R1 - Cyber Security Manager - NIST

15 hours ago

Noida, Uttar Pradesh, India R1 RCM Global Private Limited (Formerly known as A Full time ₹ 15,00,000 - ₹ 30,00,000 per year

Position Summary :

We are seeking an experienced Sr. Manager Third party Cyber Risk Management to lead our Third-party Cybersecurity risk and governance efforts for India/Philippines market of R1 RCM.

The Senior Manager Third-Party Cyber Risk Management is responsible for leading and executing the organizations cybersecurity oversight of vendors, suppliers, partners, and other external entities.

This role ensures that all third-party relationships align with enterprise security policies, regulatory obligations, and risk tolerance levels.

The individual will own the third-party risk management (TPRM) lifecycle from onboarding and due diligence to continuous monitoring and remediation and will serve as the subject matter expert on vendor security governance.

Key Duties & Responsibilities :

Program Leadership & Governance :

- Design, implement, and mature the Third-Party Cyber Risk Management Program aligned with frameworks such as NIST CSF, ISO 27001, HIPAA, CIS Controls, and SOC2.

- Develop and maintain policies, standards, and procedures governing vendor security due diligence, onboarding, monitoring, and offboarding.

- Establish and iterate security exhibit for contracts, enforce compliance and iterate wherever needed.

- Lead governance committees or working groups to discuss vendor risk posture, key issues, and remediation progress with business, procurement, and legal teams.

- Define and track Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) for vendor risk and present them to leadership and risk committees.

Vendor Risk Assessment & Due Diligence :

- Oversee end-to-end third-party risk assessments including questionnaires, evidence review, and validation of security controls.

- Evaluate vendors against recognized security frameworks (e.g., SOC 2, ISO 27001, PCI DSS, NIST CSF, HIPAA/HITRUST).

- Manage inherent and residual risk scoring models to prioritize vendors based on business impact and data sensitivity.

- Perform or oversee onsite or virtual vendor audits for high-risk vendors and ensure timely closure of identified gaps.

- Work closely with Procurement and Legal to integrate cybersecurity clauses and right-to-audit provisions in vendor contracts.

Continuous monitoring and remediation :

- Implement and manage continuous monitoring tools and processes (e.g., SecurityScorecard, Recorded Future) to detect vendor security posture changes.

- Ensure that remediation plans are documented, tracked, and closed within defined SLAs.

- Coordinate periodic reassessments of critical and high-risk vendors to verify ongoing compliance.

- Manage escalation processes for non-compliant or high-risk vendors, including executive reporting and remediation oversight.

- Perform internal audits against client security requirements to proactively prepare and improve organizational security posture.

Collaboration and stakeholder management :

- Partner with Business Units, Procurement, Legal, Privacy, and IT Security teams to ensure security risk is addressed in all third-party engagements.

- Collaborate with Legal, Compliance to support external audits and regulatory reviews involving third-party risk.

- Provide subject matter expertise during M&A due diligence, supplier transitions, or strategic partnerships.

- Deliver training and awareness to business and procurement teams on vendor security best practices.

Reporting and metrics :


- Maintain a vendor risk register and ensure accurate documentation of risk decisions, exceptions, and compensating controls.

- Prepare executive dashboards and periodic reports summarizing vendor risk trends, findings, and remediation status.

- Support board-level reporting on supply chain and vendor cyber risks.

Experience, Skills & Knowledge :
- 7 to 10 years of total experience in information security, risk, or compliance roles.

- At least 5 years of direct experience in third-party or vendor cyber risk management.

- Strong understanding of supply chain security, cloud vendor assessments, data privacy, and regulatory compliance (HIPAA, PCI DSS, GDPR, etc.

- Experience using GRC and vendor risk management platforms (e.g., Archer, Auditboard, or similar).

- Proven track record of leading remediation governance and cross-functional collaboration across business, IT, and legal teamsProven experience managing third-party cybersecurity risk and audit programs at scale.

- Excellent communication skills, with ability to interface with clients, vendors, operational, legal, and IT leadership.

Key Competencies :

- Certified Information Security Manager (CISM).

- Certified Information Systems Auditor (CISA).

- Certified in Risk and Information Systems Control (CRISC).

- HITRUST CCSFP or ISO 27001 Lead Implementer.

