Consulting Risk Management Analyst - Military Veterans

Description

Introduction

Are you passionate about the patient experience? At HCA Healthcare, we are committed to caring for patients with purpose and integrity. We care like family! Jump-start your career as a(an) Consulting Risk Management Analyst today with HCA Healthcare.

Benefits

HCA Healthcare, offers a total rewards package that supports the health, life, career and retirement of our colleagues. The available plans and programs include:

• Comprehensive medical coverage that covers many common services at no cost or for a low copay. Plans include prescription drug and behavioral health coverage as well as free telemedicine services and free AirMed medical transportation.
• Additional options for dental and vision benefits, life and disability coverage, flexible spending accounts, supplemental health protection plans (accident, critical illness, hospital indemnity), auto and home insurance, identity theft protection, legal counseling, long-term care coverage, moving assistance, pet insurance and more.
• Free counseling services and resources for emotional, physical and financial wellbeing
  
• 401(k) Plan with a 100% match on 3% to 9% of pay (based on years of service)
  
• Employee Stock Purchase Plan with 10% off HCA Healthcare stock
  
• Family support through fertility and family building benefits with Progyny and adoption assistance.
  
• Referral services for child, elder and pet care, home and auto repair, event planning and more
  
• Consumer discounts through Abenity and Consumer Discounts
  
• Retirement readiness, rollover assistance services and preferred banking partnerships
  
• Education assistance (tuition, student loan, certification support, dependent scholarships)
  
• Colleague recognition program
  
• Time Away From Work Program (paid time off, paid family leave, long- and short-term disability coverage and leaves of absence)
  
• Employee Health Assistance Fund that offers free employee-only coverage to full-time and part-time colleagues based on income.
  

Learn more about Employee Benefits

Note: Eligibility for benefits may vary by location.

Come join our team as a(an) Consulting Risk Management Analyst. We care for our community! Just last year, HCA Healthcare and our colleagues donated $13.8 million dollars to charitable organizations. Apply Today!

Job Summary and Qualifications

Position Summary

The Consulting Risk Management Analyst plays a critical role in the Information Protection & Security (IPS) Risk Management team’s efforts to make risk visible, facilitate well-informed decision making, and drive accountability.

This person will partner with the Manager of Risk Management and Director of Risk Management to develop risk management strategy for IPS and will be directly responsible for developing tactical plans in support of these strategic risk management initiatives. This person will lead development and implementation of risk management processes, facilitating efforts that require support from other stakeholders within the organization, providing industry expertise and knowledge in the identification and mitigation of organizational risk, and enabling compliance with industry standards and federal regulations.

In addition to working independently with minimal guidance on large complex projects, the Consulting Risk Management Analyst will direct the efforts of more junior members of the team in support of team goals. This person will also interact with leadership and staff across the enterprise to provide extensive consultative support in defining, understanding and measuring threats, vulnerabilities and controls and communicating security risk as business risk.

Major Responsibilities:

The Consulting Risk Management Analyst develops, plans, implements, oversees and maintains the IPS Risk Management (IPS RM) team’s processes for identifying, evaluating, reporting, tracking, and managing complex risk issues. The top priority for this role is to provide objectivity, structure, and tools to consumers of the IPS Risk Management function. Primary areas of responsibility include developing, managing, and operating the following:

• The Risk Engine that IPS RM uses to systematically evaluate risk scenarios, threats, vulnerabilities and controls
• The On-Demand Risk Analysis process that the IPS RM team uses to quickly analyze developing risk scenarios to aid HCA leadership in making decisions about risk reducing actions
• The IPS Risk Register that the IPS RM team uses to capture and prioritize risk scenarios, intermediate risks, and enterprise risks for the purpose of leadership reporting and risk posture monitoring
• The Facilitation & Liaison program that the IPS RM team uses to effectively engage critical points of contact on other HCA teams and to successfully facilitate subject-matter-expert interaction in risk analysis and risk remediation work sessions
• The Control Catalog that the IPS RM team uses to enumerate all the controls in the HCA environment and how those controls connect to company policies/standards, industry frameworks and regulations, and relevant security threats and vulnerabilities to HCA Healthcare
• The Security Risk Analysis (SRA) processes and deliverables that are required to demonstrate compliance with regulations such as HIPAA and Promoting Interoperability (formerly Meaningful Use)
• The Controls Exception and Risk Acceptance processes that the IPS RM team uses to document business acceptance of risk and mitigating controls
• The IPS Project Portfolio priority analysis and control monitoring processes the IPS RM team uses to help IPS leadership make project funding decisions and monitor changes in control effectiveness in the HCA environment
• The Risk Management modules within the GRC/IRM platform that the IPS RM team uses to operate the Risk Engine and surrounding processes
• The Internal Review & Process Improvement program that the IPS RM team uses to evaluate team effectiveness and adherence to our own requirements
• The development and maintenance of policies, standards and procedures that tie into the Control Catalog and Risk Management framework
• The process and deliverables for corrective action and control writing in response to risks identified in SRAs conducted at HCA
• The management of unplanned external audit response efforts

