Sr Risk Management Analyst

Salary : $90,584.00 - $135,990.40

Full-time Days (No Weekends)

Description

Introduction

Do you have the career opportunities as a(an) Sr Risk Management Analyst you want with your current employer? We have an exciting opportunity for you to join HCA Healthcare which is part of the nation's leading provider of healthcare services, HCA Healthcare.

Benefits

HCA Healthcare, offers a total rewards package that supports the health, life, career and retirement of our colleagues. The available plans and programs include :

• Comprehensive medical coverage that covers many common services at no cost or for a low copay. Plans include prescription drug and behavioral health coverage as well as free telemedicine services and free AirMed medical transportation.
• Additional options for dental and vision benefits, life and disability coverage, flexible spending accounts, supplemental health protection plans (accident, critical illness, hospital indemnity), auto and home insurance, identity theft protection, legal counseling, long-term care coverage, moving assistance, pet insurance and more.
• Free counseling services and resources for emotional, physical and financial wellbeing
• 401(k) Plan with a 100% match on 3% to 9% of pay (based on years of service)
• Employee Stock Purchase Plan with 10% off HCA Healthcare stock
• Family support through fertility and family building benefits with Progyny and adoption assistance.
• Referral services for child, elder and pet care, home and auto repair, event planning and more
• Consumer discounts through Abenity and Consumer Discounts
• Retirement readiness, rollover assistance services and preferred banking partnerships
• Education assistance (tuition, student loan, certification support, dependent scholarships)
• Colleague recognition program
• Time Away From Work Program (paid time off, paid family leave, long- and short-term disability coverage and leaves of absence)
• Employee Health Assistance Fund that offers free employee-only coverage to full-time and part-time colleagues based on income.

Learn more about Employee Benefits

Note : Eligibility for benefits may vary by location.

Our teams are a committed, caring group of colleagues. Do you want to work as a(an) Sr Risk Management Analyst where your passion for creating positive patient interactions is valued?

If you are dedicated to caring for the well-being of others, this could be your next opportunity. We want your knowledge and expertise!

Job Summary

The Senior Risk Management Analyst plays a critical role in the Information Protection & Security (IPS) Risk Management team’s efforts to make risk visible, facilitate well-informed decision making, and drive accountability.

This person will partner with the senior members of the Governance, Risk, and Compliance team to develop risk management and compliance strategies for IPS and will be directly responsible for developing tactical plans in support of these strategic initiatives.

This person will lead development and implementation of governance, risk, and compliance processes, facilitating efforts that require support from other stakeholders within the organization, providing industry expertise and knowledge in the identification and mitigation of organizational risk, and enabling compliance with industry standards and federal regulations.

In addition to working independently with minimal guidance on large complex projects, the Senior Risk Management Analyst will act as a mentor and provide technical and organizational direction on the efforts of more junior members of the team in support of team goals.

This person will also interact with leadership and staff across the enterprise to provide extensive consultative support in defining, understanding and measuring threats, vulnerabilities and controls and communicating security risk as business risk.

Major Responsibilities :

The Senior Risk Management Analyst develops, plans, implements, oversees and maintains the IPS Risk Management (IPS RM) team’s processes for identifying, evaluating, reporting, tracking, and managing complex risk issues.

The top priority for this role is to provide objectivity, structure, and tools to consumers of the IPS Risk Management function.

Primary areas of responsibility include developing, managing, and operating the following :

• The Risk Engine that IPS RM uses to systematically evaluate risk scenarios, threats, vulnerabilities and controls
• The IPS Risk Register that the IPS RM team uses to capture and prioritize risk scenarios, intermediate risks, and enterprise risks for the purpose of leadership reporting and risk posture monitoring
• The Control Catalog that the IPS RM team uses to enumerate all the controls in the HCA environment and how those controls connect to company policies / standards, industry frameworks and regulations, and relevant security threats and vulnerabilities to HCA Healthcare
• The Security Risk Analysis (SRA) processes and deliverables that are required to demonstrate compliance with regulations such as HIPAA and Promoting Interoperability (formerly Meaningful Use)
• The risk treatment processes that the IPS RM team uses to document business acceptance of risk and mitigating controls
• The modules within the GRC / IRM platform that the IPS RM team uses to operate the Risk Engine and surrounding processes
• The development and maintenance of policies, standards and procedures that tie into the Control Catalog and Risk Management framework
• The process and deliverables for corrective action and control writing in response to risks identified in SRAs conducted at HCA
• The management of unplanned external audit response efforts

The Senior Risk Management Analyst also :

