Skip To Content
Laptop
J191961

Manager - Technology Assurance & Compliance

Helion

  • Company Helion
  • Home, PA
  • Audit & Compliance
  • Full time
  • Day (United States of America)

Company :

Helion

Job Description : 

JOB SUMMARY

This job is accountable for the direction and implementation of the comprehensive, risk-based information systems audit, advisory, and compliance plan for Helion, in collaboration with the Highmark Health Enterprise, including the technology component of the board-approved annual audit plan.  Interacts with a wide spectrum of stakeholders including, but not limited to, executive leadership, subsidiary management, state and federal governments, external auditors, employer groups, and partner plan customers. Ensures that the respective risk management and compliance programs address applicable laws, rules, regulations and relevant business risks as well as corporate requirements, recommending and/or implementing improvements in line with corporate standards, applicable regulations, and/or best practice frameworks. All employees must comply with the Health Insurance Portability Accountability Act of 1996 (HIPAA) as it pertains to disclosures of protected health information (PHI) as described in the Notice of Privacy Practices and Privacy Policies and Procedures. As a component of job roles and responsibilities, employees in this role may have access to covered information, cardholder data, or other confidential customer information which must be protected at all times.  In connection with this responsibility, employees in this role must adhere to all data security guidelines established within the Company’s Handbook of Privacy Policies and Practices and Information Security Policy.


ESSENTIAL RESPONSIBILITIES

  • Perform management responsibilities to include, but are not limited to: involved in hiring and termination decisions, coaching and development, rewards and recognition, performance management, and staff productivity. 
  • Plan, organize, staff, direct, and control the day-to-day operations of accountable teams; develop and implement policies and programs as necessary; may have budgetary responsibility and authority. 
  • Direct and oversee a portfolio of system and process audit and advisory engagements. Define and coordinate the technology audit and advisory process with key organizational leaders and review and establish a program to ensure the quality of work performed inconsistently meets Institute of Internal Auditor (IIA) and Information Systems Audit and Control Association (ISACA) guidelines.   Prepare draft audit reports and ensure that agreement has been obtained regarding any findings and proposed actions with business owners. Assist in preparation of materials for presentation to senior and executive management, the Highmark Health Audit Committee, and subsidiary boards of directors as required.
  • Ensure that the respective risk management and technology compliance programs (SOC 1, SOC 2, MAR, MACRA, HITRUST, NIST, etc.) address applicable laws, rules, regulations and relevant business risks as well as corporate requirements, collaborating with Enterprise Risk Management, Corporate Compliance, Legal, Regulatory Affairs, Operational Audit, External Auditors and Regulators as appropriate.  Proactively identify areas requiring attention or strengthening and work collaboratively with business and technology management to implement improvements in line with corporate standards, applicable regulations, and/or best practice frameworks.
  • Provide proactive risk, control and governance counsel to business leadership as required.   Interact with and must be able to influence senior management and matrix partners on matters of significance.
  • Participate in annual technology audit and advisory risk assessment process with enterprise-wide senior leadership, identifying key strategic and operational risks. Update technology assurance risk assessment on an ongoing basis.  Leveraging the risk assessment outcomes, collaboratively develop the comprehensive, annual, Audit and Advisory Services plan with other senior leaders in the Audit & Compliance division for presentation to and approval from the Highmark Health Audit Committee of the Board of Directors.  
  • Participate in industry-related forums and training activities to stay current with risk management practices, assurance and attest practices, and specialized technology subject matter risks (e.g. cybersecurity, data governance, etc.).
  • Other duties as assigned or requested.

QUALIFICATIONS

Required

  • Bachelor's Degree in Accounting, Finance, Business Administration, Information Technology, or Computer Science
  • 8 years of experience in Information Systems auditing or a combination of experience in audit and an Information Systems-related disciplines, such as Information Security, Change Management, Systems Development, etc., with increasing responsibility
  • Familiarity with a wide variety of computer application platforms, including but not limited to Oracle, SQL Server, DB2, RACF, Linux, and Windows
  • 2 years of experience managing teams, preferably in an audit or information systems discipline in a healthcare or healthcare-related industry

Preferred

  • Master's Degree in Accounting, Finance, Business Administration, Information Technology, or Computer Science
  • Cybersecurity / IT risk assurance expertise
  • Healthcare (insurance and/or hospital) experience 
  • Experience with Archer Governance, Risk, and Compliance (GRC) suite of products
  • Certified Information System Auditor (CISA)
  • Certified Internal Auditor (CIA)
  • Certified Public Accountant (CPA)

KEY SKILLS

  • Demonstrate expert knowledge of technology processes, risk and control frameworks, and audit methodology (including GAAS, GAAP, SOC 1 / SOC 2 attestation requirements), particularly as applied to application and infrastructure security/controls and the application of technology to support operational control in healthcare (payer and provider) business processes
  • Demonstrate expert ability to apply risk-based auditing techniques to the evaluation of systems environments and processes (i.e., data center operations, information security, input, output and processing controls, back-up and recovery, business contingency planning, systems development, and the implementation of advanced technologies)
  • Excellent resource and project planning capabilities, decision making skills, history of results-oriented delivery, and effective team building across a cross-campus and diverse team of management and staff
  • Strong written and verbal communication skills for diverse audiences (senior management, board, peer, and team)
  • Strong relationship building skills and ability to influence with and without authority in a matrixed organization
  • Highly developed leadership qualities with an ability to motivate and inspire a group of individuals to achieve superior results
  • High capacity to think analytically, interpret information / observations, apply judgment and make effective, strategic decisions

Disclaimer: The job description has been designed to indicate the general nature and essential duties and responsibilities of work performed by employees within this job title. It may not contain a comprehensive inventory of all duties, responsibilities, and qualifications required of employees to do this job.

Compliance Requirement : This job adheres to the ethical and legal standards and behavioral expectations as set forth in the code of business conduct and company policies.


As a component of job responsibilities, employees may have access to covered information, cardholder data, or other confidential customer information that must be protected at all times.  In connection with this, all employees must comply with both the Health Insurance Portability Accountability Act of 1996 (HIPAA) as described in the Notice of Privacy Practices and Privacy Policies and Procedures as well as all data security guidelines established within the Company’s Handbook of Privacy Policies and Practices and Information Security Policy. 

Furthermore, it is every employee’s responsibility to comply with the company’s Code of Business Conduct. This includes but is not limited to adherence to applicable federal and state laws, rules, and regulations as well as company policies and training requirements.

Highmark Health and its affiliates prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, national origin, sexual orientation/gender identity or any other category protected by applicable federal, state or local law. Highmark Health and its affiliates take affirmative action to employ and advance in employment individuals without regard to race, color, religion, sex, national origin, sexual orientation/gender identity, protected veteran status or disability.

Highmark Health and its affiliates prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, age, religion, sex, national origin, sexual orientation/gender identity or any other category protected by applicable federal, state or local law. Highmark Health and its affiliates take affirmative action to employ and advance in employment individuals without regard to race, color, age, religion, sex, national origin, sexual orientation/gender identity, protected veteran status or disability. 

EEO is The Law

Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled/Sexual Orientation/Gender Identity ( https://www.eeoc.gov/sites/default/files/migrated_files/employers/poster_screen_reader_optimized.pdf )

We endeavor to make this site accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact number below.

For accommodation requests, please contact HR Services Online at HRServices@highmarkhealth.org

California Consumer Privacy Act Employees, Contractors, and Applicants Notice


Thumbnail Join Talent Community@2X

Connect with a career that’s right for you.

Introduce yourself and we'll get in touch monthly to share career insights and company news.

Join Our Talent Community