Senior Risk & Compliance Analyst
Company: Highmark Health
Location: Nashville
Posted on: May 28, 2023
|
|
|
Job Description:
Company :
Highmark Health
Job Description :
JOB SUMMARY
This job works collaboratively to support of all risk and
compliance assessment activities of Highmark Health across a broad
range of frameworks including NIST, HITRUST, PCI, HIPAA, SOC, MAR,
CMS, JCAHO, etc. The incumbent will partner with the organizational
risk and business partners, the technology organization, and global
delivery teams to meet Highmark Health's mission requirements in a
manner consistent with the enterprise risk appetite. This
individual must have a proactive mindset and approach, and feel
comfortable working in a highly matrixed environment.
ESSENTIAL RESPONSIBILITIES
Plan and conduct risk assessment activities according to the
appropriate framework, including but not limited to NIST, HITRUST,
PCI, HIPAA, SOC, MAR, CMS, JCAHO, in order to identify, assess,
prioritize, evaluate and address financial, information security,
privacy, and other areas of risk.Prepare draft reports and other
management reporting deliverables.Review all work prepared by less
experienced team members to ensure audit quality standards are
consistently met in all forms of documentation.
Review and interpret inherent risk assessment results, engagement
risks, and developassurance plans (e.g., on-site audit, contract
review, financials assessment, purchasing data analysis) to address
relevant risk areas and to ensure proper controls are
implemented.Accountable for the review and interpretation of
authoritative guidance (including, but not limited to NIST,
HITRUST, PCI, HIPAA, SOC, MAR, CMS, JCAHO reports) and performs
qualitative and quantitative impact assessments based on physical,
technical, and administrative safeguards as well as contractual
requirements; conducts additional information gathering and risk
assessments as-needed; documents and reports results.
Lead development of project plans to support risk assessment and
decisioning in coordination with business owners and other
stakeholders within task-based budgets.Collaborate and communicate
with Information Security, Privacy, Procurement, Audit, Compliance,
and other teams across the Enterprise to align risk management
objectives, practices and procedures.
Interface with business areas, technical staff, project teams, and
third parties to execute cross-functional risk assurance projects.
Lead the communication of assessment results and findings with
multiple stakeholder groups and provides consultation and direction
throughout.
Interpret complex data flow/ information sharing activities,
customer integrations, and information safeguards into simplified
and high-level terminology and/or process/data flows.Maintains risk
management reporting dashboards in RSA Archer applications in order
to keep information complete, accurate, and current.Prepare and
assist with the delivery of risk assurance reports to
management.
Ensure risk questionnaires and other risk assessments are
distributed and completed on-time and prepares initial impact
assessments.Ensure compliance requirements are met across the
Enterprise.Assist in training and mentoring team members on
multi-faceted engagements, platform customer dependencies, and
interpretation of complex contract agreements.
Collaborate with lead in providing input and consultation on risk
and assurance reporting.Collaborate and consult with other areas
(e.g., Procurement, Privacy, Information Security, Legal)
throughout the engagement lifecycleAssist in providing timely
feedback on interpretations regarding authoritative guidance.
Proactively reviews updates made to departmental desk-level
procedures, risk assessment methodology, assessment procedures,
questionnaires, training, etc. and is responsible for monitoring
compliance with departmental metrics, internal control activities,
contractual obligations, regulatory requirements, and responding to
customer inquiries / audits.
Other duties as assigned or requested
EDUCATION
Required
Substitution s
Preferred
EXPERIENCE
Required
To Include:
3 years of Business Process Design
3 years of Project Management
---
Preferred
LICENSES or CERTIFICATIONS
Required
Preferred (any of the following)
Certified Public Accountant (CPA)
Certified Information Systems Analyst (CISA)
Certified Information Privacy Professional (CIPP)
Certified Information Systems Security Professional (CISSP)
SKILLS
Demonstrate expert knowledge of business and technology processes,
risk and control frameworks, and assessment methodologies,
particularly as applied to healthcare (payer and provider) business
processes.
Knowledge of relevant regulatory guidelines, vendor management,
sourcing and procurement, and completing assessments of vendors
Excellent resource and project planning capabilities, decision
making skills, history of results-oriented delivery, and effective
team building across a cross-campus and diverse team of management
and staff.
Strong written and verbal communication skills for diverse
audiences (senior management, board, peer, and team).
Strong relationship building skills and ability to influence with
and without authority in a matrixed organization.
Leadership qualities with an ability to motivate and inspire a
group of individuals to achieve superior results.
High capacity to think analytically, interpret information /
observations, apply judgment and make effective, strategic
decisions.
Language (Other than English):
None
Travel Requirement:
0% - 25%
PHYSICAL, MENTAL DEMANDS and WORKING CONDITIONS
Position Type
Office-based
Teaches / trains others regularly
Occasionally
Travel regularly from the office to various work sites or from
site-to-site
Rarely
Works primarily out-of-the office selling products/services (sales
employees)
Never
Physical work site required
Yes
Lifting: up to 10 pounds
Constantly
Lifting: 10 to 25 pounds
Occasionally
Lifting: 25 to 50 pounds
Rarely
Disclaimer: The job description has been designed to indicate the
general nature and essential duties and responsibilities of work
performed by employees within this job title. It may not contain a
comprehensive inventory of all duties, responsibilities, and
qualifications required of employees to do this job.
Compliance Requirement : This job adheres to the ethical and legal
standards and behavioral expectations as set forth in the code of
business conduct and company policies.
As a component of job responsibilities, employees may have access
to covered information, cardholder data, or other confidential
customer information that must be protected at all times. In
connection with this, all employees must comply with both the
Health Insurance Portability Accountability Act of 1996 (HIPAA) as
described in the Notice of Privacy Practices and Privacy Policies
and Procedures as well as all data security guidelines established
within the Company's Handbook of Privacy Policies and Practices and
Information Security Policy.
Furthermore, it is every employee's responsibility to comply with
the company's Code of Business Conduct. This includes but is not
limited to adherence to applicable federal and state laws, rules,
and regulations as well as company policies and training
requirements.
Pay Range Minimum:
$67,500.00
Pay Range Maximum:
$124,800.00
Base pay is determined by a variety of factors including a
candidate's qualifications, experience, and expected contributions,
as well as internal peer equity, market, and business
considerations. The displayed salary range does not reflect any
geographic differential Highmark may apply for certain locations
based upon comparative markets.
Highmark Health and its affiliates prohibit discrimination against
qualified individuals based on their status as protected veterans
or individuals with disabilities, and prohibit discrimination
against all individuals based on their race, color, age, religion,
sex, national origin, sexual orientation/gender identity or any
other category protected by applicable federal, state or local law.
Highmark Health and its affiliates take affirmative action to
employ and advance in employment individuals without regard to
race, color, age, religion, sex, national origin, sexual
orientation/gender identity, protected veteran status or
disability.
EEO is The Law
Equal Opportunity Employer Minorities/Women/Protected
Veterans/Disabled/Sexual Orientation/Gender Identity (
https://www.eeoc.gov/sites/default/files/migrated_files/employers/poster_screen_reader_optimized.pdf
)
We endeavor to make this site accessible to any and all users. If
you would like to contact us regarding the accessibility of our
website or need assistance completing the application process,
please contact number below.
For accommodation requests, please contact HR Services Online at
HRServices@highmarkhealth.org
California Consumer Privacy Act Employees, Contractors, and
Applicants Notice
Req ID: J222524
Keywords: Highmark Health, Nashville , Senior Risk & Compliance Analyst, Accounting, Auditing , Nashville, Tennessee
|
Click
here to apply!
|
