Company :Highmark HealthJob Description : 

JOB SUMMARY

This job is accountable for the direction and implementation for the technology component of the comprehensive, risk-based information systems audit, advisory, and compliance plan for the Highmark Health enterprise board-approved annual audit plan.  Interacts with a wide spectrum of stakeholders including, but not limited to, executive leadership, the Highmark Health audit committee, subsidiary boards of directors, state and federal governments, external auditors, employer groups, and partner plan customers. Partnering closely with senior operational and technology business leaders, ensures that the respective risk management and compliance programs address applicable laws, rules, regulations and relevant business risks as well as corporate requirements, recommending and/or implementing improvements in line with corporate standards, applicable regulations, and/or best practice frameworks. Has oversight of the data analytics function supporting government compliance activities and the audit plan. All employees must comply with the Health Insurance Portability Accountability Act of 1996 (HIPAA) as it pertains to disclosures of protected health information (PHI) as described in the Notice of Privacy Practices and Privacy Policies and Procedures. As a component of job roles and responsibilities, employees in this role may have access to covered information, cardholder data, or other confidential customer information which must be protected at all times.  In connection with this responsibility, employees in this role must adhere to all data security guidelines established within the Company’s Handbook of Privacy Policies and Practices and Information Security Policy.

ESSENTIAL RESPONSIBILITIES

Perform management responsibilities to include, but are not limited to: involved in hiring and termination decisions, coaching and development, rewards and recognition, performance management and staff productivity.  Plan, organize, staff, direct and control the day-to-day operations of the department; develop and implement policies and programs as necessary; may have budgetary responsibility and authority.Define and coordinate the IT audit and advisory process with key organizational leaders and review and establish a program to ensure the quality of work performed consistently meets Institute of Internal Auditor (IIA) and Information Systems Audit and Control Association (ISACA) guidelines.   Review draft audit reports and ensure a process is in place for audit leads and managers to agrees the findings and proposed actions with business owners. Prepare materials and present  to senior and executive management, the Highmark Health Audit Committee, and subsidiary boards of directors as required.Collaborate with internal assurance partners to ensure that risk assessment and audit activities consider relevant regulatory requirements and industry standards.  Proactively identify areas requiring attention or strengthening and work collaboratively with business and technology management to implement improvements in line with corporate standards, applicable regulations, and/or best practice frameworks.Involvement in strategic projects and initiatives through the provision of risk, control and governance consultancy. Provide proactive risk, control and governance counsel to business leadership as required.   Interact with and must be able to influence senior management and matrix partners on matters of significance.Evaluate efficiency and cost effectiveness of audit processes; recommend changes to auditing policies, procedures and programs as needed. Responsible for advising of the development and support of the suite of applications used by both Technology and Operational Audit and Advisory, the primary of which is Archer, as well as developing a long term Information Technology strategy and roadmap for the collective Technology and Operational Audit & Advisory departments.Participate in  Information technology and security risk assessment processes with enterprise-wide senior leadership, identifying key strategic and operational risks. Leveraging the risk assessment outcomes, collaboratively develop the comprehensive, annual, Internal Audit plan with other senior leaders in the Enterprise Risk & Governance department for presentation to and approval from the Highmark Health Audit Committee of the Board of Directors.  Participate in industry-related forums and training activities to stay current with risk management practices, assurance and attest practices, and specialized technology subject matter risks (e.g. cybersecurity, data governance, etc.).Other duties as assigned or requested.

EDUCATION

Required

Bachelor's Degree in  Accounting, Finance, Business Administration, Information Technology, Computer Science, or relevant experience and/or education as determined by the company in lieu of bachelor's degree.  

