Ensemble Health Partners
Manager, Cybersecurity Governance Risk & Compliance

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Manager, Cybersecurity Governance Risk & Compliance
Cybersecurity Manager – Third-Party Risk Management (TPRM)
About Ensemble
Ensemble is a leading provider of technology-enabled revenue cycle management solutions for health systems, including hospitals and affiliated physician groups. We offer end-to-end revenue cycle solutions, as well as a comprehensive suite of point solutions, ensuring health systems stay financially strong so communities can thrive.
We believe healthcare requires a human touch, and our people drive that mission. By empowering them, we ensure meaningful interactions while fostering innovation and excellence.
O.N.E Purpose: Our Core Values
- Customer Obsession: Provide exceptional experiences for clients, patients, and colleagues by anticipating and exceeding their needs.
- Embracing New Ideas: Continuously innovate through technology and creativity.
- Striving for Excellence: Demonstrate our "Best in KLAS" Ensemble Difference with consistent high-performance results.
The Opportunity: Job Summary
The Cybersecurity Manager – Third-Party Risk Management (TPRM) will lead the organization’s Third-Party Risk Management (TPRM) program, ensuring operational effectiveness and scalability.
- Partnering closely with the Director of TPRM, this role oversees a team responsible for:
- Vendor risk assessments
- Contract security reviews
- Continuous monitoring
- Remediation governance
- Risk reporting
The Manager is accountable for:
- Team performance and quality standards
- Risk-based decision making
- Stakeholder engagement
- Executive reporting
- Strategic initiatives to enhance cybersecurity and risk management
Key collaborators: Business teams, Technology, Legal, Compliance, Privacy, and Procurement—ensuring vendor risks are consistently identified and mitigated across the enterprise.
This role demands a seasoned leader who thrives in fast-paced environments, can influence cross-functionally, and is passionate about building scalable, sustainable cybersecurity governance.
Essential Job Functions
1. Team Leadership & Development
- Provide day-to-day leadership for TPRM team members, including mentorship and performance evaluations.
- Manage team capacity, workload prioritization, and resource allocation to ensure timely delivery of assessments, strategic initiatives, and departmental goals.
- Oversee recruiting, onboarding, and performance management, identifying staffing and skills gaps for program growth.
- Foster a culture of accountability, innovation, and continuous improvement.
2. Third-Party Risk Management Operations
- Ensure consistent and high-quality vendor risk assessments, contract security reviews, and continuous monitoring.
- Own the operational health of the third-party portfolio, tracking risk remediation, executive reporting, and audit readiness.
- Serve as the primary escalation point for complex risk decisions (acceptances, exceptions, compensating controls, and vendor approvals).
- Review and approve high-risk assessment findings, risk ratings, and remediation recommendations.
- Collaborate with business stakeholders on critical vendor engagements and initiatives.
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
3. Program Development & Governance
- Lead continuous maturation of TPRM processes, including governance models, standards, and automation.
- Develop and refine cybersecurity policies, procedures, and governance frameworks.
- Implement automation opportunities to improve operational efficiency.
- Manage audit and regulatory engagements, ensuring supporting documentation is audit-ready.
4. Artificial Intelligence (AI) Governance
- Partner with stakeholders to integrate AI-related cybersecurity, privacy, and compliance risks into risk management efforts.
- Monitor emerging AI governance trends and adapt assessment criteria for AI-driven third parties.
5. Strategic Project Leadership
- Lead strategic initiatives to enhance TPRM capabilities, including:
- Implementation and optimization of technologies, automation, and reporting tools.
- Development and execution of progressive roadmaps.
- Cross-functional stakeholder engagement to remove project barriers.
6. Executive & Cross-Functional Partnership
- Serve as a trusted advisor to executives, translating technical risks into business-relevant insights.
- Develop executional metrics to demonstrate program success and risk reduction.
- Present findings and actionable recommendations to leadership and the Director of TPRM.
- Present end-to-end executive reporting (dashboards, KPIs, and risk posture) in accessible formats.
Employment Qualifications
Required Qualifications
- Bachelor’s degree in Cybersecurity, IT, Information Systems, Computer Science, or a related field (or equivalent experience).
- Minimum 8 years of cybersecurity, risk management, governance, compliance, or third-party risk experience.
- 2–3 years of direct people leadership experience.
- Experience leading enterprise Third-Party Risk Management programs or cybersecurity governance initiatives.
- Experience with executive-level reporting and strategic communications.
- Strong understanding of third-party risk practices, cybersecurity controls, and risk assessment methodologies.
- Demonstrated ability to develop policies, standards, and governance frameworks.
- Exceptional project management, analytical, and communication skills for both technical and executive audiences.


Get help with your application
Your very own career expert that helps elevate your application to the next level.
Preferred Certifications (Not Required but Strongly Favored)
- CISSP (Certified Information Systems Security Professional)
- CISM (Certified Information Security Manager)
- CRISC (Certified in Risk and Information Systems Control)
- CISA (Certified Information Systems Auditor)
- CCSP (Certified Cloud Security Professional)
- CCSK (Certificate of Cloud Security Knowledge)
Preferred Qualifications
- 6–10+ years in cybersecurity, GRC, or vendor risk management.
- Experience leading or significantly shaping a mature TPRM or GRC program.
- Adeptness in implementing TPRM platforms and technologies.
- Leadership in organizational change, process transformation, and automation within cybersecurity/risk functions.
- AI governance knowledge, including risk frameworks and emerging regulations.
- Advanced understanding of industry cybersecurity frameworks (NIST, ISO 27001, HITRUST, SOC 2, CIS Controls).
- Ability to influence stakeholders and drive change without formal authority.
Benefits
A Workplace Built for You
-
Comprehensive Benefits:
- Healthcare (medical, dental, vision)
- Generous time-off policies
- Retirement planning tools
- Well-being and wellness programs
-
A Culture of Growth:
- Professional certification stipends for every employee
- Tuition reimbursement for further education
- Recognition programs to celebrate contributions
-
A Purpose-Driven Environment:
- Diverse and inclusive workplaces with equal opportunity for all.
- Accommodations for disabilities as per law.
Ensemble’s Commitment to Greatness
- Five-time "Best in KLAS" (2020–2025)—acknowledging our leadership in Revenue Cycle Management.
- HFMA MAP Awards (2019–2024)—recognition for top-performing revenue cycle services.
- Energage Top Workplaces USA (2022–2024)
- Monster Top Workplace for Remote Work (2024)
- Great Place to Work-certified (2023–2024)
Join us—your contributions help power healthcare’s future, one smart decision at a time.
Remote & Travel Considerations
- Remote role with onsite availability for client/programming needs.
Compensation
- $118,000 – $167,700 (based on experience).
Download the Ensemble Benefits Envelope to learn how working here will help you and your family thrive. At Ensemble, people make the difference. Are you ready to help us make theirs?
Ensemble is an equal opportunity employer. We prohibit discrimination on any basis protected by law.
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location