Executive Director, Risk Information Officer

Upon start, candidate must reside in an authorized state, including CA, CO, OR, WA, HI, GA, MD, VA, or District of Columbia.

Job Summary:
This position is responsible for establishing and cultivating the relationship with KP business unit Executive Leaders to support their strategic goals while identifying and managing technology risks, compliance risk and privacy risk to KP. This position will engage closely with senior executives across KP business units, within TRO, and the Compliance and Privacy groups. This includes executive sponsors of large programs, executive sponsors of vendor relationships, the Information Technology Executive Council, the Permanente Medical Groups, and the Technology Risk Office leadership team, to name a few. As a leader in KP’s Technology Risk Office, this individual is responsible for developing and executing the Technology Risk Management service delivery function for KP. The service delivery ensures that appropriate TRO services are assigned and performed, and then support the business partner’s response to identified risks, business operations, and strategic goals. This function is crucial to KPIT overall strategy to increase the security, resiliency and operations of technology infrastructure and applications through appropriate technology risk management practices. Knowledge and experience in project consulting under risk and compliance framework methodologies is expected.

This position is accountable for managing teams that will engage, consult, respond, and deliver to KP business partner requests for TRO services. Responsibilities will include providing feedback to TRO on behalf of the business partner, driving TRO risk reduction and avoidance activities with the business and supporting business initiatives through risk advisory, risk reduction and risk avoidance consultation and direction. This position will also direct research into new risk, security, and compliance strategies and provide expert counsel on the cost/benefits at the strategic and operational level.

Essential Responsibilities:

Provide strategic advisory to KP executives and program leadership during pre-service request consultation, strategic planning, and budget forecasting.Recommend investment and resource strategies to avoid and reduce risk, while balancing business requirements and advancement.

Develop and maintain effective working relationships with business partners including executive and physician leaders.

Principle contributor to program governance along with KPIT executives for technology risk management, including communication of service engagement process, point of escalation, review of business partner feedback, and incorporation of business feedback to TRO leadership.

Direct efficient risk management, business modeling, requirements gathering, solution design, vendor engagement, solution logistics, and product-service-support alignment as a function of lifecycle management.

Work with TRO executive leadership to affect cross-functional change and continuous improvement based on customer feedback and through TRM Product Management.

Create, coach, and lead internal risk consulting team that is multi-disciplined and geographically dispersed.

Monitor and evaluate the efficiency and effectiveness of business engagement service delivery methods and procedures; recommend, within division policy, appropriate service, and staffing levels.

Delivery performance accountability for TRO services including development and execution of operational strategy, relationship with key business partners, risk remediation project execution, and leadership of internal consulting teams focused on customer delivery.

Support business partners by establishing business technology priorities, service engagements, regulatory and compliance adherence, and application and system control requirements and procedures, including direction on systems architecture, reuse, and development processes.

Direct research into new risk, security, and compliance strategies, then provide guidance on planning, evaluation and implementation of such methodologies and drive TRM Product Management to deliver better solutions.

Resolve difficult and complex risk and security issues through consultation, analysis, and effective utilization of TRO service staff, coordination with other staff, and use of contracted support.

Provide feedback for continuous improvement to a best-in-class risk management environment leveraging regulatory controls, security monitoring, and assessment services to maintain direct contact with business technology owners.

Assure compliance and adherence with company guidelines and Principles of Responsibility.

Other tasks in support of strategic initiatives as assigned by the TRM VP and TRO SVP.

Basic Qualifications:

Experience
Minimum ten (10) years of cyber security information technology, technology risk and/or compliance experience, preferably in health care IT environment supporting security controls and operations, compliance, and risk management.
Minimum ten (10) years of management experience leading an organization or practice area.
Minimum five (5) years of experience in delivering significant positive business impact in an advisory or consulting capacity in support of defined practice areas such as IT, Cyber Security, Enterprise Business Services, Human Resources, Revenue Cycle, Marketing and more core business functions, preferably for a major healthcare organization.
Education
Bachelor-s degree in related field (Business, Healthcare, etc.)
License, Certification, Registration

N/A
Additional Requirements:
Previous executive level management experience in information technology, information security, and/or risk management, preferably in the healthcare industry.
Preferred Qualifications:
Master-s degree
At least one of the following nationally recognized certifications strongly preferred: CRISC, CISM, CISA, CISSP.
Contribution to the industry through thought leadership and security industry participation, preferably in healthcare focused organizations, such as H-ISAC, FS-ISAC, FDA, HIMSS and others.

#J-18808-Ljbffr