Preferred

None

EXPERIENCE

Required

10 years of Information Systems auditing OR combination of experience in audit and an Information Systems related discipline, such as Information Security, Change Management, Systems Development, etc., with increasing responsibility3 years in a management or leadership role, preferably in an Audit or Information Systems discipline in a Healthcare or Healthcare-related industry

Preferred

Familiarity with a wide variety of computer application platforms, including but not limited to: Oracle, SQL Server, DB2, RACF, Linux, and Windows.Cybersecurity/ IT risk assurance expertiseExperience with Archer Governance, Risk, and Compliance (GRC) suite of products

LICENSES or CERTIFICATIONS

Required

None

Preferred

Certified Information System Auditor (CISA)

Certified Internal Auditor (CIA)

Certified Public Accountant (CPA)

SKILLS

Demonstrate expert knowledge of processes, risk and control frameworks, and audit methodology relating to Information Technology, Information Security, Cybersecurity, System Implementations, and Data Privacy, particularly as applied to application and infrastructure security/controls and the application of technology to support operational control in healthcare (payer and provider) business processesDemonstrate expert ability to apply risk-based auditing techniques to the evaluation of systems environments and processes (i.e., data center operations, information security, input, output and processing controls, back-up and recovery, business contingency planning, systems development, and the implementation of advanced technologies)Excellent resource and project planning capabilities, decision making skills, history of results-oriented delivery, and effective team building across a cross-campus and diverse team of management and staffStrong written and verbal communication skills for diverse audiences (senior management, board, peer, and team)Strong relationship building skills and ability to influence with and without authority in a matrixed organizationHighly developed leadership qualities with an ability to motivate and inspire a group of individuals to achieve superior resultsHigh capacity to think analytically, interpret information / observations, apply judgment and make effective, strategic decisionsAbility to interact, build credibility and long-term relationships with senior management to understand the company’s culture, strategic direction, and goalsAbility to manage multiple projects, meet deadlines while ensuring quality and exceeding client expectations

Language (Other than English):

None

Travel Requirement:

0% - 25%

PHYSICAL, MENTAL DEMANDS and WORKING CONDITIONS

Position Type

Office-based

Teaches / trains others regularly

Frequently

Travel regularly from the office to various work sites or from site-to-site

Rarely

Works primarily out-of-the office selling products/services (sales employees)

Never

Physical work site required

No

Lifting: up to 10 pounds

Constantly

Lifting: 10 to 25 pounds

Occasionally

Lifting: 25 to 50 pounds

Rarely

Disclaimer: The job description has been designed to indicate the general nature and essential duties and responsibilities of work performed by employees within this job title. It may not contain a comprehensive inventory of all duties, responsibilities, and qualifications required of employees to do this job.

Compliance Requirement: This job adheres to the ethical and legal standards and behavioral expectations as set forth in the code of business conduct and company policies.

As a component of job responsibilities, employees may have access to covered information, cardholder data, or other confidential customer information that must be protected at all times.  In connection with this, all employees must comply with both the Health Insurance Portability Accountability Act of 1996 (HIPAA) as described in the Notice of Privacy Practices and Privacy Policies and Procedures as well as all data security guidelines established within the Company’s Handbook of Privacy Policies and Practices and Information Security Policy. 

Furthermore, it is every employee’s responsibility to comply with the company’s Code of Business Conduct. This includes but is not limited to adherence to applicable federal and state laws, rules, and regulations as well as company policies and training requirements.

Pay Range Minimum:

$108,000.00

Pay Range Maximum:

$201,800.00

Base pay is determined by a variety of factors including a candidate’s qualifications, experience, and expected contributions, as well as internal peer equity, market, and business considerations.  The displayed salary range does not reflect any geographic differential Highmark may apply for certain locations based upon comparative markets.

Highmark Health and its affiliates prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, age, religion, sex, national origin, sexual orientation/gender identity or any other category protected by applicable federal, state or local law. Highmark Health and its affiliates take affirmative action to employ and advance in employment individuals without regard to race, color, age, religion, sex, national origin, sexual orientation/gender identity, protected veteran status or disability. 

EEO is The Law

Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled/Sexual Orientation/Gender Identity (https://www.eeoc.gov/sites/default/files/migrated_files/employers/poster_screen_reader_optimized.pdf)

We endeavor to make this site accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact number below.

For accommodation requests, please contact HR Services Online at HRServices@highmarkhealth.org

California Consumer Privacy Act Employees, Contractors, and Applicants Notice