HealthPartners is currently hiring for an IT Risk and Compliance Consultant. The consultant advises upon and guides HealthPartners’ IT Risk Program; analyzing needs, assessing gaps, and developing plans to effectively and efficiently create a mature risk program. This role provides risk guidance and ensures that HealthPartners’ Risk Program meets the needs of IT and overall organization. The consultant oversees the annual risk process; ensuring risks are assessed consistently and across HealthPartners technologies. It also provides compliance consultation and collaborates in the development of system-wide IT department compliance strategies.

Required Qualifications:

Bachelor’s degree in computer science, management of information technology or equivalent experience/knowledge. 12+ years’ professional experience in Information Technology, including a high degree of knowledge regarding technical infrastructure, systems, applications, and development and project methodologies. 5+ years’ professional experience system auditing, defining controls, security management and/or identifying and mitigating risks. Certification in at least one related area of compliance, risk, or security management by an accredited organization. Proficient with audit concepts and relationships (e.g., Artificial Intelligence Governance, SSAE18, Enterprise Risk Assessment, SOX, etc.) Proficient at coordinating multiple endeavors and request streams; disseminating information and interpreting needs. Excellent communication skills, verbal and written for technical and non-technical topics; ability to communicate effectively with individuals at all levels of responsibility and authority. Excellent people skills; focusing on consistent service to both internal and external customers. Proficient with interpreting, communicating, and utilizing audit, security, and IT standards e.g., CoBit, NIST, ISO27001, ISO27002, ITIL, PMBOK etc. Excellent analysis and problem-solving experience. Strong understanding of security technologies Proficient at analysis Proficient at presenting concepts internal/ externally and training staff Experience leading staff and managing deliverables across groups.

Preferred Qualifications:

CISA Certification CRISC Certification CISSM Certification Proficient with standard health care and/or health plan audit concepts and relationships. Experience interpreting federal and state security related legislation including HIPAA, Joint Commission, and NCQA

Hours/Location:

M-F; Days May work in a remote capacity. We prefer local/regional candidates for occasional onsite needs.

Responsibilities:

Coordinates and partners in the development of risk mitigation activities. Recommends remediation methods for audit deficiencies; tracking progress for mitigation through completion. Documents and manages IT’s Risk Repository and library; ensuring risk assessments meet IT’s defined procedures and requirements. Reviews, assesses, and documents risks; consulting with business owners and IT regarding risk decisions and appropriate mitigating controls. Maintains a strong understand of current threats geographically and within the health care and management industries. Provides consultation to IT’s compliance program, utilizing a risk-based approach in support of regulatory requirements and corporate policies. Participates and provides consultation towards Enterprise Risk initiatives and program development. Partners with IT to develop, manage, and measure the progress of &T’s Compliance and Risk Strategic Plan. Manages and maintains IT’s Risk program; ensuring risk tools, management, methodology, and activities are aligned with Enterprise Goals and Strategies. Facilitates business and IT Risk Mitigation and Audit remediation decision making; providing options, cost/benefit analysis and impact analysis for potential solutions. Owns the annual IT Risk Assessment process; facilitating vulnerability gathering and overseeing the risk council assessment process. Investigates growth opportunities for the IT’s Risk Assessment and Compliance program; proposing additional services and updating current services. Partners within IT Risk and Compliance for metrics development and reporting across risk and compliance services. Maintains awareness of the latest developments in the areas of system audit and standards including CoBit, ISACA standards, ITIL Frameworks, and regulatory changes (e.g., HIPAA, Sarbanes Oxley, PCI, etc.).