Martin's Point Health Care
Director IT Compliance, Audit and Risk - CAR (Remote)
Martin's Point Health Care, Portland, Oregon, United States, 97204
Join Martin's Point Health Care - an innovative, not-for-profit health care organization offering care and coverage to the people of Maine and beyond. As a joined force of "people caring for people," Martin's Point employees are on a mission to transform our health care system while creating a healthier community. Martin's Point employees enjoy an organizational culture of trust and respect, where our values - taking care of ourselves and others, continuous learning, helping each other, and having fun - are brought to life every day. Join us and find out for yourself why Martin's Point has been certified as a "Great Place to Work" since 2015.
Position Summary
Martin’s Point Healthcare seeks a dynamic Director of IT Compliance, Audit, and Risk (CAR) to establish and drive IT leadership alongside business partners in the programmatic execution of multiple IT regulatory and compliance initiatives. This role will oversee the comprehensive management and oversight of compliance programs, particularly focusing on System Security Plans (SSP), NIST, MAR (Model Audit Rule), CMMC (Cybersecurity Maturity Model Certification), and MBOI (Maine Bureau of Insurance) initiatives.
The Director of IT CAR will report to the Chief Information and Digital Officer (CIDO) and will create partnerships with IT leadership, including the Senior Vice President of IT, Chief Information Security Officer (CISO), Vice President Chief Technology Officer (VP/CTO), other IT directors, business partners, and the legal and compliance team.
This position offers a remote work schedule. East coast time zone applicants are encouraged to apply. In compliance with MPHC’s Department of Defense government contract, any/all persons hired for this position will need to verify their US citizenship and complete the required employment eligibility verification upon hire. Come work for a nationally certified GREAT PLACE TO WORK and dynamic IT Team! Apply today for immediate consideration.
Job Description Key Outcomes: Leadership and Strategy:
Establishes and drives IT compliance, audit, and risk mitigation programs to ensure adherence to regulatory requirements and organizational policies.
Leads and advances Compliance, Audit, and Risk (CAR) governance structures and functions within IT while ensuring key business stakeholders are activated and engaged to drive compliance programs and mitigate risk.
Creates and maintains partnerships across IT leadership and other IT directors, as well as business partners, legal, and compliance teams.
Provides key input and assists in the preparation of IT-related submissions of audit and regulatory responses, ensuring accuracy and completeness in compliance with regulatory guidelines.
Manages people and teams, including mentoring, developing, and overseeing performance.
Regulatory Projects:
Executes key projects across global technology services to deliver against regulatory commitments.
Identifies and assesses IT regulatory risks and proposes appropriate mitigation strategies.
Provides regulatory input to risk management activities, including risk assessments and risk mitigation plans.
Compliance Program Management:
Develops, implements, and maintains a comprehensive IT compliance governance model and program that includes performance auditing, monitoring, and reporting, all feeding into larger IT governance structures and functions.
Creates and revises policies and procedures and develops and follows through on corrective action plans.
Identifies potential IT-specific compliance risks and leads mitigation planning activities to support corrective action plans.
Collaborates with Corporate Compliance & Legal on IT compliance, audit, and risk progress, and mitigation plans, and seeks expert consultation.
New Regulatory Guidance:
Identifies, researches, and disseminates new IT-specific regulatory guidance in collaboration with Legal & Compliance.
Provides leadership across the IT department and business to evaluate new guidance, prepare gap analyses, and ensure timely implementation and alignment with IT and business departmental operations.
Maintains comprehensive documentation (internal and external audit documentation) of activities for internal and external audits.
Audits, Monitoring, and Reporting:
Fosters an "audit-ready" culture within the IT department.
Coordinates internal and external audit activities, as well as internal monitoring and reporting activities, with IT senior management, Corporate Compliance & Legal, and other business units.
Creates and updates audit IT-specific universes, reviews audit results, and ensures timely follow-up communication and corrective actions.
Documents audit and performance improvement activities comprehensively.
Organizational Interactions:
Assists in developing IT compliance best practices and advises internal management and business partners on IT CAR program implementation and progress.
Collaborates with cross-functional teams, especially the IT Security Team, to conduct various IT compliance reviews (e.g., NIST, IT Policy, IT Best Practice) to identify issues and areas for improvement in IT processes and systems.
Facilitates timely remediation of issues and implementation of recommended improvements with various IT teams, including the IT PMO to help track and support key initiatives.
Education/Experience:
Bachelor’s degree in Information Systems, Cybersecurity or equivalent combination of education and experience; Master’s degree preferred.
