Premise Health Jobs

Mobile premise-health Logo

Job Information

Premise Health GRC Vendor Risk Management Analyst in Brentwood, Tennessee

Welcome to the new standard of healthcare!

Premise Health is the world’s leading healthcare access provider. We deliver purpose-driven career experiences in a culture-centric work environment—ensuring that employees at the nation's best companies get, stay, and be well. In a changing healthcare environment, we know there's a better way for organizations to help their people live healthier lives by delivering the right care at the right time, right where they work. Partnered with visionary organizations around the globe, we offer a broad range of healthcare services and deliver an effortless patient experience that raises the bar, lowers costs, and redefines the meaning of quality care. By shifting the conversation from cost to return and from treatment to prevention, we are committed to help people, their families, and the organizations they work for be at their best.

We are looking for a Vendor Risk Management Analyst to work at our Corporate office in Brentwood, TN ! If you possess a “whatever it takes attitude” keep reading.

It’s hard to pinpoint a “typical” day here (and who wants typical anyway?), but as a member of Premise Health’s IT Governance, Risk, & Compliance (GRC) team, the GRC Vendor Risk Management (VRM) Analyst supports the organization’s growth and strategy functions by working with the GRC VRM Manager to oversee the vendor assessment, remediation, and risk management program; maintain risk management systems across platforms; and identify opportunities for automation. The position can be full time remote or located in Brentwood, TN.

What You'll Do For Us:

  • Aligns assessment criteria with requirements of Premise Health, contracts and BAA, and third parties

  • Manages third-party issues and engages in developing remediation plans

  • Identifies potential investment risks (e.g. asset types and values, legal and ownership structures, professional reputations, customer bases, industry segments)

  • Manages repository of vendors for compliance, scheduling, and reporting

  • Maintains register of external risks including remediation efforts of identified risks

  • Writes and distributes third-party risk assessment activity reports

  • Serves as internal point of contact for third party security authorizations

  • Coordinates vendor assessments; writes risk assessment closeout reports

  • Participates in vendor pen testing with IT Security Engineering

  • Assist with GRC vendor system maturity and management

  • Provides additional analysis and reporting on all third-party risk areas for enhancement opportunities


  • Bachelor’s degree from an accredited university or equivalent work experience

  • CISA or CISSP is strongly preferred. Certification will be required for candidates who do not currently possess it.


  • 2-4 years of experience in IT security/risk management (healthcare industry a plus)

  • Admin experience with GRC systems (such as Archer, BWise, Process Unity) a plus

  • Experience with incident response or BCP/DR programs is preferred

Knowledge and Skills:

  • Knowledge of emerging trends tools, methodologies and best practices in information technology and security

  • Knowledge of IT risk controls and compliance frameworks (e.g. SOC2, ISO 27001, NIST 800 series, ITIL)

  • Knowledge of risk management theory, industry best practices, and quality frameworks (e.g. ISO, Lean Six Sigma, CMMi and ITIL)

  • Working knowledge of key compliancy regulations and requirements (e.g. HIPAA, HITRUST, SOC2, and PCI-DSS)

  • Strong working knowledge and application of Microsoft Office Suite (Word, Excel, PowerPoint, SharePoint)

  • Ability to constructively work both independently and in collaborative environments involving all levels of management and employees

  • Exceptional written, presentation and oral communication skills

  • Ability to work with teams and management on complex projects

  • Ability to work in a team-oriented, collaborative environment

  • Ability to learn and research new concepts, ideas, and technologies quickly

  • Ability taking a concept from idea to completion

What We’ll Do for You:

At Premise Health, you’re not an employee – you’re a team member. We have health centers, pharmacies, fitness centers and offices scattered across the country, but we’re all working together to deliver exemplary and delightful service to our clients, their employees and family members. We’re proud of the culture we’ve built, and we aim to assist our team members in living their best life – in and out of the workplace. That’s why you’ll find us taking a yoga class together or starting a book club. We know that we can only help people get, stay, and be well if we do the same for ourselves. We’re also not afraid to share what we’re up to – check out some of our smiling faces.

As an employer, we want to compensate you for the work you do with more than a paycheck (although you’ll get one of those too). Premise Health offers competitive benefits packages including medical, dental, vision, life insurance, 401(k), paid holidays and vacation time, and a company-sponsored wellness program. We are an equal opportunity employer of nice people and value inclusion at our company. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.