Senior Compliance Analyst
Company: Highmark Health
Location: Boise
Posted on: January 26, 2023
|
|
Job Description:
**Company :**Highmark Inc.**Job Description :****JOB
SUMMARY**This job works collaboratively to support of all risk and
compliance assessment activities of Highmark Health across a broad
range of frameworks including NIST, HITRUST, PCI, HIPAA, SOC, MAR,
CMS, JCAHO, etc. The incumbent will partner with the organizational
risk and business partners, the technology organization, and global
delivery teams to meet Highmark Health's mission requirements in a
manner consistent with the enterprise risk appetite. This
individual must have a proactive mindset and approach, and feel
comfortable working in a highly matrixed environment.**ESSENTIAL
RESPONSIBILITIES**+ Plan and conduct risk assessment activities
according to the appropriate framework, including but not limited
to NIST, HITRUST, PCI, HIPAA, SOC, MAR, CMS, JCAHO, in order to
identify, assess, prioritize, evaluate and address financial,
information security, privacy, and other areas of risk.Prepare
draft reports and other management reporting deliverables.Review
all work prepared by less experienced team members to ensure audit
quality standards are consistently met in all forms of
documentation.+ Review and interpret inherent risk assessment
results, engagement risks, and developassurance plans (e.g.,
on-site audit, contract review, financials assessment, purchasing
data analysis) to address relevant risk areas and to ensure proper
controls are implemented.Accountable for the review and
interpretation of authoritative guidance (including, but not
limited to NIST, HITRUST, PCI, HIPAA, SOC, MAR, CMS, JCAHO reports)
and performs qualitative and quantitative impact assessments based
on physical, technical, and administrative safeguards as well as
contractual requirements; conducts additional information gathering
and risk assessments as-needed; documents and reports results.+
Lead development of project plans to support risk assessment and
decisioning in coordination with business owners and other
stakeholders within task-based budgets.Collaborate and communicate
with Information Security, Privacy, Procurement, Audit, Compliance,
and other teams across the Enterprise to align risk management
objectives, practices and procedures.+ Interface with business
areas, technical staff, project teams, and third parties to execute
cross-functional risk assurance projects. Lead the communication of
assessment results and findings with multiple stakeholder groups
and provides consultation and direction throughout.+ Interpret
complex data flow/ information sharing activities, customer
integrations, and information safeguards into simplified and
high-level terminology and/or process/data flows.Maintains risk
management reporting dashboards in RSA Archer applications in order
to keep information complete, accurate, and current.Prepare and
assist with the delivery of risk assurance reports to management.+
Ensure risk questionnaires and other risk assessments are
distributed and completed on-time and prepares initial impact
assessments.Ensure compliance requirements are met across the
Enterprise.Assist in training and mentoring team members on
multi-faceted engagements, platform customer dependencies, and
interpretation of complex contract agreements.+ Collaborate with
lead in providing input and consultation on risk and assurance
reporting.Collaborate and consult with other areas (e.g.,
Procurement, Privacy, Information Security, Legal) throughout the
engagement lifecycleAssist in providing timely feedback on
interpretations regarding authoritative guidance.+ Proactively
reviews updates made to departmental desk-level procedures, risk
assessment methodology, assessment procedures, questionnaires,
training, etc. and is responsible for monitoring compliance with
departmental metrics, internal control activities, contractual
obligations, regulatory requirements, and responding to customer
inquiries / audits.+ Other duties as assigned or
requested**EDUCATION****Required**+ Bachelor's Degree in
Accounting, Finance, Business Administration/Management,
Information Technology, Pre-Law, or related field**Substitution**
**s**+ 6 years of related and progressive experience in lieu of
Bachelor's degree**Preferred**+ Master's Degree in Accounting,
Finance, Business Administration/Management, Information
Technology, Pre-Law, or related field**EXPERIENCE****Required**+ 5
years in Audit and ComplianceTo Include:+ 3 years of Business
Process Design+ 3 years of Project Management?**Preferred**+
None**LICENSES or CERTIFICATIONS****Required**+ None**Preferred**
(any of the following)+ Certified Public Accountant (CPA)+
