Risk Management Principal - Work From Home

Be part of a team that unleashes the power of leading-edge technologies to help improve the health and well-being of those most vulnerable in our country and communities.

Working at Gainwell carries its rewards. You’ll have an incredible opportunity to grow your career in a company that values work flexibility, learning, and career development.

You’ll add to your technical credentials and certifications while enjoying a generous, flexible vacation policy and educational assistance.

We also have comprehensive leadership and technical development academies to help build your skills and capabilities.

Summary

This is a senior level individual contributor role reporting to the Office of the Chief Information Security Officer. The primary responsibility will be the ownership, implementation, run and maintain of the Risk Management Framework based on NIST 800-37 across the Gainwell Enterprise.

The ability to evangelize, inspire and build consensus for a new Enterprise Risk initiative across multiple business domains is key to this role’s success.

Your role in our mission

Oversees the development and implementation of corporate-wide application security procedures in client environments to meet corporate and government regulations.

Remains abreast of changes to security regulations and implements corporate wide changes as appropriate.

Ensures that application security procedures meet business requirements and that information is safeguarded against unauthorized use, disclosure or modification, and damage or loss.

Recommends changes to current policies and procedures as necessary.

Oversees the implementation of appropriate access controls to ensure that access to systems, data and programs is restricted to authorized and trained users.

Researches and recommends alternative approaches to current practices as necessary.

Develops and implements detailed security procedures. Oversees security administrator team to ensure compliance with client security procedures.

Ensures compliance with program security requirements including personnel, physical and administrative security systems and procedures.

• Serves as a subject matter expert concerning security procedures and audit compliance.
• Oversees sensitive aspects of corporate security programs to ensure compliance with government and company security policies and procedures including verifying adherence to specific policies and ensuring policy compliance with government regulations.

Researches and recommends updates as necessary.

• Conducts security education programs to educate appropriate personnel about security systems and their importance to oversee and ensure the integrity of security systems.
• Oversees the investigation of losses and security violations and recommends corrective actions. Implements approved course of action as appropriate.
• Oversees research on technological advancements to ensure that security solutions are continuously improved, supported and aligned with industry and company standards.

Recommends strategy and policy changes based upon research.

Provides leadership and work guidance to less experienced personnel.

What we're looking for

• A minimum of 7 years performing hands on Information Security Risk Assessment or IT audit (SOC1, SOC2, MARS-E, NIST, HIPAA, etc ) in healthcare, financial services or IT services preferred.
• Experience in the field of Health and Human Services (Medicare / Medicaid).
• Experience with NIST 800-37 and HIPAA compliance is required.
• Strong experience with Third-party audit and audit response.
• Experience with ServiceNOW IRM (Integrated Risk Management) is preferred, GRC tools background could be considered.
• Project Management skills and ability to drive teams to meet deadlines.
• Executive level communications and reporting skills will be needed on a daily, weekly, and monthly basis.

What you should expect in this role

• PST time zone support required.
• This is a remote opportunity with some travel to the Sacramento area possible, up to 20% annually.

The deadline to submit applications for this posting is September 10, 2024.

The pay range for this position is $113,700.00 - $162,400.00 per year, however, the base pay offered may vary depending on geographic region, internal equity, job-related knowledge, skills, and experience among other factors.

Put your passion to work at Gainwell. You’ll have the opportunity to grow your career in a company that values work flexibility, learning, and career development.

All salaried, full-time candidates are eligible for our generous, flexible vacation policy, a 401(k) employer match, comprehensive health benefits , and educational assistance.

We also have a variety of leadership and technical development academies to help build your skills and capabilities.

We believe nothing is impossible when you bring together people who care deeply about making healthcare work better for everyone.

Build your career with Gainwell, an industry leader. You’ll be joining a company where collaboration, innovation, and inclusion fuel our growth.

Learn more about Gainwell at our company website and visit our Careers site for all available job role openings.

Gainwell Technologies is committed to a diverse, equitable, and inclusive workplace. We are proud to be an Equal Opportunity Employer, where all qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical condition), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.

We celebrate diversity and are dedicated to creating an inclusive environment for all employees.