Skip To Content

Senior Monitoring Analyst

Highmark Health

Company :

Highmark Health

Job Description : 


This job performs governance, risk, and compliance (GRC) risk monitoring and executes risk treatment processes and activities.  This includes monitoring, tracking, and reporting on risk across second line of defense functions (i.e., privacy, compliance, information security, quality, legal) and supporting a broad range of frameworks including NIST, HITRUST, PCI, HIPAA, SOC, MAR, CMS, JCAHO, NCQA, the BCBSA, etc.  The incumbent is responsible for executing continuous monitoring of enterprise policies, standards, procedures/controls, business continuity/disaster recovery plans, etc. aimed to detect, prevent, and respond to risks across the enterprise risk taxonomy.  Develops and oversees suite of multi-disciplinary risk monitoring reports. Applies risk decisioning criteria and exception handling criteria, and ensures risk treatment solutions are delivered according to contractual and other service-level obligations.  Leads implementation and monitoring of corrective action measures based on internal or external audits/examinations.  Seeks input on quality and effectiveness of own work while also takes responsibility to review the work of others for quality, adherence to standard practices and procedures, and to determine the realization of measurable risk treatment outcomes. May take on role project leadership roles for special assignments. Assists with mentoring less experienced team members. Has a proactive mindset and approach and feels comfortable working in a highly matrixed environment.


  • Develops and executes a monitoring function intended to prevent, detect, and respond to risks, in partnership with business units and Senior Risk Partner (SRPs).  Works with business units and other ERG constituents to prioritize monitoring activities. 
  • Develops programs and executes reporting and monitoring activities pertaining to known issues as well as threat and vulnerability scan reporting on applications, networks, operating systems, etc. to identify risk. 
  • Monitors current compliance environment including corporate policies and procedures and other rules and regulations through trend and other data analysis.  Leads creation and adoption of ad-hoc and other reports pulling data from various sources and/or run system reports.  Conducts complex analysis on reports and data sets to ensure systems and/or results meet expected thresholds/tolerances.
  • Monitors Corrective Action / Remediation Plans, as necessary;  reviews and analyzes results against expectations/benchmarks and communicates outcomes to management including Senior Risk Partners (SRPs). Applies relevant reporting and data analysis techniques to all work products.  
  • Executes against and provides ongoing feedback on risk treatment methodology in partnership with Risk Strategy (avoid, accept, transfer, mitigate).  Collaborates with other areas of Risk Operations to prioritize, to escalate, and to improve risk intelligence and risk assessment activities. 
  • Researches, creates, and implements novel approaches to training and education on GRC process automation, reporting, and monitoring.  Contributes to knowledge management repositories and other communities of practice.
  • Other duties as assigned or requested.



  • Bachelor's Degree in Accounting, Business, Computer Science, Data Science, Finance, IT or related field


  • 6 years of related and progressive experience in lieu of Bachelor's degree


  • None



  • 5 years with governance, risk, and compliance technology or related reporting and monitoring experience, preferably with the Archer GRC suite and/or in a healthcare or healthcare related industry, with increasing responsibility.
  • 3 years of interacting with regulators, auditors, and oversight bodies


  • 3 years of report design, multi-disciplined data aggregation and analysis
  • 3 years of continuous controls and process monitoring



  • None

Preferred (any of the following)

  • Certified Public Accountant (CPA)
  • Certified Information Systems Auditor (CISA)
  • Juris Doctorate (JD)
  • Certified Information Privacy Professional (CIPP)


  • Strong knowledge of business and technology processes, risk and control frameworks, and assessment methodologies, particularly as applied to healthcare (payer and provider) business processes
  • Strong knowledge of how to leverage technologies to drive efficient and effective GRC processes across payor/provider industries
  • Demonstrated resource and project planning capabilities, decision making skills, history of results-oriented delivery, and effective team work across a global and diverse team of staff
  • Strong written and verbal communication skills for diverse audiences (senior management, board, peer, and team)
  • Strong relationship building skills and ability to influence with and without authority in a matrixed organization
  • Demonstrated leadership qualities with an ability to motivate and inspire a group of individuals to achieve superior results

Language (Other than English):


Travel Requirement:

0% - 15%


Position Type


Teaches / trains others regularly


Travel regularly from the office to various work sites or from site-to-site


Works primarily out-of-the office selling products/services (sales employees)


Physical work site required


Lifting: up to 10 pounds


Lifting: 10 to 25 pounds


Lifting: 25 to 50 pounds


Disclaimer: The job description has been designed to indicate the general nature and essential duties and responsibilities of work performed by employees within this job title. It may not contain a comprehensive inventory of all duties, responsibilities, and qualifications required of employees to do this job.

Compliance Requirement : This job adheres to the ethical and legal standards and behavioral expectations as set forth in the code of business conduct and company policies.

As a component of job responsibilities, employees may have access to covered information, cardholder data, or other confidential customer information that must be protected at all times.  In connection with this, all employees must comply with both the Health Insurance Portability Accountability Act of 1996 (HIPAA) as described in the Notice of Privacy Practices and Privacy Policies and Procedures as well as all data security guidelines established within the Company’s Handbook of Privacy Policies and Practices and Information Security Policy. 

Furthermore, it is every employee’s responsibility to comply with the company’s Code of Business Conduct. This includes but is not limited to adherence to applicable federal and state laws, rules, and regulations as well as company policies and training requirements.

Pay Range Minimum:


Pay Range Maximum:


Base pay is determined by a variety of factors including a candidate’s qualifications, experience, and expected contributions, as well as internal peer equity, market, and business considerations.  The displayed salary range does not reflect any geographic differential Highmark may apply for certain locations based upon comparative markets.

Highmark Health and its affiliates prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, age, religion, sex, national origin, sexual orientation/gender identity or any other category protected by applicable federal, state or local law. Highmark Health and its affiliates take affirmative action to employ and advance in employment individuals without regard to race, color, age, religion, sex, national origin, sexual orientation/gender identity, protected veteran status or disability. 

EEO is The Law

Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled/Sexual Orientation/Gender Identity ( )

We endeavor to make this site accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact number below.

For accommodation requests, please contact HR Services Online at

California Consumer Privacy Act Employees, Contractors, and Applicants Notice

Thumbnail Join Talent Community@2X

Connect with a career that’s right for you.

Introduce yourself and we'll get in touch monthly to share career insights and company news.

Join Our Talent Community