Principal Risk Analyst - IS Mod

About The Position

Requirements

• Bachelor’s degree and 7 years’ experience in business analysis, compliance, privacy, insider threat, information security, human resources, risk management, information science, business administration, law enforcement, health or science-related fields OR Master’s degree and 5 years’ experience in business analysis, compliance, privacy, insider threat, information security, human resources, risk management, information science, business administration, law enforcement, health or science-related fields.
• Extensive experience in regulatory compliance and investigations that includes: Deep subject matter expertise in relevant compliance laws and regulations such as privacy compliance, investigations, revenue cycle compliance, device manufacturing compliance, general compliance, conflict of interest.
• Understanding of and ability to apply the Seven Elements of an Effective Compliance Program.
• Ability to carry out audits, assessments and investigations.
• Ability to use relevant compliance tools including GRC software, monitoring tools, and issue management software.
• Technical and nontechnical communication skills (verbal and written).
• Analytical aptitude.
• Project management skills.
• Demonstrates high level integrity and ability to use discretion and maintain confidential information.
• Incumbent must be able to obtain government security clearances on behalf of the organization.

Nice To Haves

• Masters of Healthcare Administration, Business Administration, or Science preferred.
• Certified Fraud Examiner (CFE), Certification in Healthcare Compliance (CHC) or Healthcare Privacy Compliance (CHPC) preferred.
• Professional leadership skills.
• Ability to maintain highest level of confidentiality.
• Advanced analytical and problem-solving skills.
• Investigation and audit experience.
• Ability to work with limited management involvement.
• Effective training and presentation skills.
• Knowledge of operational risk best practices, effectiveness evaluations and resources.
• Demonstrated ability to set priorities and to respond to changing demands from multiple sources.
• Ability to follow-through, meet regulatory deadlines, anticipate requirements, and build relationships.
• Ability to communicate effectively with diverse groups including attorneys, physicians, patients, allied health staff, researchers, and vendors.
• Ability to work collaboratively in a team environment with minimal supervision.
• Advanced Microsoft Office skills including: Excel, Word, Visio, and Power Point.
• Specialized skills e.g. forensic accounting, forensic tools, insider threat, data loss prevention (for some roles).
• JD or Masters Degree preferred.
• Certified as CHC, CHPC, CCEP, CISSP, CISM, CITPM or relevant equivalent certification; or will obtain certification within 2 years of hire is preferred.

Responsibilities

• Supports and develops RD initiatives.
• Responsible for the design of enterprise business operations, including operational growth and development.
• Leads multi-disciplinary workgroups and projects.
• Responsible for development of policies and procedures to support the organization's risk tolerance.
• Gathers and organizes information from a cross-functional investigative team.
• Works directly with Legal and Human Resources on high risk internal and external investigations.
• Works directly with Legal and External Counsel on policy, regulatory and/or litigation matters (using eDiscovery protocols).
• Completes documentation to support findings including legal reports, SBARs, and executive summaries.
• Responsible for peer review of work unit documentation.
• Develops and presents Risk training(s) geared towards Mayo Clinic leadership.
• Ability to follow and apply legal holds and execute proper preservation of evidence and chain of custody protocols.
• Depending on role this may include the ability to follow proper computer forensic evidence handling, advanced knowledge of data preservation, acquisition of computing and storage devices either fixed or mobile and more technical forensic investigations.
• Other functions and projects as assigned.