Technical Security Lead Third Party Risk

Our mission is to SAVE AND IMPROVE LIVES BY EMPOWERING HEALTHCARE CONSUMERS. Come be part of remarkable.

How you can make a difference

We are seeking a technically skilled and cybersecurity-focused Technical Security Risk Lead to join our Third Party Risk Management (TPRM) team. This role is essential in evaluating and mitigating security risks associated with third-party vendors, with a strong emphasis on cloud technologies, secure integrations, and identity management. The ideal candidate will have a deep understanding of different cloud service models (SaaS, PaaS, IaaS) and will collaborate with various cross-functional teams to ensure all third-party engagements comply with security and regulatory standards.

What you'll be doing

Conduct in-depth technical security assessments of third-party vendors and partners.

• Evaluate vendor architecture, encryption practices, authentication mechanisms, and API integrations.

• Master and leverage third-party security rating services (e.g., BitSight, Security Scorecard, RiskRecon) to inform risk decisions.

• Develop a SaaS governance framework in partnership with key cross-functional teams such as Security Architecture and Identity & Access Management to mitigate the company's risk exposure.

• Explore and evaluate the benefits of Software Bill of Materials (SBOM) compliance in third-party software.

• Create Cloud reference architectures to illustrate control requirements across Azure, AWS, and GCP environments.

• Identify and recommend appropriate security controls to mitigate risks associated with nascent generative AI platforms.

• Leverage generative AI platforms to expedite due diligence and security compliance processes.

• Assist the Product Security team in onboarding new operations partners and surfacing potential risks that could impact implementation.

• Clearly differentiate between SaaS, PaaS, and IaaS platforms, including the types of secure connections required for integration, with a focus on ingress, egress and layers of defense to protect sensitive data.

• Work with cross-functional teams to identify risks associated with shadow IT, and develop processes, procedures and controls to prevent, detect, and

• Assist with the exploration, selection, and implementation of Third Party Risk Management (TPRM) software to enhance program efficiency and scalability.

• Participate in the design of supply chain resiliency strategies that provide optionality during unforeseen events, helping to mitigate third-party and operational risk.

• Collaborate with internal teams (Security, IT, Legal, Procurement) to ensure third-party engagements meet security and compliance standards.

• Track and manage remediation efforts for identified risks.

• Maintain and enhance risk assessment tools and documentation.

• Stay current on emerging threats, technologies, and regulatory requirements.

What you will need to be successful

• Bachelor's degree in Cybersecurity, Information Technology, or a related field.
• 8 to 10+ years of related experience in information security, risk management, or third-party/vendor risk.
• Network topologies and risks

• Azure Cloud and Azure Virtual Desktop

• Encryption types (e.g., symmetric, asymmetric, hashing)

• Network and application connection types (e.g., VPN, direct connect, SFTP, HTTPS)

• Certificates and authentication protocols (e.g., TLS/SSL, OAuth, SAML)

• Identity and Access Management (IAM)

• API connection types and security risks

• SaaS, PaaS, and IaaS architectures, including secure integration methods

• Experience with tools such as ServiceNow and Dynatrace.

• Experience with YubiKeys or similar hardware-based authentication methods.

• Knowledge of security frameworks (e.g., NIST CSF and AI, ISO 27001, SOC 2).

• Project management and cross-functional collaboration

• Technical acumen in cloud security, secure integrations, and AI risk mitigation

• Strong analytical, documentation, and communication skills

• Ability to assess and explain complex security risks to both technical and non-technical stakeholders.

• Experience in regulated industries (e.g., finance, healthcare)
• Knowledge of data privacy regulations (e.g., CCPA, GDPR)
• Security certifications (e.g., CISSP, CISA, CRISC)

#LI-Remote

This is a remote position.

The actual compensation offer is determined based on job-related knowledge, education, skills, experience, and work location. This position will be eligible for performance-based incentives as part of the total compensation package, in addition to a full range of benefits including:

• Medical, dental, and vision

• HSA contribution and match

• Dependent care FSA match

• Uncapped paid time off

• Paid parental leave

• 401(k) match

• Personal and healthcare financial literacy programs

• Ongoing education& tuition assistance

• Gym and fitness reimbursement

• Wellness program incentives

HealthEquity has a vision that by2030 we will make HSAs as wide-spread and popular as retirement accounts. We are passionate about providing a solution that allows American families to connect health and wealth. Join us and discover a work experience where the person is valued more than the position. Click here to learn more.

You belong at HealthEquity!

HealthEquity, Inc. is an equal opportunity employer, and we are committed to being an employer where no matter your background or identity - you feel welcome and included. We ensure equal opportunity for all applicants and employees without regard to race, age, color, religion, sex, sexual orientation, gender identity, national origin, status as a qualified individual with a disability, veteran status, or other legally protected characteristics. HealthEquity is a drug-free workplace. For more information about our EEO policy, or about HealthEquity's applicant disability accommodation, drug-free-workplace, background check, and E-Verify policies, please visit our Careers page.

HealthEquity uses Microsoft Copilot to transcribe screening interviews between candidates and their direct Talent Partner for note taking and interview summaries. By scheduling a screening interview with us, you consent to Microsoft Copilot's AI technology recording and transcribing your interview with your Talent Partner. This information will be reviewed for accuracy and then used by HealthEquity to summarize the interview, ensure accuracy, and facilitate our hiring process. We take privacy seriously. You have the option to opt out. If you wish to opt out of this Microsoft Copilot transcription, please notify your Talent Partner in advance of the interview. If we do not receive an opt-out request from you, we will assume that you consent to the use of Microsoft Copilot.

At HealthEquity, our goal is to save and improve lives by empowering healthcare consumers. This shared purpose inspires everything we do, including how we approach hiring. Our process is designed to get to know the real you: your skills, experiences, and potential to make a difference. We value honesty, originality, and the courage to do the right thing, even when it is not the easiest path. Showing up as your authentic self reflects these values and helps us build something truly remarkable together.

As AI is becoming a common tool throughout the application process, we want to be clear about its appropriate use at HealthEquity. Using AI to support resume writing, research, or interview preparation is perfectly acceptable, provided the content is accurate and genuinely represents your qualifications and skills. For other key parts of our interview process, however, it is important that the ideas, communication, and work you share reflect your own voice, experiences, and thinking. We ask that you participate in our live interviews and complete any assessments without AI assistance unless instructions explicitly indicate otherwise or a specific exception is discussed and approved in advance. This approach ensures fairness, celebrates your individuality, and allows your authentic perspective to shine. Behaviors that do not align with these guidelines may result in disqualification from the hiring process or termination of employment if later discovered. We appreciate your understanding and look forward to learning about the unique contributions only you can bring to HealthEquity.

HealthEquity is committed to your privacy as an applicant for employment. For information on our privacy policies and practices, please visit HealthEquity Privacy.