• Senior Monitoring Analyst

    Highmark Health (Pittsburgh, PA)


    Company :

    Highmark Health

    Job Description :

    JOB SUMMARY

    This job performs governance, risk, and compliance (GRC) risk monitoring and executes risk treatment processes and activities. This includes monitoring, tracking, and reporting on risk across second line of defense functions (i.e., privacy, compliance, information security, quality, legal) and supporting a broad range of frameworks including NIST, HITRUST, PCI, HIPAA, SOC, MAR, CMS, JCAHO, NCQA, the BCBSA, etc. The incumbent is responsible for executing continuous monitoring of enterprise policies, standards, procedures/controls, business continuity/disaster recovery plans, etc. aimed to detect, prevent, and respond to risks across the enterprise risk taxonomy. Develops and oversees suite of multi-disciplinary risk monitoring reports. Applies risk decisioning criteria and exception handling criteria, and ensures risk treatment solutions are delivered according to contractual and other service-level obligations. Leads implementation and monitoring of corrective action measures based on internal or external audits/examinations. Seeks input on quality and effectiveness of own work while also takes responsibility to review the work of others for quality, adherence to standard practices and procedures, and to determine the realization of measurable risk treatment outcomes. May take on role project leadership roles for special assignments. Assists with mentoring less experienced team members. Has a proactive mindset and approach and feels comfortable working in a highly matrixed environment.

    ESSENTIAL RESPONSIBILITIES

    + Develops and executes a monitoring function intended to prevent, detect, and respond to risks, in partnership with business units and Senior Risk Partner (SRPs).Works with business units and other ERG constituents to prioritize monitoring activities.

    + Develops programs and executes reporting and monitoring activities pertaining to known issues as well as threat and vulnerability scan reporting on applications, networks, operating systems, etc. to identify risk.

    + Monitors current compliance environment including corporate policies and procedures and other rules and regulations through trend and other data analysis.Leads creation and adoption of ad-hoc and other reports pulling data from various sources and/or run system reports.Conducts complex analysis on reports and data sets to ensure systems and/or results meet expected thresholds/tolerances.

    + Monitors Corrective Action / Remediation Plans, as necessary;reviews and analyzes results against expectations/benchmarks and communicates outcomes to management including Senior Risk Partners (SRPs). Applies relevant reporting and data analysis techniques to all work products.

    + Executes against and provides ongoing feedback on risk treatment methodology in partnership with Risk Strategy (avoid, accept, transfer, mitigate).Collaborates with other areas of Risk Operations to prioritize, to escalate, and to improve risk intelligence and risk assessment activities.

    + Researches, creates, and implements novel approaches to training and education on GRC process automation, reporting, and monitoring.Contributes to knowledge management repositories and other communities of practice.

    + Other duties as assigned or requested.

    EDUCATION

    Required

    + Bachelor's Degree in Accounting, Business, Computer Science, Data Science, Finance, IT or related field

    Substitutions

    + 6 years of related and progressive experience in lieu of Bachelor's degree

    Preferred

    + None

    EXPERIENCE

    Required

    + 5 years with governance, risk, and compliance technology or related reporting and monitoring experience, preferably with the Archer GRC suite and/or in a healthcare or healthcare related industry, with increasing responsibility.

    + 3 years of interacting with regulators, auditors, and oversight bodies

    Preferred

    + 3 years of report design, multi-disciplined data aggregation and analysis

    + 3 years of continuous controls and process monitoring

     

    LICENSES or CERTIFICATIONS

    Required

    + None

    **Preferred** (any of the following)

    + Certified Public Accountant (CPA)

    + Certified Information Systems Auditor (CISA)

    + Juris Doctorate (JD)

    + Certified Information Privacy Professional (CIPP)

    SKILLS

    + Strong knowledge of business and technology processes, risk and control frameworks, and assessment methodologies, particularly as applied to healthcare (payer and provider) business processes

    + Strong knowledge of how to leverage technologies to drive efficient and effective GRC processes across payor/provider industries

    + Demonstrated resource and project planning capabilities, decision making skills, history of results-oriented delivery, and effective team work across a global and diverse team of staff

    + Strong written and verbal communication skills for diverse audiences (senior management, board, peer, and team)

    + Strong relationship building skills and ability to influence with and without authority in a matrixed organization

    + Demonstrated leadership qualities with an ability to motivate and inspire a group of individuals to achieve superior results

    Language (Other than English):

    None

    Travel Requirement:

    0% - 25%

     

    PHYSICAL, MENTAL DEMANDS and WORKING CONDITIONS

    Position Type

    Office-based

     

    Teaches / trains others regularly

     

    Occasionally

     

    Travel regularly from the office to various work sites or from site-to-site

     

    Rarely

     

    Works primarily out-of-the office selling products/services (sales employees)

     

    Never

     

    Physical work site required

     

    Yes

     

    Lifting: up to 10 pounds

     

    Constantly

     

    Lifting: 10 to 25 pounds

     

    Occasionally

     

    Lifting: 25 to 50 pounds

    Rarely

    **_Disclaimer:_** _The job description has been designed to indicate the general nature and essential duties and responsibilities of work performed by employees within this job title. It may not contain a comprehensive inventory of all duties, responsibilities, and qualifications required of employees to do this job._

    **_Compliance Requirement_** _: This job adheres to the ethical and legal standards and behavioral expectations as set forth in the code of business conduct and company policies._

     

    _As a component of job responsibilities, employees may have access to covered information, cardholder data, or other confidential customer information that must be protected at all times. In connection with this, all employees must comply with both the Health Insurance Portability Accountability Act of 1996 (HIPAA) as described in the Notice of Privacy Practices and Privacy Policies and Procedures as well as all data security guidelines established within the Company’s Handbook of Privacy Policies and Practices and Information Security Policy._

     

    _Furthermore, it is every employee’s responsibility to comply with the company’s Code of Business Conduct. This includes but is not limited to adherence to applicable federal and state laws, rules, and regulations as well as company policies and training requirements._

     

    Highmark Health and its affiliates prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities and prohibit discrimination against all individuals based on any category protected by applicable federal, state, or local law.

     

    We endeavor to make this site accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact the email below.

     

    For accommodation requests, please contact HR Services Online at [email protected]

     

    California Consumer Privacy Act Employees, Contractors, and Applicants Notice

     

    Req ID: J272339