Senior Risk & Compliance Analyst

Duration: 12 Months

• This job works collaboratively to support all risk and compliance assessment activities across a broad range of frameworks including NIST, HITRUST, PCI, HIPAA, SOC, MAR, CMS, JCAHO, etc.  The incumbent will partner with the organizational risk and business partners, the technology organization, and global delivery teams to meet clients mission requirements in a manner consistent with the enterprise risk appetite. This individual must have a proactive mindset and approach and feel comfortable working in a highly matrixed environment. 
• The focus of work will be in the Telephone Consumer Protection Act (TCPA) space.           

Essential Responsibilities:

• Plan and conduct risk assessment activities according to the appropriate framework, including but not limited to NIST, HITRUST, PCI, HIPAA, SOC, MAR, CMS, JCAHO, in order to identify, assess, prioritize, evaluate and address financial, information security, privacy, and other areas of risk.  Prepare draft reports and other management reporting deliverables.
• Review all work prepared by less experienced team members to ensure audit quality standards are consistently met in all forms of documentation.
• Review and interpret inherent risk assessment results, engagement risks, and develop assurance plans (e.g., on-site audit, contract review, financials assessment, purchasing data analysis) to address relevant risk areas and to ensure proper controls are implemented.  Accountable for the review and interpretation of authoritative guidance (including, but not limited to NIST, HITRUST, PCI, HIPAA, SOC, MAR, CMS, JCAHO reports) and performs qualitative and quantitative impact assessments based on physical, technical, and administrative safeguards as well as contractual requirements; conducts additional information gathering and risk assessments as needed, documents and reports results.
• Lead development of project plans to support risk assessment and decisioning in coordination with business owners and other stakeholders within task-based budgets.  Collaborate and communicate with Information Security, Privacy, Procurement, Audit, Compliance, and other teams across the Enterprise to align risk management objectives, practices and procedures.
• Interface with business areas, technical staff, project teams, and third parties to execute cross-functional risk assurance projects.
• Lead the communication of assessment results and findings with multiple stakeholder groups and provides consultation and direction throughout.
• Interpret complex data flow/ information sharing activities, customer integrations, and information safeguards into simplified and high-level terminology and/or process/data flows. 
• Maintains risk management reporting dashboards in RSA Archer applications in order to keep information complete, accurate, and current. 
• Prepare and assist with the delivery of risk assurance reports to management.
• Ensure risk questionnaires and other risk assessments are distributed and completed on time and prepare initial impact assessments. 
• Ensure compliance requirements are met across Enterprise. 
• Assist in training and mentoring team members on multi-faceted engagements, platform customer dependencies, and interpretation of complex contract agreements.
• Collaborate with lead in providing input and consultation on risk and assurance reporting. 
• Collaborate and consult with other areas (e.g., Procurement, Privacy, Information Security, Legal) throughout the engagement lifecycle.
• Assist in providing timely feedback on interpretations regarding authoritative guidance.
• Proactively reviews updates made to departmental desk-level procedures, risk assessment methodology, assessment procedures, questionnaires, training, etc. and is responsible for monitoring compliance with departmental metrics, internal control activities, contractual obligations, regulatory requirements, and responding to customer inquiries / audits.
• Other duties as assigned or requested.

Required Qualifications:

• Required: Bachelor’s degree in accounting, Finance, Business Administration/Management, Information Technology, Pre-Law, or related field 6 years of related and progressive experience in lieu of Bachelor's degree
• 5 years in Audit and Compliance
• 3 years of Business Process Design
• 3 years of Project Management
• Must have experience with telecommunication compliance law.
• Demonstrate expert knowledge of business and technology processes, risk and control frameworks, and assessment methodologies, particularly as applied to healthcare (payer and provider) business processes.
• Knowledge of relevant regulatory guidelines, vendor management, sourcing and procurement, and completing assessments of vendors
• Excellent resource and project planning capabilities, decision making skills, history of results-oriented delivery, and effective team building across a cross-campus and diverse team of management and staff.
• Strong written and verbal communication skills for diverse audiences (senior management, board, peer, and team).
• Strong relationship building skills and ability to influence with and without authority in a matrixed organization.
• Leadership qualities with an ability to motivate and inspire a group of individuals to achieve superior results.
• High capacity to think analytically, interpret information / observations, apply judgment and make effective, strategic decisions.

Preferred Qualifications:

• Master’s degree in accounting, Finance, Business Administration/Management, Information Technology, Pre-Law, or related field
• Certified Public Accountant (CPA)
• Certified Information Systems Analyst (CISA)
• Certified Information Privacy Professional (CIPP)
• Certified Information Systems Security Professional (CISSP