Skip to main content

Third-Party Technology Risk Management Professional

Location Portland, Oregon Job Number 997475 Date posted 09/14/2021
Submit Interest

Navigating the Hiring Process

We're here to support you!

Having trouble with your account or have questions on the hiring process?

Please visit the FAQ page on our website for assistance.

Need help with your computer and browser settings?

Please visit the Technical Information page for assistance or reach out to the web manager at

Do you need a reasonable accommodation due to a disability?

A reasonable accommodation is any modification or adjustment that enables you to fully participate in completing the following:

  • Online Submissions
  • Pre-Hire Assessments
  • Interview Process

Please submit your accommodation request and an HR Representative will contact you.


The Third-Party Technology Risk Management Professional is responsible for managing information technology risk associated with third-parties throughout the third-party lifecycle. In this role you will use your deep understanding of cybersecurity, information technology, risk, and auditing to identify and assess information security risk, communicate this risk to stakeholders, and provide consultation in developing mitigation strategies to reduce the risk.  Additionally, this role will partner closely with Business Stakeholders, Legal, Compliance, and Sourcing to ensure technology risk is addressed in third-party contracts.

Essential Responsibilities:

  • Conducts or oversees business-specific projects by applying deep expertise in subject area; promoting adherence to all procedures and policies; developing work plans to meet business priorities and deadlines; determining and carrying out processes and methodologies; coordinating and delegating resources to accomplish organizational goals; partnering internally and externally to make effective business decisions; solving complex problems; escalating issues or risks, as appropriate; monitoring progress and results; recognizing and capitalizing on improvement opportunities; evaluating recommendations made; and influencing the completion of project tasks by others.

  • Practices self-leadership and promotes learning in others by building relationships with cross-functional stakeholders; communicating information and providing advice to drive projects forward; influencing team members within assigned unit; listening and responding to, seeking, and addressing performance feedback; adapting to competing demands and new responsibilities; providing feedback to others, including upward feedback to leadership and mentoring junior team members; creating and executing plans to capitalize on strengths and improve opportunity areas; and adapting to and learning from change, difficulties, and feedback.

  • Drives ITRM process and/or methodology for designated ITRM initiatives by leading or directing team members in the documentation of process and/or service requirements and acceptance criteria from process owners and key stakeholders; and guiding and influencing leadership in the development of the ITRM strategy.

  • Partners with leadership to help define goals, objectives, deliverables, and guardrails within the governance framework to ensure the development and implementation of efficient, effective, measurable, and sustainable ITRM processes and controls.

  • Collects, analyzes, and reports performance metrics using company software and reporting tools.

  • Executes and plans ITRM compliance assessments and consulting projects.

  • Manages large-scale ITRM engagements from planning to completion.

  • Manages and monitors financials for large ITRM engagements.

Minimum Qualifications:

  • Minimum four (4) years in an informal leadership role working with business or technical teams.

  • Bachelor's Degree in MIS, Information Security, Accounting, Finance, or related field and Minimum eight (8) years experience in IT risk management, compliance, or information security. Additional equivalent work experience may be substituted for the degree requirement.

  • Preferred Qualifications:

  • Two (2) years of work experience in a role requiring interaction with executive leadership (e.g., Vice President level and above)

  • Four (4) years experience writing ITRM documentation and assessment reports.

  • Two (2) years developing IT compliance frameworks or ITRM methodologies.

  • Two (2) years managing audit and/or compliance projects.

  • Four (4) years experience working in a large matrixed organization.

  • Two (2) years experience in the development and delivery of ITRM metrics and reporting.

  • Master's Degree in MIS, Information Security, Accounting, Finance, or related field.

  • CISSP or comparable certification.

  • CISM or comparable certification.

  • CISA or comparable certification.

  • QSA or ISA certification.
  • Primary Location: Oregon,Portland,Kaiser Permanente Building Additional Locations:

    Fair Oaks Medical Center, 12255 Fair Lakes Pkwy., Fairfax,Virginia, 22033
    Silver Spring Data Center, 11961 Bournefield Wy., Silver Spring,Maryland, 20904
    Atlanta Outpatient Peachtree Dunwoody, 5505 Peachtree Dunwoody Rd. NE, Atlanta,Georgia, 30342
    Lowry Administration, 7901 E. Lowry Blvd. Ste 150 and 400, Denver,Colorado, 80230
    Greenwood Plaza IT, 6560 Greenwood Plaza Blvd., Greenwood Village,Colorado, 80111
    Scheduled Weekly Hours: 40 Shift: Day Workdays: Mon, Tue, Wed, Thu, Fri Working Hours Start: 08:00 AM Working Hours End: 05:00 AM Job Schedule: Full-time Job Type: Standard Employee Status: Regular Employee Group/Union Affiliation: NUE-IT-01|NUE|Non Union Employee Job Level: Individual Contributor Specialty: ITRM CAAS Department: KPIT ADMIN - Vendor Risk Mgmt - 9601 Travel: No Kaiser Permanente is an equal opportunity employer committed to a diverse and inclusive workforce. Applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), age, sexual orientation, national origin, marital status, parental status, ancestry, disability, gender identity, veteran status, genetic information, other distinguishing characteristics of diversity and inclusion, or any other protected status.

    External hires must pass a background check/drug screen. Qualified applicants with arrest and/or conviction records will be considered for employment in a manner consistent with federal and state laws, as well as applicable local ordinances, including but not limited to the San Francisco and Los Angeles Fair Chance Ordinances.