IT Compliance, Monitoring & Reporting
IT Compliance, Monitoring Reporting - Business Consultant Consultant/Specialist
IT Compliance, Monitoring Reporting- Business Consultant Consultant/Specialist The IT Compliance (ITC) function provides subject matter expertise and staffing from technical, project management and business consulting perspectives in support of IT Compliance activities. Members of ITC work across a number of Compliance related initiatives to ensure appropriate processes, procedures and controls are adequately designed, implemented, and/or remediated, to meet audit and compliance expectations (e.g.; SOX, PCI, HIPAA, etc.), operating efficiency goals, and other business objectives The continued evolution of Health Care reform has driven unprecedented changes in the regulatory and Compliance landscape within the Health Care industry. In ITC's Monitoring Reporting function you will be responsible for partnering with business and technology constituencies to address these evolving challenges by embedding audit, risk, and compliance management competencies into Corrective Action Plan remediation strategies. The success of this unit requires dedicated professionals who possess the analytical, audit, relationship and executive summary skills needed to form highly reliable risk management strategies to meet various Compliance requirements. At the Consultant/Specialist level within ITC's Monitoring Reporting unit you will be responsible for corrective action plan (CAP) remediation monitoring, issue identification, risk management, and associated reporting requirements. In addition, you will form highly reliable executive summaries, closure packages and risk management strategies to meet various audit and compliance requirements. Responsibilities of the Business Consultant - Consultant/Specialist include: - Maintain an in-depth understanding of the broad regulatory landscape impacting KP business and IT areas. Remain current with emerging regulatory sentiments as well as solution trends in the marketplace. Understand the impact of laws and regulations on KP systems and technology. - Work with client organizations within KP-IT to ensure remediation efforts address noted deficiencies in a complete, and organizationally appropriate manner, given organizational control policies and standards. This will require monitoring and coordination across a wide range of KP organizations, internal and external to KP-IT. - Ensure databases/spreadsheets/CAP reporting systems accurately and timely reflect the status of all identified CAPs. - Ability to perform risk/security assessment studies to validate remediation approaches. Competent in performing interviews, documenting design assessments and walkthroughs of key controls (both new and existing). - Exhibit pragmatism in advising clients on process remediation and implementation strategies, defining work tracks; and submitting assessment findings and recommendations. - Ensure remediation solutions are sustainable, measurable, and defensible, to ensure that Compliance requirements continue to be maintained over time. - Develop and nurture trusted relationships with Business Partners, KP IT Leaders, Security Compliance Officers and other Compliance Team Members to gain consensus approvals on strategies, recommendations, findings, project plans, etc. Qualifications: Basic Qualifications: Bachelor degree in a related field. Or equivalent work expperience 8years technology risk management experience (e.g. Audit, Compliance, etc.) in a highly regulated industry. This would include the following disciplines: o Current information security and compliance vendor landscape o Control frameworks such as COSO, COBIT, ITIL, etc. o Regulatory knowledge in particular, HIPAA, SOX, and PCI-DSS Candidate should demonstrate versatility with a track record of experience in interpretation and application of a broad spectrum of regulatory imperatives. Excellent written and verbal communication skills. Strong client relationship ocus with internal and external business partners. Ability to manage and diffuse conflict, and to maintain productive working relationships with diverse body of clients. Ideal candidate has a strong track record of influence in very large, consensus-driven organizations. Candidate can function effectively as both a manager as well as an individual contributor. Solid understanding of Enterprise Risk Management and Strategy frameworks as well as understanding of current enterprise threat scenario as related to healthcare. Preferred requirements/knowledge: Certified Information Security Auditor/Manager (CISA/M) designation or CISSP. Experience in internal consulting and customer account management; defining engagement scope, negotiating commitments, gathering requirements, defining deliverables, designing integrated solutions, and overseeing technical implementations considered a plus. Proven experience proposing enterprise level solutions to mitigate risk of receiving a material weakness in IT general controls. Significant IT Audit experience.