Company :

Highmark Health

Job Description :

JOB SUMMARY

This job directs the core risk & compliance operations of the Highmark Health enterprise, including subsidiaries and affiliates. Partnering with organizational risk and business partners, the technology organization, and global delivery teams, the incumbent is accountable for defining, directing, and overseeing the effective and compliant implementation of operational risk (business continuity, disaster recover, and crises preparedness), records, and information management programs, including global delivery compliance and privacy operations. In addition, this leader has responsibility for policy oversight & governance, training compliance, business conduct, and supporting issue corrective action and remediation. Finally, this leader has responsibility for oversight of the enterprise’s third-party risk management program and ensuring compliance with regulatory guidance and minimizing risk. The incumbent must have a proactive mindset and approach, and feel comfortable working in a highly matrixed environment.

ESSENTIAL RESPONSIBILITIES

• Perform management responsibilities to include, but are not limited to: involved in hiring and termination decisions, coaching and development, rewards and recognition, performance management and staff productivity.Plan, organize, staff, direct and control the day-to-day operations of the department; develop and implement policies and programs as necessary; may have budgetary responsibility and authority.

• Directs and oversees the core risk and compliance operational functions of the organization, including but not limited to, policy administration, conflict of interest management, and – in partnership with Enterprise Learning & Development - risk & compliance education and training.

• Develop and oversee the organization's comprehensive third-party risk management program, including vendor selection, due diligence, ongoing monitoring, and remediation of identified risks, ensuring compliance with relevant regulations and industry best practices.

• Leads the overall design, development and initiation of the Organization's response to a business interruption.Includes the leadership of immediate response teams that have critical decisions to ensure business continuity for all of the Organization's insurance companies. Keeps executive management informed of any events and solicit their feedback when necessary.Communicates the results of the business resiliency process to the Audit Committee of the Board when necessary.

• Directs and leads team collaborating with business leadership to develop, maintain and test their continuity plans and obtains feedback to strengthen the planning process.Collaborates to integrate business impact analysis and business resiliency risk assessment outcomes into enterprise continuity planning documents.

• Directs and oversees program to implement the organization records and information management (RIM) policy, retention schedule, and procedures and assure consistent application across the enterprise, including the formalization of records destruction practices and assisting with oversight of record destruction activities to ensure consistent and systematic operationalization against internal policies and technical standards.

• Partners with business and operational units to remediate compliance findings identified in internal and external examinations and audits. Provide comprehensive risk-based solutions to complex problems or issues cited within regulatory reviews.

• Other duties as assigned or requested.

EDUCATION

Required

• Bachelor's Degree in Accounting, Finance, Business Administration/Management, Information Technology, Pre-Law, Computer,Information Science or Related Field

Substitutions

• 6 years of related and progressive experience in lieu of Bachelor's degree

Preferred

• Master's Degree in Accounting, Finance, Business Administration/Management, Information Technology, Pre-Law, Computer,Information Science or Related Field

• Juris Doctorate

EXPERIENCE

Required

• 5 years of overseeing privacy, risk, resiliency, and/or compliance teams

To include:

• 5 years leadership roles, preferably in an Audit, Privacy, Resiliency, or Compliance discipline in a Healthcare or Healthcare-related industry

• 5 years of Interacting with regulators, auditors, and oversight bodies

Preferred

• None

LICENSES or CERTIFICATIONS

Required

• None

Preferred

(Any of the Following)

• Certified Public Accountant (CPA)

• Cyber-security and Infrastructure Security Agency (CISA)

• Certified Information Privacy Professional (CIPP)

SKILLS

• Demonstrate expert knowledge of business and technology processes, risk and control frameworks, and assessment methodologies, particularly as applied to healthcare (payer and provider) business processes

• Excellent resource and project planning capabilities, decision making skills, history of results-oriented delivery, and effective team building across a cross-campus and diverse team of management and staff

• Strong written and verbal communication skills for diverse audiences (senior management, board, peer, and team)

• Strong relationship building skills and ability to influence with and without authority in a matrixed organization

• Highly developed leadership qualities with an ability to motivate and inspire a group of individuals to achieve superior results

• High capacity to think analytically, interpret information / observations, apply judgment and make effective, strategic decisions

Language (Other than English):

None

Travel Requirement:

0% - 25%

PHYSICAL, MENTAL DEMANDS and WORKING CONDITIONS

Position Type

Office-based

Teaches / trains others regularly

Frequently

Travel regularly from the office to various work sites or from site-to-site

Rarely

Works primarily out-of-the office selling products/services (sales employees)

Never

Physical work site required

Yes

Lifting: up to 10 pounds

Constantly

Lifting: 10 to 25 pounds

Rarely

Lifting: 25 to 50 pounds

Never

Disclaimer: The job description has been designed to indicate the general nature and essential duties and responsibilities of work performed by employees within this job title. It may not contain a comprehensive inventory of all duties, responsibilities, and qualifications required of employees to do this job.

Compliance Requirement : This job adheres to the ethical and legal standards and behavioral expectations as set forth in the code of business conduct and company policies.

As a component of job responsibilities, employees may have access to covered information, cardholder data, or other confidential customer information that must be protected at all times. In connection with this, all employees must comply with both the Health Insurance Portability Accountability Act of 1996 (HIPAA) as described in the Notice of Privacy Practices and Privacy Policies and Procedures as well as all data security guidelines established within the Company’s Handbook of Privacy Policies and Practices and Information Security Policy.

Furthermore, it is every employee’s responsibility to comply with the company’s Code of Business Conduct. This includes but is not limited to adherence to applicable federal and state laws, rules, and regulations as well as company policies and training requirements .

Highmark Health and its affiliates prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities and prohibit discrimination against all individuals based on any category protected by applicable federal, state, or local law.

We endeavor to make this site accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact the email below.

For accommodation requests, please contact HR Services Online at HRServices@highmarkhealth.org

California Consumer Privacy Act Employees, Contractors, and Applicants Notice

Req ID: J260458