  • Cyber Security Engineer

    3 days ago

    Noida, Uttar Pradesh, India GE VERNOVA Full time ₹ 20,00,000 - ₹ 25,00,000 per year

    **Summary****As a Cyber Security Engineer at GE Vernova Grid Solutions, you will play a crucial role in designing, implementing, and optimizing the cybersecurity requirement for EHV/HV substations (AIS/GIS/HVDC/FACTS/STATCOM/Onshore/Offshore/Renewable/etc.,) considering the safety/quality/Cost/time delivery criteria. In this role, you will be reporting...

  • SailPoint Developer

    17 hours ago

    Noida, Uttar Pradesh, India R1 RCM Full time ₹ 5,00,000 - ₹ 10,00,000 per year

    R1 is a leading provider of technology-driven solutions that help hospitals and health systems to manage their financial systems and improve patients' experience. We are the one company that combines the deep expertise of a global workforce of revenue cycle professionals with the industry's most advanced technology platform, encompassing sophisticated...

  • SailPoint Developer

    13 hours ago

    Noida, Uttar Pradesh, India R1 RCM Full time ₹ 12,00,000 - ₹ 24,00,000 per year

    R1 is a leading provider of technology-driven solutions that help hospitals and health systems to manage their financial systems and improve patients' experience. We are the one company that combines the deep expertise of a global workforce of revenue cycle professionals with the industry's most advanced technology platform, encompassing sophisticated...

  • Senior Program Manager

    1 week ago

    Noida, Uttar Pradesh, India R1 RCM Full time ₹ 12,00,000 - ₹ 36,00,000 per year

    Company Overview: -R1 is a leading provider of technology-driven solutions that help hospitals and health systems to manage their financial systems and improve patients' experience. We are the one company that combines the deep expertise of a global workforce of revenue cycle professionals with the industry's most advanced technology platform, encompassing...

  • Cyber Risk Intelligence and Automation Manager

    18 hours ago

    Noida, Uttar Pradesh, India NMT Security | Simplifying Cybersecurity Full time ₹ 12,00,000 - ₹ 36,00,000 per year

    Role: IT Risk Intelligence and Automation ManagerJoin NMT Security — The 24×7 AI-Powered CISO (NOVA)Location:Noida |Full-Time | On-SiteAbout NMT SecurityAtNMT Security, we're building the future of cybersecurity withNOVA - our 24×7 AI-powered CISO Copilotthat continuously monitors, audits, and improves security for businesses across the globe.We...

  • Staff Engineer

    3 days ago

    Noida, Uttar Pradesh, India R1 RCM Full time ₹ 15,00,000 - ₹ 30,00,000 per year

    R1 RCM India is proud to be recognized amongst India's Top 50 Best Companies to Work For 2023 by Great Place To Work Institute. We are committed to transform the healthcare industry with our innovative revenue cycle management services. Our goal is to 'make healthcare simpler' and enable efficiency for healthcare systems, hospitals, and physician practices....

  • Senior Engineer

    16 hours ago

    Noida, Uttar Pradesh, India R1 RCM Full time ₹ 20,00,000 - ₹ 25,00,000 per year

    Company Overview: -R1 is a leading provider of technology-driven solutions that help hospitals and health systems to manage their financial systems and improve patients' experience. We are the one company that combines the deep expertise of a global workforce of revenue cycle professionals with the industry's most advanced technology platform, encompassing...

  • Staff Engineer

    3 days ago

    Noida, Uttar Pradesh, India R1 RCM Full time ₹ 9,00,000 - ₹ 12,00,000 per year

    R1 RCM India is proud to be recognized amongst India's Top 50 Best Companies to Work For 2023 by Great Place To Work Institute. We are committed to transform the healthcare industry with our innovative revenue cycle management services. Our goal is to 'make healthcare simpler' and enable efficiency for healthcare systems, hospitals, and physician practices....

  • Sr Staff Engineer-IT

    3 days ago

    Noida, Uttar Pradesh, India R1 RCM Full time ₹ 12,00,000 - ₹ 24,00,000 per year

    About R1R1 is a leading provider of technology-driven solutions that help hospitals and health systems to manage their financial systems and improve patients' experience. We are the one company that combines the deep expertise of a global workforce of revenue cycle professionals with the industry's most advanced technology platform, encompassing...

  • Manager- Pre-Sales Cyber Security

    5 days ago

    Noida, Uttar Pradesh, India DIEVAS Full time ₹ 12,00,000 - ₹ 36,00,000 per year

    Company DescriptionDievas Technologies, founded in 2016, is a leading Managed Security Service Provider (MSSP) with a global footprint including the USA, Netherlands, Australia, and India. Our mission is to provide unparalleled Cyber Security Services that protect organizations from evolving threats. We specialize in services such as Cyber Security...