+ Certified Information Privacy Professional (CIPP) + Certified Information Systems Auditor (CISA) + Certified Information Governance Professional (CIGP) + Business Continuity Management Certification + 3 years in Privacy operations, business resiliency, policy management and process improvement disciplines + 5 years in Governance, risk, and compliance experience including audit, policy, regulatory, business resiliency, or related disciplines + Master's Degree in Accounting, Business, Legal Studies, Finance, IT or related field + 6 years of related and progressive experience in lieu of Bachelor's degree + Bachelor's Degree in Accounting, Business, Legal Studies, Finance, IT or related field + Develops and executes training and education programs in partnership with Enterprise Learning & Development. + Administers enterprise-wide programs (e.g., code of conduct, conflict of interest, etc.). + Implements and provides feedback on risk treatment methodology in partnership with Risk Strategy (avoid, accept, transfer, mitigate). + Develops and executes monitoring programs intended to prevent, detect, and respond to risks, in partnership with business units, SRPs, and other stakeholders. + Develops and executes communication strategies of treatment solutions to SRPs and business leaders.Reviews the work of others to ensure quality, compliance, and adherence to policies, procedures, privacy requirements, standards, etc. + Executes the strategic direction for the team that treats risk across disciplines (privacy, compliance, information security, quality, legal).Works within a highly matrixed environment. + Develops and executes processes to maintain enterprise policies, standards, procedures/controls, including business continuity/disaster recovery plans, strategies, and facilitates related exercises/scenarios/drills. Must have a proactive mindset and approach and feel comfortable working in a highly matrixed environment. ![]() ![]() Effectively communicates risk treatment progress, methodology, and risk decisioning options to SRPs and business leaders. Works in a team environment that promotes cooperation, accountability, customer focus and effective work relationships in order to attain business goals. The incumbent also assists teams in order to collaborate with various areas and Senior Risk Partners (SRPs) on risk treatment plans including, legal, government affairs, HR, finance, facilities, quality, privacy, security, safety, and IT. Monitors and controls quality of risk treatment artifacts (e.g., business resiliency plans, recovery strategies, records taxonomy, policy and procedure inventory, privacy activities) while actively seeking opportunities for continuous process, technology, and reporting improvement. Develops and executes actionable risk treatment strategies. Proactively works with other areas of Risk Operations to synthesize risk intelligence, cross-functional risk assessment outputs. ![]() Assists management in the areas of scheduling, direction, institutionalization of standard practices, prioritization and execution of risk treatment activities. The incumbent assists with the development and execution of procedures associated with improving upon existing risk treatment activities including, but not limited to, enterprise policies, privacy operations, business resiliency and continuity planning, records and information management. The incumbent may also provide support related to privacy compliance and risk through assistance with communication of enterprise policies, standards, and procedures/controls according to applicable laws, regulations, and industry requirements supporting a broad range of frameworks including NIST, HITRUST, PCI, HIPAA, SOC, MAR, CMS, JCAHO, NCQA, the BCBSA, etc. ![]() + review and respond to patient/member privacy rights requests + investigating reports of potential breaches of protected health information to include determination of root cause, mitigation efforts, completing a risk assessment of the incident and other regulatory requirements with respect to PHI breaches + conducting ongoing activities related to privacy compliance This position has a primary concentration in supporting the privacy operations of the Enterprise Risk & Governance division such as:
0 Comments
Leave a Reply. |