Job Information
HCA Healthcare Risk Management Analyst II in Nashville, Tennessee
Description
Introduction
Are you looking for a work environment where diversity and inclusion thrive? Submit your application for our Risk Management Analyst II opening with HCA Healthcare today and find out what it truly means to be a part of the HCA Healthcare team.
Benefits
HCA Healthcare, offers a total rewards package that supports the health, life, career and retirement of our colleagues. The available plans and programs include:
Comprehensive medical coverage that covers many common services at no cost or for a low copay. Plans include prescription drug and behavioral health coverage as well as free telemedicine services and free AirMed medical transportation.
Additional options for dental and vision benefits, life and disability coverage, flexible spending accounts, supplemental health protection plans (accident, critical illness, hospital indemnity), auto and home insurance, identity theft protection, legal counseling, long-term care coverage, moving assistance, pet insurance and more.
Free counseling services and resources for emotional, physical and financial wellbeing
401(k) Plan with a 100% match on 3% to 9% of pay (based on years of service)
Employee Stock Purchase Plan with 10% off HCA Healthcare stock
Family support through fertility and family building benefits with Progyny and adoption assistance.
Referral services for child, elder and pet care, home and auto repair, event planning and more
Consumer discounts through Abenity and Consumer Discounts
Retirement readiness, rollover assistance services and preferred banking partnerships
Education assistance (tuition, student loan, certification support, dependent scholarships)
Colleague recognition program
Time Away From Work Program (paid time off, paid family leave, long- and short-term disability coverage and leaves of absence)
Employee Health Assistance Fund that offers free employee-only coverage to full-time and part-time colleagues based on income.
Learn more about Employee Benefits (https://careers.hcahealthcare.com/pages/employee-benefits-and-rewards)
Note: Eligibility for benefits may vary by location.
We are seeking a(an) Risk Management Analyst II for our team to ensure that we continue to provide all patients with high quality, efficient care. Did you get into our industry for these reasons? We are an amazing team that works hard to support each other and are seeking a phenomenal addition like you who feels patient care is as meaningful as we do. We want you to apply!
Position Summary
The Risk Management Analyst II plays a critical role in the Information Protection & Security (IPS) Risk Management team’s efforts to make risk visible, facilitate well-informed decision making, and drive accountability.
This person will partner with the Director of Risk Management and senior members of the Risk Management team in developing tactical plans in support of risk management initiatives. In partnership with senior members of the team, this person will develop, implement and operate risk management processes, facilitate efforts that require support from other stakeholders within the organization, provide industry expertise and knowledge in the identification and mitigation of organizational risk, and enable compliance with industry standards and federal regulations.
The Risk Management Analyst II will work independently, but with general supervision and direction, on varied and complex projects. This person will also interact with staff across IPS and ITG in defining, understanding and measuring threats, vulnerabilities and controls and communicating security risk.
Major Responsibilities:
The Risk Management Analyst II assists in developing, planning, implementing, and maintaining the IPS Risk Management (IPS RM) team’s processes for identifying, evaluating, reporting, tracking, and managing complex risk issues. The top priority for this role is to provide objectivity, structure, and tools to consumers of the IPS Risk Management function. Primary areas of responsibility include operating the following:
The Risk Engine that IPS RM uses to systematically evaluate risk scenarios, threats, vulnerabilities and controls
The On-Demand Risk Analysis process that the IPS RM team uses to quickly analyze developing risk scenarios to aid HCA leadership in making decisions about risk reducing actions
The IPS Risk Register that the IPS RM team uses to capture and prioritize risk scenarios, intermediate risks, and enterprise risks for the purpose of leadership reporting and risk posture monitoring
The Facilitation & Liaison program that the IPS RM team uses to effectively engage critical points of contact on other HCA teams and to successfully facilitate subject-matter-expert interaction in risk analysis and risk remediation work sessions
The Control Catalog that the IPS RM team uses to enumerate all the controls in the HCA environment and how those controls connect to company policies/standards, industry frameworks and regulations, and relevant security threats and vulnerabilities to HCA Healthcare
The Security Risk Analysis (SRA) processes and deliverables that are required to demonstrate compliance with regulations such as HIPAA and Promoting Interoperability (formerly Meaningful Use)
The Controls Exception and Risk Acceptance processes that the IPS RM team uses to document business acceptance of risk and mitigating controls
The IPS Project Portfolio priority analysis and control monitoring processes the IPS RM team uses to help IPS leadership make project funding decisions and monitor changes in control effectiveness in the HCA environment
The Risk Management modules within the GRC/IRM platform that the IPS RM team uses to operate the Risk Engine and surrounding processes
The Internal Review & Process Improvement program that the IPS RM team uses to evaluate team effectiveness and adherence to our own requirements
The development and maintenance of policies, standards and procedures that tie into the Control Catalog and Risk Management framework
The process and deliverables for corrective action and control writing in response to risks identified in SRAs conducted at HCA The management of unplanned external audit response efforts
The Risk Management Analyst II also:
Contributes to the overall Risk Management strategy and roadmap
Collaborates with the GRC Solutions team in IPS to design and implement modules that provide risk management capability in the GRC tool
Reports on status of Risk Management activities and/or initiatives
Documenting and reporting on lessons learned from risk management activities and enhancement opportunities to the risk management framework
Acts as Risk Management liaison to sister teams in IPS to foster open communication and detailed understanding of those teams' control processes and technologies
Works closely with resources (e.g., Control Owners, Risk Owners) across HCA to ensure risk management activities meet organizational needs
Coordinates resources (e.g., Control Owners, Risk Owners) across HCA engaged in risk identification and mitigation of risks
Participates in stakeholder analysis to understand how to best engage those teams and customers impacted by on-demand risk identification and facilitated mitigation activities
Engages decision makers with the output of data analysis/modeling work to facilitate well-informed decision making and drive accountability
Identifies options and provides recommendations for the design and development of risk management systems
Works with SMEs on other teams to help them define KPIs/KRIs to measure control performance
Manages processes to refresh ratings for inherent likelihood of vulnerabilities, inherent control effectiveness, control maturity, and coverage by conducting facilitated work sessions and managing automated and manual feedback forms
Facilitates risk mitigation and control implementation planning with sister teams within IPS and other stakeholders when necessary
Maintains the threat and vulnerability catalogs and coordinates with sister teams within IPS to regularly review and update when new threats, vulnerabilities or controls are introduced into the environment
Knowledge, Skills, Abilities, Behaviors:
Service and Quality Excellence: Ability to demonstrate an uncompromising commitment to delivering exceptional care to create an unmatched value proposition for our patients.
