Manager, Risk (IT)

About The Position

Requirements

• 5+ years of experience in IT security, IT risk management, compliance, audit, or a related field.
• Experience leading people or complex risk workstreams.
• Hands‑on experience with third‑party/vendor risk assessments and exception management.
• Working knowledge of HIPAA, ISO, and NIST frameworks.
• Strong ability to translate technical risk into clear, business‑relevant recommendations.
• Demonstrated ability to drive risk remediation through partnership and accountability.

Nice To Haves

• Healthcare industry experience (preferred, not required).
• Experience assessing cloud environments and cloud service providers.
• Familiarity with AI‑related risks and third‑party AI services.
• Experience with GRC or vendor risk management tooling.

Responsibilities

• Team Leadership & Development Lead, coach, and develop a team of IT Risk Analysts; set clear expectations and manage workload, prioritization, and quality. Foster a collaborative, accountable team culture focused on outcomes and continuous improvement. Establish and maintain standard playbooks, templates, and quality practices.
• Third‑Party Risk Management Oversee the end‑to‑end third‑party risk assessment lifecycle for technology vendors. Ensure assessments appropriately address cloud services, AI‑enabled solutions, and emerging technology risks. Partner with Procurement, Legal, Privacy, and Information Security to align risk expectations with onboarding, renewals, and contracting. Communicate risk findings clearly to support informed business decisions.
• Exception Management Own the formal exception process for security policy and standards violations. Evaluate risk, document compensating controls, manage approvals, track expirations, and drive remediation. Maintain transparency and escalation for aged or high‑risk exceptions.
• Enterprise Risk Assessments (HIPAA) Conduct and oversee enterprise risk assessments related to HIPAA control gaps or failures. Document clear risk statements, assess likelihood and impact, and map findings to appropriate frameworks Partner with Privacy, Compliance, and IT Audit teams to ensure patient data protection remains central to risk decisions.
• Continuous Monitoring Run a continuous monitoring program to identify changes in vendor risk posture, including incidents and control changes. Define monitoring tiers and response triggers aligned to vendor criticality. Translate monitoring signals into actionable risk decisions and follow‑up.
• Risk Tracking, Reporting & Governance Maintain risk registers, remediation trackers, and exception metrics. Drive clear ownership and accountability for remediation across IT and business partners. Prepare concise, executive-ready reporting on key risks, trends, and decisions. Apply HIPAA, ISO, and NIST principles in practical, business-aligned ways. Support internal and external audits and help reduce repeat findings.
• Process Improvement & Tooling Continuously improve intake, assessment, exception, and monitoring processes. Leverage cloud and AI tools thoughtfully to improve efficiency and insight. Identify opportunities to simplify, automate, and scale risk processes.

Benefits

• More than just pay, our DaVita Rewards package connects teammates to what matters most.
• Teammates are eligible to begin receiving benefits on the first day of the month following or coinciding with one month of continuous employment.
• Below are some of our benefit offerings.
• Comprehensive benefits: Medical, dental, vision, 401(k) match, paid time off, PTO cash out
• Support for you and your family: Family resources, EAP counseling sessions, access Headspace®, backup child and elder care, maternity/paternity leave and more
• Professional development programs: DaVita offers a variety of programs to help strong performers grow within their career and also offers on-demand virtual leadership and development courses through DaVita’s online training platform StarLearning.