JOB SUMMARY
***This is a hybrid role and will require you to be onsite at our Pittsburgh, PA location 3 days a week (Tuesdays, Wednesdays, & Thursdays).
This role supports the strategic activities for the organization, including (i) maintenance of the enterprise risk taxonomy, (ii) documentation of the enterprise risk profile, and appetite/tolerance; (iii) documentation of risk assessments and mitigation strategies; (iv) emerging risk evaluation; (v) completion of compliance / regulatory certifications and filings; and (vi) contribution to the annual audit + compliance plan. As senior members of the Enterprise Risk Strategy Department, this role supports stakeholders by providing objective risk analysis through a quantitative process that links risks to the enterprise risk appetite, including the development of risk stress scenarios using internal and external resources.
ESSENTIAL RESPONSIBILITIES
Strategic Initiative Support and Delivery: Directly supports the Director - Enterprise Risk Strategy in contributing and leading discussions with individuals across the Enterprise Risk & Governance (ER&G) division, as well as relevant business owners to implement the strategy program / workflow that directly impacts high priority, Executive Leadership Team (ELT)-qualified initiatives, including but not limited to:
(i) ELT qualified requests of CRO;
(ii) support of due diligence efforts for Mergers & Acquisitions;
(iii) support of enterprise strategic initiatives.
Audit, Risk, and Compliance Strategy & Planning: Directly supports the Director - Enterprise Risk Strategy and the Director - Risk Initiatives with the development of key strategic, administrative and mandated deliverables (e.g. annual audit planning), including but not limited to the following:
(i) Annual ERM threat assessment;
(ii) Contribution to payor or provider compliance plans in coordination with Strategic Risk Partners, Risk Operations, and Risk Enablement;
(iii) Audit Plan Development in coordination with Internal Audit, Risk Operations, and Risk Enablement;
(iv) Monitoring and tracking of the delivery of all risk activities for Highmark Health, AHN, including internal and external audit progress, privacy matters, risk and compliance reporting, and the impacts of new and changing laws, regulations, and contractual obligations.
Enterprise Risk Strategy Implementation + Reporting: Lead in the identification and assessment of risks, create decisioning frameworks to treat risks, implement measures to modify risk(s), and detect / respond to risk(s), including but not limited to:
(i) Development and maintenance of enterprise risk taxonomy;
(ii) Evaluation and development of enterprise risk appetite and profile alignment;
(iii) Oversight and submission of regulatory risk filings (e.g. ORSA reporting);
(iv) Cascading enterprise risk appetite into business case templates and project management frameworks across Highmark Health;
Risk Modeling: Contributes to the development of advanced models used to quantify risks to inform Audit Committee and/or senior management deliverables.
Communication and Oversight: Establishes and maintains relationships with business owners, provide coaching and guidance to Risk Strategy Analysts, brings knowledge sharing and best practices to the risk function, and demonstrates ability to apply a thorough understanding of Highmark's complex business processes and environment, including visualizing and developing solutions to highly complex problems and issues.
Other duties as assigned or requested.
EDUCATION
Required
Bachelor's Degree in Finance, Business, Public Policy Healthcare, Information Technology, Information Security or related field
Substitutions
Related and progressive experience in lieu of Bachelor's degree
Preferred
Master's Degree in Finance, Business, Public Policy Healthcare, Information Technology, Information Security or related field
EXPERIENCE
Required
5 years in Compliance, Quality, Public Policy, Government Affairs, Project Management, Healthcare Operations or Law
Preferred
3 years in Information Security Analysis or Information Risk Management
3 years in Privacy Analysis, Privacy Risk Management and working in and understanding regulatory environment
LICENSES or CERTIFICATIONS
Required
None
Preferred
None
SKILLS
Strong documentation and reporting skills
Strong written and oral communication skills
Presenting compliance and quality issues to senior audiences
Demonstrated client relationship, influencing, and teamworking skills
Strong quantitative and analytical skills
Self-starter with the ability to work under pressure independently or as a part of a team
Language (Other than English):
None
Travel Requirement:
0% - 25%
PHYSICAL, MENTAL DEMANDS and WORKING CONDITIONS
Position Type
Office-based
Teaches / trains others regularly
Occasionally
Travel regularly from the office to various work sites or from site-to-site
Rarely
Works primarily out-of-the office selling products/services (sales employees)
Never
Physical work site required
Yes
Lifting: up to 10 pounds
Constantly
Lifting: 10 to 25 pounds
Occasionally
Lifting: 25 to 50 pounds
Rarely
Disclaimer: The job description has been designed to indicate the general nature and essential duties and responsibilities of work performed by employees within this job title. It may not contain a comprehensive inventory of all duties, responsibilities, and qualifications required of employees to do this job.
Compliance Requirement: This job adheres to the ethical and legal standards and behavioral expectations as set forth in the code of business conduct and company policies.
As a component of job responsibilities, employees may have access to covered information, cardholder data, or other confidential customer information that must be protected at all times. In connection with this, all employees must comply with both the Health Insurance Portability Accountability Act of 1996 (HIPAA) as described in the Notice of Privacy Practices and Privacy Policies and Procedures as well as all data security guidelines established within the Company’s Handbook of Privacy Policies and Practices and Information Security Policy.
Furthermore, it is every employee’s responsibility to comply with the company’s Code of Business Conduct. This includes but is not limited to adherence to applicable federal and state laws, rules, and regulations as well as company policies and training requirements.
Highmark Health and its affiliates prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities and prohibit discrimination against all individuals based on any category protected by applicable federal, state, or local law.
We endeavor to make this site accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact the email below.
For accommodation requests, please contact HR Services Online at HRServices@highmarkhealth.org
California Consumer Privacy Act Employees, Contractors, and Applicants Notice