Certified Information Systems Analyst (CISA)+ Certified Information
Privacy Professional (CIPP)+ Certified Information Systems Security
Professional (CISSP)**SKILLS**+ Demonstrate expert knowledge of
business and technology processes, risk and control frameworks, and
assessment methodologies, particularly as applied to healthcare
(payer and provider) business processes.+ Knowledge of relevant
regulatory guidelines, vendor management, sourcing and procurement,
and completing assessments of vendors+ Excellent resource and
project planning capabilities, decision making skills, history of
results-oriented delivery, and effective team building across a
cross-campus and diverse team of management and staff.+ Strong
written and verbal communication skills for diverse audiences
(senior management, board, peer, and team).+ Strong relationship
building skills and ability to influence with and without authority
in a matrixed organization.+ Leadership qualities with an ability
to motivate and inspire a group of individuals to achieve superior
results.+ High capacity to think analytically, interpret
information / observations, apply judgment and make effective,
strategic decisions.**Language (Other than English):**None**Travel
Requirement:**0% - 25%**PHYSICAL, MENTAL DEMANDS and WORKING
CONDITIONS****Position Type**Office-basedTeaches / trains others
regularlyOccasionallyTravel regularly from the office to various
work sites or from site-to-siteRarelyWorks primarily out-of-the
office selling products/services (sales employees)NeverPhysical
work site requiredYesLifting: up to 10 poundsConstantlyLifting: 10
to 25 poundsOccasionallyLifting: 25 to 50
poundsRarely**_Disclaimer:_** _The job description has been
designed to indicate the general nature and essential duties and
responsibilities of work performed by employees within this job
title. It may not contain a comprehensive inventory of all duties,
responsibilities, and qualifications required of employees to do
this job._**_Compliance Requirement_** _: This job adheres to the
ethical and legal standards and behavioral expectations as set
forth in the code of business conduct and company policies.__As a
component of job responsibilities, employees may have access to
covered information, cardholder data, or other confidential
customer information that must be protected at all times. In
connection with this, all employees must comply with both the
Health Insurance Portability Accountability Act of 1996 (HIPAA) as
described in the Notice of Privacy Practices and Privacy Policies
and Procedures as well as all data security guidelines established
within the Company's Handbook of Privacy Policies and Practices and
Information Security Policy.__Furthermore, it is every employee's
responsibility to comply with the company's Code of Business
Conduct. This includes but is not limited to adherence to
applicable federal and state laws, rules, and regulations as well
as company policies and training requirements._**Pay Range
Minimum:**$67,500.00**Pay Range Maximum:**$124,800.00_Base pay is
determined by a variety of factors including a candidate's
qualifications, experience, and expected contributions, as well as
internal peer equity, market, and business considerations. The
displayed salary range does not reflect any geographic differential
Highmark may apply for certain locations based upon comparative
markets._Highmark Health and its affiliates prohibit discrimination
against qualified individuals based on their status as protected
veterans or individuals with disabilities, and prohibit
discrimination against all individuals based on their race, color,
age, religion, sex, national origin, sexual orientation/gender
identity or any other category protected by applicable federal,
state or local law. Highmark Health and its affiliates take
affirmative action to employ and advance in employment individuals
without regard to race, color, age, religion, sex, national origin,
sexual orientation/gender identity, protected veteran status or
disability.EEO is The LawEqual Opportunity Employer
Minorities/Women/Protected Veterans/Disabled/Sexual
Orientation/Gender Identity (
_https://www.eeoc.gov/sites/default/files/migrated\_files/employers/poster\_screen\_reader\_optimized.pdf_
)We endeavor to make this site accessible to any and all users. If
you would like to contact us regarding the accessibility of our
website or need assistance completing the application process,
please contact number below.For accommodation requests, please
contact HR Services Online at
HRServices@highmarkhealth.orgCalifornia Consumer Privacy Act
Employees, Contractors, and Applicants NoticeReq ID: J220457
Keywords: Highmark Health, Boise , Senior Compliance Analyst, Professions , Boise, Idaho
Click
here to apply!
|