Vp, Technology Risk Mgmt

This position is responsible for the development, implementation, and on-going refinement of strategies for an effective risk control framework and for identifying, evaluating, and managing overall IT-related risks at Kaiser Permanente (KP) and its affiliates. As healthcare delivery grows increasingly dependent on technology and increasing levels of regulatory requirements demand additional risk management rigor, KP must implement highly resilient, reliable, and effective solutions that meet, and in some cases exceed, performance standards found in healthcare and other information-rich industries. This position will lead a risk-based management effort to fully integrate information and technology risk processes into the way KP operates. This position will build and manage a team to identify, assess, respond, and monitor IT risk as well as establishing and maintaining executive level relationships throughout the business and clinical operations of KP, acting as a member of the TRO executive leadership team, and leading multiple levels of staff across multiple functional areas of Portfolio Management and Risk Intelligence. He/she will work to ensure that technology risks and their impact on business operations and healthcare delivery are understood, and addressed across the company, and elements of technology risks (e.g. privacy, security, compliance, outsourcing risk, geopolitical technology risk, etc.) are assessed, monitored and remediated, as necessary. He/she will ensure that IT risks are assessed under a common risk framework and in alignment with Kaiser Permanente’s overall risk management policies, standards, and procedures. Responsible for continuous improvement and feedback to a best-in-class risk management environment that leverages regulatory controls, security monitoring, and assessment services to maintain direct contact with business technology owners that assures compliance and adherence with company guidelines resulting in the maintenance of trust in the KP brand and an increase in our internal customer satisfaction.

• Manages the development of technology risk processes and procedures and actively contributes to the strategic planning process for IT.
• Technology Risk Modeling & Methodology
• Technology Risk Data and Analytics
• Represents KP interests to appropriate industry and standards forums and advises senior leadership concerning topics and trends pertaining to information security risks.
• Technology Risk Management Governance and Oversight
• Leads the operations of Technology Risk Management
• Works directly with KP and PMG Executive Leadership to design solutions that enable strategy and innovation while mitigating and minimizing exposure to risk.
• Ensures that an appropriate KP-wide governance structure is in place and highly functional.
• Manages vendor risk assessment program.
• Technology Risk Assessment
• Works with other risk management units – including but not limited to - IT Compliance, National Compliance, Audit, and outside consultants to perform assessments and perform controls testing.
• Controls Integration Services
• Provides domain expertise to business units around emerging technology risk topics.
• Develops strategic and operational goals and influence functional areas to address IT Risk issues.
• Resolves difficult and complex risk and security issues through consultation, analysis, and effective utilization of TRO service staff, coordination with other information staff, and use of contracted support.
• Conducts on-going assessments of risks introduced by technology investments.
• Application Security
• Accountable executive for Technology Risk Management functions within Kaiser Permanente
• Develops and leads (including governance, reporting, and monitoring) all Technology Risk Management efforts across KP.
• Executes on core functions:
• Designs and implements an IT Risk Management Framework
• Is the IT Risk leader on internal executive councils and committees.
• Works with applicable Permanente Medical Group Leadership, KP business, operational and IT organizations to help ensure that business and IT projects are appropriately monitored for IT risks.
• Conducts annual enterprise technology risk assessment and provides assessment report to leadership.
• Develops strong relationships and interacts with Senior Leadership, Business Units, Permanente Medical Group Leadership, Market Leadership, Internal Audit, External Regulators, Legal and Compliance, Privacy, and IT.
• Technology Risk Product Management
• Responds to requests from potential/actual KP corporate customers inquiring about implementation of IT Risk measures.
• Develops technology risk management goals and objectives and establishes standards and process/procedures, cost analysis, and controls by working collaboratively with key stakeholders to ensure that all regulatory mandates and requirements are addressed.
• Manages escalation of issues relating to the overall IT Risk environment.
• Develops and implements risk reporting on progress for achieving and implementing IT Risk strategies, plans, products, and controls.
• Enterprise Technology Risk Report and Risk Quantification
• Portfolio Management and Risk Intelligence
• Consults with KP leadership in business operations, IT, Compliance, Audit, Legal and Communications on information security risk issues.
• Risk Management Operations
• IT Vendor Risk Management
• Partners with key stakeholders as a trusted advisor to the organization
• Leads the development of a technology risk management framework that defines how people, process and technology provide a more effective risk managed environment and support business objectives.

• Minimum ten (10) years of escalating managerial work-experience in a highly diversified organization.
• Minimum ten (10) years of increasing responsibility and work complexity in a risk management field (compliance, internal audit, risk management law, etc.) to include progressive management roles in large, complex organizations with successive levels of accountability and results.

• Bachelor’s degree in related field (Health Care, Business, etc.)

• N/A

• Strong verbal and written communication skills and demonstrated proven technical leadership.
• Ability to build relationships and foster a cooperative work environment with a wide range of constituencies in a diverse community.
• Demonstrated ability to influence and motivate interdisciplinary teams.
• Ability to build consensus and to work through others in achieving desired results and objectives.
• Strategic business management and organizational planning skills.
• Passionate leader capable of driving cross-organizational efforts to evangelize the platform and vision directly tied to compliance.
• Operational experience and understanding of the financial process and principles. Significant risk management orientation, coupled with business process expertise and acumen.
• Consistent ability to set and deliver against a plan in a fast-paced environment with constant attention to detail.
• Extensive experience working with cross-functional and global teams, business users and vendors.
• Experience managing complex, matrix-based organizations.
• Significant knowledge of all pertinent regulatory requirements and compliance program elements.
• Demonstrated high ethics and integrity.
• Demonstrated knowledge of current thinking and practice around the business of technology risk management related to information technology delivery and innovation.
• Advanced interpersonal skills to deal effectively with complex and/or sensitive issues with a wide variety of influential internal and external parties.
• Excellent presentation, verbal, and written communication, interpersonal, analytical, decision-making, problem solving, project management, negotiation, and customer service skills.
• Demonstrated ability to build strong internal and external relationships that ensure the successful delivery of compliance policy.
• Skilled people manager.
• Demonstrated ability to collaborate, communicate and work effectively with senior leadership. and a broad cross section of management/leadership from a broad range of functional areas
• Skilled at cross cultural communications and management.
• Executive level communication and presentation skills essential.
• Strong technical credentials.
• Strong leadership, management, and negotiation skills.
• Demonstrated expertise in organizational development, project management, and strategic planning.
• Strong analytical skills with excellent problem-solving abilities with ability and judgment to ask tough questions of technical and non-technical people.

• Master’s degree
• Ten years of escalating managerial work-experience in a highly diversified organization (KP experience desirable).

PrimaryLocation : Colorado,Greenwood Village,Greenwood Plaza IT
HoursPerWeek : 40
Shift : Day
Workdays : M - F
WorkingHoursStart : 08:00 AM
WorkingHoursEnd : 05:00 PM
Job Schedule : Full-time
Job Type : Standard
Employee Status : Regular
Employee Group/Union Affiliation : NUE Executives|NUE|Non Union Employee
Job Level : Executive/VP
Job Category : Information Technology
Department : Po/Ho Corp - Rgnl Clrng-KPIT - 0308
Travel : No
Kaiser Permanente is an equal opportunity employer committed to a diverse and inclusive workforce. Applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), age, sexual orientation, national origin, marital status, parental status, ancestry, disability, gender identity, veteran status, genetic information, other distinguishing characteristics of diversity and inclusion, or any other protected status.