The Consulting Risk Management Analyst also:

• Contributes to the overall Risk Management strategy and roadmap
• Collaborates with the GRC Solutions team in IPS to design and implement modules that provide risk management capability in the GRC tool
• Reports on status of Risk Management activities and/or initiatives
• Documenting and reporting on lessons learned from risk management activities and enhancement opportunities to the risk management framework
• Acts as Risk Management liaison to sister teams in IPS to foster open communication and detailed understanding of those teams' control processes and technologies
• Works closely with resources (e.g., Control Owners, Risk Owners) across HCA to ensure risk management activities meet organizational needs
• Coordinates resources (e.g., Control Owners, Risk Owners) across HCA engaged in risk identification and mitigation of risks
• Participates in stakeholder analysis to understand how to best engage those teams and customers impacted by on-demand risk identification and facilitated mitigation activities
• Engages decision makers with the output of data analysis/modeling work to facilitate well-informed decision making and drive accountability
• Identifies options and provides recommendations for the design and development of risk management systems
• Works with SMEs on other teams to help them define KPIs/KRIs to measure control performance
• Manages processes to refresh ratings for inherent likelihood of vulnerabilities, inherent control effectiveness, control maturity, and coverage by conducting facilitated work sessions and managing automated and manual feedback forms
• Facilitates risk mitigation and control implementation planning with sister teams within IPS and other stakeholders when necessary
• Maintains the threat and vulnerability catalogs and coordinates with sister teams within IPS to regularly review and update when new threats, vulnerabilities or controls are introduced into the environment

Education & Experience:

• Bachelor's degree or equivalent experience Required
• 7+ years of experience in some combination of audit, risk management, information security, or information technology Required
• 7+ years of experience in some combination of implementing Security Risk Management programs, translating security-themed regulations and frameworks into risk assessment processes and tools, developing or assessing technical and process-based controls, managing risk assessments/investigations, or working with organization leadership to integrate controls into the scope of existing business practices Required
• 5+ years of experience in in working with GRC or IRM tool suites Preferred
• 1+ year(s) of experience in healthcare Preferred
• 3+ years of experience in working with Federal, HIPAA, Meaningful Use/Promoting Interoperability and other healthcare security regulations.

Or

• 5+ years of experience in working with other security risk management requirements, regulations, or certifications such as PCI, SOX, SOC 1 & 2, ISO, HITECH, etc. Preferred
• 7+ years of experience in demonstrating the ability to be adaptable and flexible, with the ability to handle ambiguity and sometimes changing priorities. Required
• 7+ years of experience in demonstrating the ability to define, learn, understand, and apply new technologies, methods, and processes. Required
• Or equivalent combination of education and/or experience

Licenses, Certifications, & Training:

• Certifications such as CISSP, CISA, HCISPP, CHC, CHPC, CHSP, CISM, CRP, CRISC or other relevant information security or risk management certifications Preferred

We are comprised of affiliated hospitals, physician practices and other sites of care across the United States and United Kingdom. The Sarah Cannon Cancer Network is transforming cancer care through integrated services and cutting-edge technologies. Our physicians can develop leading oncology programs to advance science and patient care. Providing physician-led patient care offers our doctors access to a national network of experts. This is where multidisciplinary teams come together with a goal of delivering seamlessly coordinated, quality cancer care. Through a united network of globally recognized oncology specialists, we collaborate and share best practices. We address each aspect of the cancer journey, from screening and diagnosis through treatment and survivorship, to advance our shared mission: Above all else, we are committed to the care and improvement of human life.

HCA Healthcare has been recognized as one of the World's Most Ethical Companies® by the Ethisphere Institute more than ten times. In recent years, HCA Healthcare spent an estimated $3.7 billion in cost for the delivery of charitable care, uninsured discounts, and other uncompensated expenses.

"The great hospitals will always put the patient and the patient's family first, and the really great institutions will provide care with warmth, compassion, and dignity for the individual."- Dr. Thomas Frist, Sr.
HCA Healthcare Co-Founder

If you are looking for an opportunity that provides satisfaction and personal growth, we encourage you to apply for our Consulting Risk Management Analyst opening. We promptly review all applications. Highly qualified candidates will be contacted for interviews. Unlock the possibilities and apply today!

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.