practices and all qualified applicants are considered for employment without regard to race, color, religion, sex, gender, sexual orientation, gender identity, ancestry, age, or national origin.  Neither will qualified applicants be discriminated against on the basis of disability or protected veteran status.  We believe in the strength of the collaboration, creativity and sense of community a diverse workforce brings.