Note: The job is a remote job and is open to candidates in USA. HealthEquity is focused on empowering healthcare consumers to save and improve lives. As a Senior Third Party Risk Analyst, you will ensure the security and integrity of the partners and technologies powering our platform, while evolving the Third Party Risk Management program in a fast-paced environment.
Responsibilities
• Conduct risk assessments for critical and operationally significant third‑party entities, including cloud service providers, SaaS platforms, technology partners, and infrastructure providers
• Identify, track, and drive remediation of control gaps and security risks uncovered throughout the assessment lifecycle
• Stay ahead of emerging risks, including generative and agentic AI, and evolving regulatory expectations across financial services and healthcare
• Partner closely with cross‑functional teams such as Procurement, Legal, Privacy, Security, AI Governance, and vendor business owners to manage third‑party risk holistically
• Develop and maintain key risk and performance metrics that demonstrate progress and maturity within the TPRM program
• Lead efforts to automate repetitive and high‑volume processes, leveraging advancements in AI to increase efficiency, quality, and speed
• Introduce and evaluate AI‑enabled tools to enhance risk clarity, improve signal‑to‑noise, and scale the program responsibly
• Support other TPRM and governance activities as needed, contributing to a culture of continuous improvement
Skills
• Bachelor's degree in Computer Science, Information Technology, Risk Management, or a related technical field
• 5+ years of combined experience in information security, cybersecurity, or technical/analytical roles
• Experience operating in fast‑paced, high‑accountability environments where prioritization and time sensitivity matter
• 2–5 years of hands‑on cybersecurity experience, ideally within financial services or healthcare
• Strong understanding of security and AI control frameworks, such as: NIST Cybersecurity Framework (CSF), NIST AI Risk Management Framework (AI RMF), ISO 42001
• Prior experience with TPRM / GRC platforms, including tools such as Vanta, Archer, or ServiceNow
• Familiarity with cybersecurity risk rating services (e.g., RiskRecon, SecurityScorecard, BitSight)
• Working knowledge of audits, regulatory exams, and attestations, including SOC 2 Type II, ISO 27001, HITRUST, and similar frameworks
• Ability to review and interpret technical evidence demonstrating cybersecurity validation and compliance (e.g., SCA, SAST, DAST, penetration testing)
• Excellent written and verbal communication skills, with the ability to translate between technical and non‑technical audiences
• Experience reviewing technical policies and contributing to standard operating procedures
• Strong command of the Microsoft ecosystem, including PowerPoint, Excel, Word, SharePoint, and Power BI
• Demonstrated ability to use AI solutions securely and effectively, such as Microsoft Copilot, Gemini, Anthropic, or ChatGPT, to improve workflows and outcomes
• One or more cybersecurity certifications, such as CISSP, CISA, CISM, CRISC, or equivalent
• Demonstrated understanding of cybersecurity and AI governance frameworks, including NIST CSF and NIST AI RMF
Benefits
• Medical, dental, and vision
• HSA contribution and match
• Dependent care FSA match
• Uncapped paid time off
• Paid parental leave
• 401(k) match
• Personal and healthcare financial literacy programs
• Ongoing education & tuition assistance
• Gym and fitness reimbursement
• Wellness program incentives
Company Overview
• HealthEquity connects health and wealth by administering Health Savings Accounts (HSAs) and other consumer-directed benefits. It was founded in 2002, and is headquartered in Draper, Utah, USA, with a workforce of 1001-5000 employees. Its website is http://www.healthequity.com.
Company H1B Sponsorship
• HealthEquity has a track record of offering H1B sponsorships, with 7 in 2026, 15 in 2025, 8 in 2024, 31 in 2023, 3 in 2022, 1 in 2021, 2 in 2020. Please note that this does not guarantee sponsorship for this specific role.
Apply tot his job
Apply To this Job