Senior IT Risk and Compliance Analyst

About The Position

Requirements

• Bachelor’s degree or equivalent experience and knowledge
• Five (5) years of work experience in information systems including a high degree of knowledge regarding technical infrastructure, systems, applications, and development and project methodologies.
• One (1) year of system auditing experience
• Certification in at least one related area of audit, governance, security, or service management by an accredited organization
• Understanding basic audits and the controls necessary for those audits (e.g., SSAE16, AT101, Enterprise Risk Assessments, Sarbanes Oxley, etc.)
• Understanding of audit and security standards, e.g., CoBit, NIST, ISO27001, ISO27002, etc.
• Strong understanding of Risk Management Practices, industry standards, and utilization
• Strong understanding of controls and adequate evidence capture for controls.
• Understanding of federal and state security related legislation including HIPAA, Joint Commission, and Meaning Use
• Proven experience coordinating and disseminating activities, responses, documentation, and meetings.
• Effective communication skills; verbal and written on technical and non-technical topics.
• Experience presenting concepts and training.
• Strong people skills; consistent service orientation and delivery for internal and external customers
• Analysis and problem-solving experience.
• Understanding of Project Management, Software Development Lifecycles, Capacity, Availability, and Service Management
• Understanding of Information Technology architectures, infrastructure components, and networks

Nice To Haves

• ITIL Foundations Certification
• CISA Certification

Responsibilities

• Addresses questions about evidence, interprets audit and third-party requests, and ensures the appropriate submission of evidence.
• Documents, updates, and maintains the IT Control database.
• Assists in the development of IT Controls.
• Communications compliance and risk status ensuring timely delivery of compliance and risk deliverables.
• Recommends remediation methods for audit deficiencies, tracking observation remediation through completion.
• Partners within IT for the coordination and management of risk mitigation plans.
• Documents and manages the risk repository and library; ensuring risk assessments meet IT defined standards and requirements.
• Ensures risk policy, procedures and assessments are reviewed and updated timely.
• Partners within IT Risk and Compliance to assess and document risks; assists business and/or IT owners with risk decisions and selecting mitigating activities.
• Assists with IT Compliance Strategy development with an integrated approach to audit, risk, and security.
• Maintains spot audit program, managing mitigations and control deficiencies.
• Gathers, documents, and published security, risk, and compliance metrics.
• Drafts policies, procedures, and standards in partnership with IT Management and leaders; ensuring policies are reviewed timely and up to date.
• Facilitates business and IT risk mitigation and audit remediation decisions, providing options, cost/benefit analysis, and impact analysis for recommended solutions.
• Proposes audit observation and remediation activities.
• Maintains the Governance, Risk, and Compliance tools to support IT Risk and Compliance Service Delivery.
• Provides compliance and risk management awareness, integrating compliance and risk into HealthPartners workforce daily activities.
• Maintains awareness of the latest developments in the areas of system audits, industry standards (e.g., CoBit, ISACA Standards, ITIL, etc.), and regulatory and standard changes (e.g., HIPAA, PCI Standards, etc.).