More jobs:
Senior Risk and Compliance Analyst
Job in
Pittsburgh, Allegheny County, Pennsylvania, 15222, USA
Listed on 2026-06-22
Listing for:
Highmark Health
Full Time
position Listed on 2026-06-22
Job specializations:
-
IT/Tech
Cybersecurity, Information Security, Data Security
Job Description & How to Apply Below
* Highmark Health
** Job Description :*
* ** JOB SUMMARY*
* This job works collaboratively to support all risk and compliance assessment activities across Highmark Health, leveraging a broad range of frameworks and standards including NIST, HITRUST, PCI DSS, HIPAA, SOC, MAR, CMS, JCAHO, and other regulatory and industry requirements. The incumbent is responsible for leading and supporting third-party risk management activities, including the assessment of third-party security posture, information security controls and compliance obligations.
The role also partners with internal stakeholders, procurement teams, legal counsel, and third-party suppliers to negotiate contractual provisions related to security, privacy, compliance, and risk management. The incumbent will collaborate closely with organizational risk and business partners, technology teams, and global delivery organizations to support business objectives in a manner consistent with the enterprise risk appetite. This individual must possess a proactive mindset, strong analytical and negotiation skills, and the ability to effectively influence and work within a highly matrixed environment.
** ESSENTIAL RESPONSIBILITIES*
* + Plan and conduct risk assessment activities according to the appropriate framework, including but not limited to NIST, HITRUST, PCI, HIPAA, SOC, MAR, CMS, JCAHO, in order to identify, assess, prioritize, evaluate and address financial, information security, privacy, and other areas of risk.
Prepare draft reports and other management reporting deliverables.
Review all work prepared by less experienced team members to ensure audit quality standards are consistently met in all forms of documentation.
+ Review and interpret inherent risk assessment results, engagement risks, and develop assurance plans (e.g., on-site audit, contract review, financials assessment, purchasing data analysis) to address relevant risk areas and to ensure proper controls are implemented.
Accountable for the review and interpretation of authoritative guidance (including, but not limited to NIST, HITRUST, PCI, HIPAA, SOC, MAR, CMS, JCAHO reports) and performs qualitative and quantitative impact assessments based on physical, technical, and administrative safeguards as well as contractual requirements; conducts additional information gathering and risk assessments as-needed; documents and reports results.
+ Lead development of project plans to support risk assessment and decisioning in coordination with business owners and other stakeholders within task-based budgets.
Collaborate and communicate with Information Security, Privacy, Procurement, Audit, Compliance, and other teams across the Enterprise to align risk management objectives, practices and procedures.
+ Interface with business areas, technical staff, project teams, and third parties to execute cross-functional risk assurance projects. Lead the communication of assessment results and findings with multiple stakeholder groups and provides consultation and direction throughout.
+ Interpret complex data flow/ information sharing activities, customer integrations, and information safeguards into simplified and high-level terminology and/or process/data flows.
Maintains risk management reporting dashboards in RSA Archer applications in order to keep information complete, accurate, and current.
Prepare and assist with the delivery of risk assurance reports to management.
+ Ensure risk questionnaires and other risk assessments are distributed and completed on-time and prepares initial impact assessments.
Ensure compliance requirements are met across the Enterprise.
Assist in training and mentoring team members on multi-faceted engagements, platform customer dependencies, and interpretation of complex contract agreements.
+ Collaborate with lead in providing input and consultation on risk and assurance reporting.
Collaborate and consult with other areas (e.g., Procurement, Privacy, Information Security, Legal) throughout the engagement lifecycle
Assist in providing timely feedback on interpretations regarding authoritative guidance.
+ Proactively reviews updates made to departmental desk-level procedures, risk assessment methodology, assessment procedures, questionnaires, training, etc. and is responsible for monitoring compliance with departmental metrics, internal control activities, contractual obligations, regulatory requirements, and responding to customer inquiries / audits.
+ Other duties as assigned or requested
** EDUCATION*
* ** Required*
* + Bachelor's Degree in Accounting, Finance, Business Administration/Management, Information Technology, Pre-Law, or related field
** Substitution*
* ** s*
* + 6 years of related and progressive experience in lieu of Bachelor's degree
** Preferred*
* + Master's Degree in Accounting, Finance, Business Administration/Management, Information Technology, Pre-Law, or related field
** EXPERIENCE*
* ** Required*
* + 5 years in Audit and Compliance
To Include:
+ 3 years of Business Process…
Position Requirements
10+ Years
work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×