• Contributes to the overall Risk Management strategy and roadmap
• Collaborates with the GRC Solutions team in IPS to design and implement modules that provide risk management capability in the GRC tool
• Reports on status of Risk Management activities and / or initiatives
• Documenting and reporting on lessons learned from risk management activities and enhancement opportunities to the risk management framework
• Acts as Risk Management liaison to sister teams in IPS to foster open communication and detailed understanding of those teams' control processes and technologies
• Works closely with resources (e.g., Control Owners, Risk Owners) across HCA to ensure risk management activities meet organizational needs
• Coordinates resources (e.g., Control Owners, Risk Owners) across HCA engaged in risk identification and mitigation of risks
• Participates in stakeholder analysis to understand how to best engage those teams and customers impacted by on-demand risk identification and facilitated mitigation activities
• Engages decision makers with the output of data analysis / modeling work to facilitate well-informed decision making and drive accountability
• Identifies options and provides recommendations for the design and development of risk management systems
• Works with SMEs on other teams to help them define KPIs / KRIs to measure control performance
• Manages processes to refresh ratings for inherent likelihood of vulnerabilities, inherent control effectiveness, control maturity, and coverage by conducting facilitated work sessions and managing automated and manual feedback forms
• Facilitates risk mitigation and control implementation planning with sister teams within IPS and other stakeholders when necessary
• Maintains the threat and vulnerability catalogs and coordinates with sister teams within IPS to regularly review and update when new threats, vulnerabilities or controls are introduced into the environment

Knowledge, Skills, Abilities, Behaviors :

• Service and Quality Excellence : Ability to demonstrate an uncompromising commitment to delivering exceptional care to create an unmatched value proposition for our patients. Required
• Honor our Mission and Values : Ability to build trust and act with authenticity to cultivate a culture of integrity, inclusion, and mutual respect. Required
• Effective Decision Making : Ability to make timely, informed decisions that are in the best interest of our patients, employees, providers, community and HCA. Required
• Attain and Leverage Strategic Relationships : Ability to develop and strengthen collaborative relationships with both internal and external stakeholders to advance the care of our patients and the growth of HCA.Required
• Lead and Develop Others : Ability to lead others to accomplish organizational goals and objectives; provide meaningful coaching and mentoring to increase the capabilities of individuals and teams and drive employee engagement. Required
• Communicate with Impact : Ability to deliver information in a clear, concise, and compelling manner to effectively engage others and achieve desired results. Required
• Achieve Success through Change : Ability to identify opportunities for improvement and innovation, remove barriers and resistance, and enable desired behaviors. Required
• Drive Execution and Financial Results : Ability to commit to the success and financial wellbeing of HCA by challenging others to excel and hold themselves and others accountable for achieving results. Required

Education & Experience :

• Bachelor's degree or equivalent experience Required
• 5+ years of experience in some combination of audit, risk management, information security, or information technologyRequired
• 5+ years of experience in some combination of implementing Security Risk Management programs, translating security-themed regulations and frameworks into risk assessment processes and tools, developing or assessing technical and process-based controls, managing risk assessments / investigations, or working with organization leadership to integrate controls into the scope of existing business practicesRequired
• 3+ years of experience in in working with GRC or IRM tool suitesPreferred
• 1+ year(s) of experience in healthcarePreferred
• 3+ years of experience in working with Federal, HIPAA, Meaningful Use / Promoting Interoperability and other healthcare security regulations.Or
• 3+ years of experience in working with other security risk management requirements, regulations, or certifications such as PCI, SOX, SOC 1 & 2, ISO, HITECH, etc. Preferred
• 5+ years of experience in demonstrating the ability to be adaptable and flexible, with the ability to handle ambiguity and sometimes changing priorities.Required
• 5+ years of experience in demonstrating the ability to define, learn, understand, and apply new technologies, methods, and processes.Required

License, Certifications, & Training :

Certifications such as CISSP, CISA, HCISPP, CHC, CHPC, CHSP, CISM, CRP, CRISC or other relevant information security or risk management certifications Preferred

We are comprised of affiliated hospitals, physician practices and other sites of care across the United States and United Kingdom.

The Sarah Cannon Cancer Network is transforming cancer care through integrated services and cutting-edge technologies. Our physicians can develop leading oncology programs to advance science and patient care.

Providing physician-led patient care offers our doctors access to a national network of experts. This is where multidisciplinary teams come together with a goal of delivering seamlessly coordinated, quality cancer care.

Through a united network of globally recognized oncology specialists, we collaborate and share best practices. We address each aspect of the cancer journey, from screening and diagnosis through treatment and survivorship, to advance our shared mission : Above all else, we are committed to the care and improvement of human life.

HCA Healthcare has been recognized as one of the World's Most Ethical Companies® by the Ethisphere Institute more than ten times.

In recent years, HCA Healthcare spent an estimated $3.7 billion in cost for the delivery of charitable care, uninsured discounts, and other uncompensated expenses.

Bricks and mortar do not make a hospital. People do."- Dr. Thomas Frist, Sr.

HCA Healthcare Co-Founder

If you are looking for an opportunity that provides satisfaction and personal growth, we encourage you to apply for our Sr Risk Management Analyst opening.

We promptly review all applications. Highly qualified candidates will be contacted for interviews. Unlock the possibilities and apply today!

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.