Honor our Mission and Values: Ability to build trust and act with authenticity to cultivate a culture of integrity, inclusion, and mutual respect.
Effective Decision Making: Ability to make timely, informed decisions that are in the best interest of our patients, employees, providers, community and HCA.
Attain and Leverage Strategic Relationships: Ability to develop and strengthen collaborative relationships with both internal and external stakeholders to advance the care of our patients and the growth of HCA.
Lead and Develop Others: Ability to lead others to accomplish organizational goals and objectives; provide meaningful coaching and mentoring to increase the capabilities of individuals and teams and drive employee engagement.
Communicate with Impact: Ability to deliver information in a clear, concise, and compelling manner to effectively engage others and achieve desired results.
Achieve Success through Change: Ability to identify opportunities for improvement and innovation, remove barriers and resistance, and enable desired behaviors.
Drive Execution and Financial Results: Ability to commit to the success and financial wellbeing of HCA by challenging others to excel and hold themselves and others accountable for achieving results.
Education & Experience:
Bachelor's degree or equivalent experience Required
3+ years of experience in some combination of audit, risk management, information security, or information technology Required
3+ years of experience in some combination of implementing Security Risk Management programs, translating security-themed regulations and frameworks into risk assessment processes and tools, developing or assessing technical and process-based controls, managing risk assessments/investigations, or working with organization leadership to integrate controls into the scope of existing business practices Required
1+ year(s) of experience in in working with GRC or IRM tool suites Preferred
1+ year(s) of experience in healthcare Preferred
1+ year(s) of experience in working with Federal, HIPAA, Meaningful Use/Promoting Interoperability and other healthcare security regulations.
Or
1+ year(s) of experience in working with other security risk management requirements, regulations, or certifications such as PCI, SOX, SOC 1 & 2, ISO, HITECH, etc. Preferred
3+ years of experience in demonstrating the ability to be adaptable and flexible, with the ability to handle ambiguity and sometimes changing priorities. Required
3+ years of experience in demonstrating the ability to define, learn, understand, and apply new technologies, methods, and processes. Required
Or
- equivalent combination of education and/or experience
Licenses, Certifications, & Training:
- Certifications such as CISSP, CISA, HCISPP, CHC, CHPC, CHSP, CISM, CRP, CRISC or other relevant information security or risk management certifications Preferred
Additional Information:
- Candidate must live in/near the Greater Nashville, TN area or be willing to relocate to area
We are comprised of affiliated hospitals, physician practices and other sites of care across the United States and United Kingdom. The Sarah Cannon Cancer Network is transforming cancer care through integrated services and cutting-edge technologies. Our physicians can develop leading oncology programs to advance science and patient care. Providing physician-led patient care offers our doctors access to a national network of experts. This is where multidisciplinary teams come together with a goal of delivering seamlessly coordinated, quality cancer care. Through a united network of globally recognized oncology specialists, we collaborate and share best practices. We address each aspect of the cancer journey, from screening and diagnosis through treatment and survivorship, to advance our shared mission: Above all else, we are committed to the care and improvement of human life.
HCA Healthcare has been recognized as one of the World's Most Ethical Companies® by the Ethisphere Institute more than ten times. In recent years, HCA Healthcare spent an estimated $3.7 billion in cost for the delivery of charitable care, uninsured discounts, and other uncompensated expenses.
"Across HCA Healthcare’s more than 2,000 sites of care, our nurses and colleagues have a positive impact on patients, communities and healthcare.
Together, we uplift and elevate our purpose to give people a healthier tomorrow."- Jane Englebright, PhD, RN CENP, FAAN
Senior Vice President and Chief Nursing Executive
If you find this opportunity compelling, we encourage you to apply for our Risk Management Analyst II opening. We promptly review all applications. Highly qualified candidates will be directly contacted by a member of our team. We are interviewing apply today!
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.