SOX and Compliance Sustainability
SOX and Compliance Sustainability - Business Consultant Consultant/Specialist
Job Summary: The SOX and Compliance Sustainability - Business Consultant Consultant/Specialist provides subject matter expertise from technical, project management and business consulting perspective in support of Care Delivery BIO SOX and Compliance activities. Members of this team work across a number of SOX related initiatives to ensure appropriate processes, procedures and controls are adequately designed, implemented or remediated to meet audit and compliance expectations, operating efficiency goals, and other business objectives. The continued evolution of Health Care reform has driven unprecedented changes in the regulatory and Compliance landscape within the Health Care industry. In the Care Delivery BIO, you will be responsible for partnering with business and technology constituencies to address these evolving challenges by embedding risk management and compliance management competencies into day to day activities. The success of this team requires dedicated professionals who possess the analytical, feasibility, relationship and executive summary skills needed to form highly reliable risk management strategies to meet various SOX/Compliance requirements. At the Consultant/Specialist level you will provide advanced compliance analysis and consultation for the Care Delivery BIO SOX and Compliance Organization. In addition, you will possess the analytical, feasibility, business case and executive summary skills needed to form highly reliable risk management strategies to meet various compliance requirements. Essential Functions: 1. Developing an in depth understanding of the broad regulatory landscape impacting KP business areas. Remain current with emerging regulatory sentiments as well as solution trends in the marketplace. 2. Assessing the impact of laws and regulations on KP systems and technology. Work with other risk organizations to shape organizational control policies and standards. 3. Lead risk/security assessment studies to validate perceived risks. Perform interviews, document design assessments, and walkthroughs of key controls (both new and existing). 4. Lead cross-functional remediation teams in developing processes using requirements gathered from clients and engineering. 5. Exhibit pragmatism in formulating process remediation and implementation strategies, defining work tracks; and submitting assessment findings and recommendations 6. Design sustainment strategies and measurement systems to ensure that requirements can continue to be maintained over time. 7. Develop and nurture trusted relationships with Business Partners, KP IT Executives, Security Compliance Officers and other Compliance Team Members to gain consensus approvals on strategies, recommendations, findings, project plans, etc. 8. Serve as single-point-of-contact for assigned applications or application groupings by providing SOX guidance directly relevant to an application's architecture and technology landscape. Day to day tasks include information gathering, documenting existing processes, issues and recommendations in support of our strategies; collate and produce executive summary presentations related to findings and recommendations; develop design and drive remediation work streams. Other tasks may include working with project teams, participating in the development of design requirements, business cases to ensure compliance requirements are met. Work proactively with project and program managers to resolve issues. Qualifications: Basic Qualifications: 1) Bachelor's degree in a related subject and/or 4 years of equivalent experience. 2) A minimum of 12 years of experience in documenting functional requirements, analyzes business process, and develops business cases to support IT solutions. 3) 8+ years technology risk management experience and at least 5 years SOX experience (e.g. Audit, SOX, Compliance, etc.) in a highly regulated industry. This would include the following disciplines: a. Current information security and compliance vendor landscape b. Control frameworks such as COSO and COBIT c. Regulatory requirements in particular: SOX, HIPAA, PCI-DSS, Privacy Candidate should demonstrate versatility with a track record of experience in interpretation and application of a broad spectrum of regulatory imperatives. 4) Proven experience in performing broad scale, complex IT Security Assessments. 5) Excellent written and verbal communication skills, with strong expertise in Excel and Powerpoint.. 6) Strong client relationship focus with business sponsors, enterprise architects, and information security engineers to articulate business case and technology options. 7) Ideal candidate is a change driver and has a strong track record of influence in very large, consensus-driven organizations. 8) Candidate functions effectively as both a Manager as well as an individual contributor. 9) Solid understanding of Enterprise Risk Management and Strategy frameworks as well as understanding of current enterprise threat scenario as related to healthcare 10) The Business Consultant Consultant/Specialist will be required to know or learn the KP-IT program and process methodology and to execute it within the established KP and KP-IT organizational framework and oversight processes. Preferred Qualifications: 1) Certified Information Security Analyst/Manager (CISA/M) designation 2) Experience in internal consulting and customer account management; defining engagement scope, negotiating commitments, gathering requirements, defining deliverables, designing integrated solutions, and overseeing technical implementations considered a plus 3) Four years experience as a SOX Auditor, with strong GCC (all domains) and information security background including current vulnerabilities 4) Proven experience proposing enterprise level solutions to mitigate risk of receiving a material weakness in IT general controls 5) Experience in the health care industry