Description

This position is incentive eligible.

Introduction

Last year our HCA Healthcare colleagues invested over 156,000 hours volunteering in our communities. As a(an) Director of IPS Risk Management with HCA Healthcare you can be a part of an organization that is devoted to giving back!

Benefits

HCA Healthcare, offers a total rewards package that supports the health, life, career and retirement of our colleagues. The available plans and programs include:

• Comprehensive medical coverage that covers many common services at no cost or for a low copay. Plans include prescription drug and behavioral health coverage as well as free telemedicine services and free AirMed medical transportation.

• Additional options for dental and vision benefits, life and disability coverage, flexible spending accounts, supplemental health protection plans (accident, critical illness, hospital indemnity), auto and home insurance, identity theft protection, legal counseling, long-term care coverage, moving assistance, pet insurance and more.

• Free counseling services and resources for emotional, physical and financial wellbeing

• 401(k) Plan with a 100% match on 3% to 9% of pay (based on years of service)

• Employee Stock Purchase Plan with 10% off HCA Healthcare stock

• Family support through fertility and family building benefits with Progyny and adoption assistance.

• Referral services for child, elder and pet care, home and auto repair, event planning and more

• Consumer discounts through Abenity and Consumer Discounts

• Retirement readiness, rollover assistance services and preferred banking partnerships

• Education assistance (tuition, student loan, certification support, dependent scholarships)

• Colleague recognition program

• Time Away From Work Program (paid time off, paid family leave, long- and short-term disability coverage and leaves of absence)

• Employee Health Assistance Fund that offers free employee-only coverage to full-time and part-time colleagues based on income.

Learn more about Employee Benefits (https://careers.hcahealthcare.com/pages/employee-benefits-and-rewards)

Note: Eligibility for benefits may vary by location.

Would you like to unlock your potential with a leading healthcare provider dedicated to the growth and development of our colleagues? Join the HCA Healthcare family! We will give you the tools and resources you need to succeed in our organization. We are looking for an enthusiastic Director of IPS Risk Management to help us reach our goals. Unlock your potential!

Job Summary

The Director of IPS Risk Management leads a subset of the Risk, Governance, & Reporting (RGR) team and reports directly to the Director of RGR. The Director of IPS Risk Management leads three key functions: risk management, remediation strategy, and data analytics.

This position is responsible for developing and implementing an integrated risk management program across the following areas of IPS: Identity & Access, Field Operations, Information Lifecycle Management, Information Security, Physical Security, and Privacy. This leader will be key in implementing a risk management program that results in the identification, prioritization, and reduction of privacy, information security, and physical security risks and ensures compliance for all in-scope facilities. This trusted advisor will help raise the protection bar by working with technical and non-technical stakeholders to aggregate risk data and improve processes that will drive risk-based decisions, influence policy, develop program plans, and strengthen the overall maturity of the IPS program.

This position is also responsible for driving remediation strategy. Remediation strategy is a function that uses output from the IPS risk engine to facilitate the development of multi-year strategic roadmaps for key IPS risk areas.

This position also has responsibilities for making risk visible across IPS by leveraging a dedicated data analytics team that reports through risk management.

Overall, this position will be responsible for implementing a risk management program that makes risk visible, facilitates well-informed decision making, and drives accountability. This position will do that by promoting a culture that support operating with an acceptable level of risk, developing standardized risk management criteria including but not limited to threats, vulnerabilities, likelihood, impact, and maturity, establishing risk tolerance, planning risk analysis (e.g. Meaningful Use Security Risk Analyses, HIPAA), and managing risk assessment activities (e.g. HIPAA, PCI, NIST Cyber Security Framework). In addition, this position will ensure all parts of the risk management program are documented, develop a strategy for using and maintaining the risk register to prioritize risk reduction actions and activities, contribute to risk mitigation and remediation planning and activities, and adapt the risk management program for all in-scope lines of business. This position is also responsible for collaborating with Information Security on the development, configuration, and implementation of the Risk Management Archer GRC application.

This position requires a candidate who can, with minimal guidance, analyze business requirements and processes, understand colleague behaviors, facilitate and lead meetings with key stakeholders within the organization, provide industry expertise and knowledge in the identification and mitigation of organizational risk, and enable decision making to support the adherence to industry standards and federal regulations.

The Director of IPS Risk Management provides guidance, direction, and mentorship to staff members to support the overall team goals and deliverables. A qualified candidate must be a highly motivated self-starter and be committed to delivering quality outcomes that meet team and organizational goals.

Major Responsibilities:

Quality

• Work as part of the IPS department’s leadership team to develop company requirements, strategies, priorities, processes, implementation plans, and assurance necessary to protect the company against information protection and security risks that could impact patients, employees, and the financial success of the business

• Remain knowledgeable of legislative, regulatory, contractual, and other compliance requirements (e.g. HIPAA, PCI, SOX, Joint Commission) as well as departmental policies, standards, and procedures and participating in revision processes

• Develop and lead the strategy to mature remediation roadmaps, create new roadmaps where needed, and ensure all roadmaps align with business objectives for the key focus areas

• Provide data analytics services within IPS to make risk visible

• Provide periodic analysis of Company IPS-related risk position, based on analysis of current controls status and current threat landscapes

• Monitor developments in related industries and communicate on the potential impact on or applicability to the organization

• Ensure metrics are identified within risk management and remediation strategy that help demonstrate risk reduction and report progress to IPS leadership and company executive leadership

