Corporate Services and Digital Technologies Compliance Consultant Senior Portland, OR
Corporate Services & Digital Technologies - Compliance Consultant Senior
Named to the Computerworld Top 100 Best Places to Work for seven straight years, reaching number 7 in 2016, the Kaiser Permanente IT organization is the team that powers the health IT leadership of Kaiser Permanente. If you are excited about working with cutting edge technology, and have the right blend of creativity and experience, consider the following opportunity within our Corporate Services & Digital Technologies team.
Under the CSDT HR and BIO Compliance Portfolio (HRBC), includes the My HR Platform, HR Applications Portfolio, and CSDT Compliance, as well as, Program Management Functions for the National Agreement Implementation (NAI) Program and an IT-Wide Transformational program, Solution Delivery Life Cycle (SDLC).
The Compliance Consultant Senior will report into the HRBC CSDT Compliance Organization, which represents BIO-wide compliance functions.
The Corporate Services & Digital Technologies Compliance Team provides subject matter expertise from technical, project management and business consulting perspective in support of KPIT Compliance activities. Members of this team work across several Compliance related initiatives to ensure appropriate processes, procedures and controls are adequately designed, implemented, or remediated to meet audit and compliance expectations (e.g.; SOX, PCI, HIPAA, etc.), operating efficiency goals, and other business objectives
The continued evolution of Health Care reform has driven unprecedented changes in the regulatory and Compliance landscape within the Health Care industry. You will be responsible for collaborating with business and technology constituencies to address these evolving challenges by embedding risk management and compliance management competencies into day-to-day activities. The success of this unit requires dedicated professionals who possess the analytical, feasibility, relationship and executive summary skills needed to form highly reliable risk management strategies to meet various Compliance requirements.
Within the Corporate Services & Digital Technologies Compliance Team, you will provide SOX and HIPAA compliance analysis and consultation for the Corporate Services & Digital Technologies Organization. In addition, you will possess the analytical, feasibility, business case and executive summary skills needed to form highly reliable risk management strategies to meet various compliance requirements.
Responsibilities of the Compliance Consultant Senior include:
* Developing an in depth understanding of the KP-IT infrastructure, various internal organization standards and remain current with emerging regulatory sentiments as well as solution trends in the marketplace.
* Identify and evaluate business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement
* Experience with internal controls, risk assessments, business process and internal IT control testing or operational auditing
* Demonstrated ability to write summary reports and to participate in presentations
* Ability to take initiative to communicate, interact, and cooperate with others to ensure that all aspects of a task are addressed
* Generate innovative ideas
* Exhibit pragmatism in formulating process remediation and implementation strategies, defining work tracks; and submitting assessment findings and recommendations
* Design sustainment processes and measurement systems to ensure that Compliance requirements can continue to be maintained over time.
* Develop and nurture trusted relationships with Business Partners, Application Control Owners, Security & Compliance Leaders, and other Compliance Team Members to gain consensus approvals on strategies, recommendations, findings, project plans, etc.
* Demonstrate knowledge in one or more of the following information security domains, including:
o Security Governance and Management
o Change Management
o HIPAA Security Program
o Policies and Procedures
o Access Control
o Identity Management & Elevated User Activity Monitoring
o IT Risk Management
o Statement on Standards for Attestation Engagements 16 (SSAE16)
o Participate in training efforts
Day to day tasks include performing HIPAA security control assessments of applications with PHI, and proposing remediation.
Performing change management control self assessments of SOX applications, executing quarterly developer access reviews, supporting team leads by participating in the assessment and remediation of legacy applications and new deployments. Working proactively with project and program managers to resolve issues.
- A minimum of 5 years of experience in heath care compliance, health care operations (quality, risk, etc.), audit, finance, project management, regulatory or public policy development, investigations, information security, or insurance/health plan governance experience.
- Thorough knowledge of health care compliance policies, practices and systems.
- Complete understanding of compliance principles, theories, and concepts.
- Full knowledge of health care industry practices and standards.
- Ability to draft and revise documents including policies, standards, analyses, and reports.
- Project management skills
- Thorough knowledge of health care and related compliance issues.
- A Bachelor's Degree, clinical degree or 4 years of equivalent work experience
* Bachelor degree in Computer Science, Information Systems, Management Information Systems, or Business Administration or another related field. Significant and relevant technical experience meeting the job description may be substituted for degree requirements.
* 8+ years technology risk management experience (e.g. Audit, Compliance, etc.) in a highly-regulated industry. This would include the following disciplines:
o Current information security and compliance vendor landscape
o Control frameworks such as COSO
o Regulatory requirements HIPAA, SOX, PCI-DSS, Privacy
o Candidate should demonstrate versatility with a record of accomplishment of experience in interpretation and application of a broad spectrum of regulatory imperatives.
* Proven Experience in performing broad scale, complex IT Assessments.
* Excellent written and verbal communication skills.
* Ideal candidate is a change driver and has a strong record of accomplishment of influence in large, consensus-driven organizations.
* Candidate functions effectively as an individual contributor.
* Solid understanding of Enterprise Risk Management and Strategy frameworks as well as understanding of current enterprise threat scenario as related to healthcare
* Will be required to know or learn the KP-IT program and process methodology and to execute it within the established KP and KP-IT organizational framework and oversight processes.
* Certified HIPAA Professional (CHP)
* Certified Information Security Analyst/Manager (CISA/M) designation
* Experience in internal consulting and customer account management; defining engagement scope, negotiating commitments, gathering requirements, defining deliverables, designing integrated solutions, and overseeing technical implementations considered a plus
* Experience with PeopleSoft platform
CI Business Consultant - Consultant Specialist Job Description
Primary Location: Oregon,Portland,Montgomery Park 2701 NW Vaughn St.
Scheduled Hours (1-40): 40
Working Days: Mon-Fri
Job Type: Standard
Employee Status: Regular
Employee Group: Salaried, Non-Union, Exempt
Job Level: Individual Contributor
Job: Compliance / Privacy / Regulatory
Public Department Name: CSDT HRBC Compliance
External hires must pass a background check/drug screen. Qualified applicants with arrest and/or conviction records will be considered for employment in a manner consistent with Federal, state and local laws, including but not limited to the San Francisco Fair Chance Ordinance. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, protected veteran, or disability status.
Submit Click here for additonal requirements