Ed, Risk Information Officer-Technology & Risk Management (Any Kp Location)

This position is responsible for establishing and cultivating the relationship with KP business unit Executive Leaders to support their strategic goals while identifying and managing technology risks, compliance risk and privacy risk to KP. This position will engage closely with senior executives across KP business units, within TRO, and the Compliance and Privacy groups. This includes executive sponsors of large programs, executive sponsors of vendor relationships, the Information Technology Executive Council, the Permanente Medical Groups, and the Technology Risk Office leadership team, to name a few.
As a leader in KP’s Technology Risk Office, this individual is responsible for developing and executing the Technology Risk Management service delivery function for KP. The service delivery ensures that appropriate TRO services are assigned and performed, and then support the business partner’s response to identified risks, business operations, and strategic goals. This function is crucial to KPIT overall strategy to increase the security, resiliency and operations of technology infrastructure and applications through appropriate technology risk management practices. Knowledge and experience in project consulting under risk and compliance framework methodologies is expected. This position is accountable for managing teams that will engage, consult, respond, and deliver to KP business partner requests for TRO services. Responsibilities will include providing feedback to TRO on behalf of the business partner, driving TRO risk reduction and avoidance activities with the business and supporting business initiatives through risk advisory, risk reduction and risk avoidance consultation and direction. This position will also direct research into new risk, security, and compliance strategies and provide expert counsel on the cost/benefits at the strategic and operational level.

• Assure compliance and adherence with company guidelines and Principles of Responsibility
• Direct research into new risk, security, and compliance strategies, then provide guidance on planning, evaluation and implementation of such methodologies and drive TRM Product Management to deliver better solutions.
• Provide strategic advisory to KP executives and program leadership during pre-service request consultation, strategic planning, and budget forecasting. Recommend investment and resource strategies to avoid and reduce risk, while balancing business requirements and advancement.
• Resolve difficult and complex risk and security issues through consultation, analysis, and effective utilization of TRO service staff, coordination with other staff, and use of contracted support.
• Provide feedback for continuous improvement to a best-in-class risk management environment leveraging regulatory controls, security monitoring, and assessment services to maintain direct contact with business technology owners.
• Create, coach, and lead internal risk consulting team that is multi-disciplined and geographically dispersed.
• Develop and maintain effective working relationships with business partners including executive and physician leaders.
• Monitor and evaluate the efficiency and effectiveness of business engagement service delivery methods and procedures; recommend, within division policy, appropriate service, and staffing levels.
• Work with TRO executive leadership to affect cross-functional change and continuous improvement based on customer feedback and through TRM Product Management.
• Support business partners by establishing business technology priorities, service engagements, regulatory and compliance adherence, and application and system control requirements and procedures, including direction on systems architecture, reuse, and development processes.
• Other tasks in support of strategic initiatives as assigned by the TRM VP and TRO SVP.
• Principle contributor to program governance along with KPIT executives for technology risk management, including communication of service engagement process, point of escalation, review of business partner feedback, and incorporation of business feedback to TRO leadership
• Direct efficient risk management, business modeling, requirements gathering, solution design, vendor engagement, solution logistics, and product-service-support alignment as a function of lifecycle management.
• Delivery performance accountability for TRO services including development and execution of operational strategy, relationship with key business partners, risk remediation project execution, and leadership of internal consulting teams focused on customer delivery.

• Minimum ten (10) years of management experience leading an organization or practice area.
• Minimum five (5) years of experience in delivering significant positive business impact in an advisory or consulting capacity in support of defined practice areas such as IT, Cyber Security, Enterprise Business Services, Human Resources, Revenue Cycle, Marketing and more core business functions for a major healthcare organization.
• Minimum ten (10) years of cyber security information technology, technology risk and/or compliance experience, preferably in health care IT environment supporting security controls and operations, compliance, and risk management.

• Bachelor’s degree in related field (Business, Healthcare, etc.)

• N/A

• Previous executive level management experience in the information technology industry, information security, and/or risk management, preferably in the healthcare industry.

• Contribution to the industry through thought leadership and security industry participation, preferably in healthcare focused organizations, such as H-ISAC, FS-ISAC, FDA, HIMSS and others.
• Master’s degree
• At least one of the following nationally recognized certifications strongly preferred: CRISC, CISM, CISA, CISSP

PrimaryLocation : Colorado,Greenwood Village,Greenwood Plaza IT
HoursPerWeek : 40
Shift : Day
Workdays : M-F
WorkingHoursStart : 08:00 AM
WorkingHoursEnd : 05:00 PM
Job Schedule : Full-time
Job Type : Standard
Employee Status : Regular
Employee Group/Union Affiliation : NUE Executives|NUE|Non Union Employee
Job Level : Director/Senior Director
Job Category : Information Technology
Department : Po/Ho Corp - Rgnl Clrng-KPIT - 0308
Travel : No
Kaiser Permanente is an equal opportunity employer committed to a diverse and inclusive workforce. Applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), age, sexual orientation, national origin, marital status, parental status, ancestry, disability, gender identity, veteran status, genetic information, other distinguishing characteristics of diversity and inclusion, or any other protected status.