10 years’ experience in a technical lead role in health care.
We are an equal opportunity/affirmative action employer.
Do you have a question about careers at Martin’s Point Health Care? Contact us at: jobinquiries@martinspoint.org
Job Type: Full-time
Work Location: Hybrid remote in Portland, ME 04103
#J-18808-Ljbffr
Position Summary
Martin’s Point Healthcare seeks a dynamic Director of IT Compliance, Audit, and Risk (CAR) to establish and drive IT leadership alongside business partners in the programmatic execution of multiple IT regulatory and compliance initiatives. This role will oversee the comprehensive management and oversight of compliance programs, particularly focusing on System Security Plans (SSP), NIST, MAR (Model Audit Rule), CMMC (Cybersecurity Maturity Model Certification), and MBOI (Maine Bureau of Insurance) initiatives.
The Director of IT CAR will report to the Chief Information and Digital Officer (CIDO) and will create partnerships with IT leadership, including the Senior Vice President of IT, Chief Information Security Officer (CISO), Vice President Chief Technology Officer (VP/CTO), other IT directors, business partners, and the legal and compliance team.
This position offers a remote work schedule. East coast time zone applicants are encouraged to apply. In compliance with MPHC’s Department of Defense government contract, any/all persons hired for this position will need to verify their US citizenship and complete the required employment eligibility verification upon hire. Come work for a nationally certified GREAT PLACE TO WORK and dynamic IT Team! Apply today for immediate consideration.
Job Description Key Outcomes: Leadership and Strategy:
Establishes and drives IT compliance, audit, and risk mitigation programs to ensure adherence to regulatory requirements and organizational policies.
Leads and advances Compliance, Audit, and Risk (CAR) governance structures and functions within IT while ensuring key business stakeholders are activated and engaged to drive compliance programs and mitigate risk.
Creates and maintains partnerships across IT leadership and other IT directors, as well as business partners, legal, and compliance teams.
Provides key input and assists in the preparation of IT-related submissions of audit and regulatory responses, ensuring accuracy and completeness in compliance with regulatory guidelines.
Manages people and teams, including mentoring, developing, and overseeing performance.
Regulatory Projects:
Executes key projects across global technology services to deliver against regulatory commitments.
Identifies and assesses IT regulatory risks and proposes appropriate mitigation strategies.
Provides regulatory input to risk management activities, including risk assessments and risk mitigation plans.
Compliance Program Management:
Develops, implements, and maintains a comprehensive IT compliance governance model and program that includes performance auditing, monitoring, and reporting, all feeding into larger IT governance structures and functions.
Creates and revises policies and procedures and develops and follows through on corrective action plans.
Identifies potential IT-specific compliance risks and leads mitigation planning activities to support corrective action plans.
Collaborates with Corporate Compliance & Legal on IT compliance, audit, and risk progress, and mitigation plans, and seeks expert consultation.
New Regulatory Guidance:
Identifies, researches, and disseminates new IT-specific regulatory guidance in collaboration with Legal & Compliance.
Provides leadership across the IT department and business to evaluate new guidance, prepare gap analyses, and ensure timely implementation and alignment with IT and business departmental operations.
Maintains comprehensive documentation (internal and external audit documentation) of activities for internal and external audits.
Audits, Monitoring, and Reporting:
Fosters an "audit-ready" culture within the IT department.
Coordinates internal and external audit activities, as well as internal monitoring and reporting activities, with IT senior management, Corporate Compliance & Legal, and other business units.
Creates and updates audit IT-specific universes, reviews audit results, and ensures timely follow-up communication and corrective actions.
Documents audit and performance improvement activities comprehensively.
Organizational Interactions:
Assists in developing IT compliance best practices and advises internal management and business partners on IT CAR program implementation and progress.
Collaborates with cross-functional teams, especially the IT Security Team, to conduct various IT compliance reviews (e.g., NIST, IT Policy, IT Best Practice) to identify issues and areas for improvement in IT processes and systems.
Facilitates timely remediation of issues and implementation of recommended improvements with various IT teams, including the IT PMO to help track and support key initiatives.
Education/Experience:
Bachelor’s degree in Information Systems, Cybersecurity or equivalent combination of education and experience; Master’s degree preferred.
10 years’ experience in a technical lead role in health care.
We are an equal opportunity/affirmative action employer.
Do you have a question about careers at Martin’s Point Health Care? Contact us at: jobinquiries@martinspoint.org
Job Type: Full-time
Work Location: Hybrid remote in Portland, ME 04103
#J-18808-Ljbffr