• Develop risk register and be aware of associated remediation plans to respond to previously unidentified or inadequately addressed risk areas

• Ensure Information Protection & Security guidance and solutions meet business needs and enterprise strategies

• Build rapport, credibility, and cohesion across IPS and other stakeholders across the enterprise

• Partner with Internal Audit and IPS Leadership to ensure periodic reviews of the risk management program are performed to obtain independent assessments of the program’s effectiveness

• Partner with key stakeholders (e.g. Security Architects, DISAs) within IPS as well as with Internal Audit, Enterprise Risk Management, Legal, and ITG to ensure appropriate oversight and governance of the program

• Ensure the team is involving all relevant stakeholders in major decisions; recognizing multiple agendas and making/communicating final decisions in ways that foster maximum ownership and minimum resistance

Service

• Lead the development and implementation of remediation strategy roadmaps for key focus areas assigned to the team

• Lead the team in providing risk-based security perspective through consulting and collaboration

• Lead the team in facilitating and guiding business decisions and solutions

People

• Delegate responsibility and accountability for major work (including setting due dates and identifying key milestones) based on staff competency and interest

• Establish mutual objectives and targets for team members

• Mentor team members, including developing and monitoring their personal development plans, and provide feedback via the annual performance review process

• Promote a culture of collaboration, work/life balance, and open communication

• Encourage new ways of thinking and problem solving

• Create a team environment where members embrace change and adopt new practices

• Stay engaged with team members through 1:1s, rounding, and performance review activities

Growth

• Monitor developments in related industries and communicate on the potential impact on or applicability to the organization

• Build rapport, credibility, and cohesion within IPS and with other stakeholders across the enterprise

• Participate in educational opportunities to build and maintain team knowledge of evolving risk, information security, and privacy concepts

Finance:

• Responsible for ensuring proposed future work efforts/projects are appropriately captured with labor and spend estimates and submitted for leadership prioritization and funding

Other Skills/Duties

• Delegation: Delegate responsibility and accountability for major work and decision making, based on clear criteria of staff competency and interest

• Developing People: Provide timely constructive feedback and coaching that facilitates improvement and builds self-esteem

• Leading others/Motivating: Determine and direct agendas for others. Lead by collaboration and facilitating areas of responsibility. Demonstrate awareness of how to use other leadership styles

• Performance Management: For own team members, establish mutual objectives and targets; develop and maintain system for team performance measurement and feedback

• Ability to effectively manage multiple priorities in a fast-paced environment

• Creative thinker, always looking for a “better way” to deliver value; not stopped or discouraged by adversity

• Ability to elicit cooperation from a wide variety of resources, including peers, IPS management, other business units, and company leadership

• Knowledge of HIPPA and other healthcare security and data protection regulations

Knowledge, Skills, Abilities, Behaviors:

• Service and Quality Excellence: Ability to demonstrate an uncompromising commitment to delivering exceptional care to create an unmatched value proposition for our patients. Required

• Honor our Mission and Values: Ability to build trust and act with authenticity to cultivate a culture of integrity, inclusion, and mutual respect. Required

• Effective Decision Making: Ability to make timely, informed decisions that are in the best interest of our patients, employees, providers, community and HCA. Required

• Attain and Leverage Strategic Relationships: Ability to develop and strengthen collaborative relationships with both internal and external stakeholders to advance the care of our patients and the growth of HCA. Required

• Lead and Develop Others: Ability to lead others to accomplish organizational goals and objectives; provide meaningful coaching and mentoring to increase the capabilities of individuals and teams and drive employee engagement. Required

• Communicate with Impact: Ability to deliver information in a clear, concise, and compelling manner to effectively engage others and achieve desired results. Required

• Achieve Success through Change: Ability to identify opportunities for improvement and innovation, remove barriers and resistance, and enable desired behaviors. Required

• Drive Execution and Financial Results: Ability to commit to the success and financial wellbeing of HCA by challenging others to excel and hold themselves and others accountable for achieving results. Required

Education & Experience:

• Bachelor's degree Required

• Master's degree Preferred

• 3+ years of experience in a leadership role Required

• 7+ years of experience in information technology, information security, privacy, and/or healthcare Required

Licenses, Certifications & Training:

• CISSP Preferred

• HCISPP Preferred

Additional Information:

• Candidate must reside in or be willing to relocate to the Greater Nashville, TN area Required

HCA Healthcare (Corporate) , based in Nashville, Tennessee, supports a variety of corporate roles from business operations to administrative positions. Like our colleagues in any HCA Healthcare hospital, our corporate campus employees enjoy unparalleled resources and opportunities to reach their potential as healthcare leaders and innovators. From market rate compensation to continuing education and career advancement opportunities , every person has a solid foundation for success. Nashville is also home to our Executive Development Program , where exceptional employees are groomed to take on CNO- and COO-level roles in our hospitals. This selective program focuses on ethics, leadership and the financial and clinical knowledge required of professionals at this level of the industry.

HCA Healthcare has been recognized as one of the World's Most Ethical Companies® by the Ethisphere Institute more than ten times. In recent years, HCA Healthcare spent an estimated $3.7 billion in cost for the delivery of charitable care, uninsured discounts, and other uncompensated expenses.

"There is so much good to do in the world and so many different ways to do it."- Dr. Thomas Frist, Sr.

HCA Healthcare Co-Founder

Be a part of an organization that invests in you! We are reviewing applications for our Director of IPS Risk Management opening. Qualified candidates will be contacted for interviews. Submit your application and help us raise the bar in patient care!

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.