Director Risk and Incident Management
Arlington, Virginia Minneapolis, Minnesota
Our purpose is to serve the nation with the single most trusted and capable health information network, built to increase patient safety, lower costs and ensure quality care.
The Director of Risk and Incident Management will be responsible for: Maturing and leading the Surescripts Enterprise Risk Management (ERM) program which has the mission of providing executive level oversight for critical risks. Owning and governing the business continuity program for the entire organization. Managing corporate response activities to all Critical Incidents – defined as extraordinary events that threaten the company either financially, operationally, legally or in regard to reputation and warrants immediate attention from the Executive Team. Critical incidents are usually systemic, multi-functional, and multi-departmental. Managing a team that provides project risk assessment, project security subject matter expertise, and third party security risk assessment.
- Run the Enterprise Risk Management (ERM) program to include creating and operating the program in alignment with industry best practices such as the Committee of Sponsoring Organizations of the Treadway Commission (COSO) a COSO.
- Manage the discovery, assessment, and analysis of risk.
- Maintain the corporate risk register and a database of risks as they are discovered and analyzed
- Create the risk assessment and measurement framework to quantify risks using risk management and statistical best practices.
- Partner with experts across all parts of the company to document the risks and controls, to measure the control effectiveness, and report the findings through key risk and performance indicators.
- Lead the Risk Forum and ensure the data is rolled up into the Risk Registry for reporting to the Risk Committee, Executive Team and the Board.
- Develop, maintain, and communicating the risk appetite framework and corresponding model(s) of risk tolerance – this includes designing process and protocol for routine/continuous monitoring of risk metrics/indicators against limits and escalations.
- Promote awareness of the overall strategic goals and objectives of ERM and deploy tactical strategies for building a risk intelligent culture across the organization.
- Serve as a trusted advisor to the leaders of Surescripts in matters of risk management.
- Lead the business continuity function of the company
- Partner with teams across Surescripts to develop and validate contingency plans for core parts of the Surescripts business.
- Conduct exercises to test the validity of the contingency plans.
- Manage direct report(s) who act as security subject matter experts with job duties including:
- Projects addressing critical security risks
- Perform semi-annual user access reviews
- Assess and track the risk of potential and current third parties
- Assess and document the risks within new third parties to provide security requirements
- Perform all other duties as assigned.
Qualifications Basic Requirements
- Bachelor’s degree in a technical field, statistics, or risk management field or equivalent related experience.
- 12 years of experience in the field of enterprise risk management.
- Experience working with senior executives in a demanding and dynamic business environment with access to highly confidential and proprietary information.
- Advanced skills in the areas of project management, planning investigations and implementing initiatives.
- A track record of building relationships and strategic partnerships with a variety of senior executives in a manner that establishes trust and credibility. Previous experience Facilitating the identification and mitigation of enterprise risk for a complex company in a regulated industry.
- Proven experience providing leadership, setting vision, and motivating a team.
- Experience developing talent and infusing knowledge and experience across wider organization.
- Experience building statistical models to quantify risk.
- Broad understanding of common risks and risk management strategies across many domains including financial, technology, human resources, cybersecurity, competition, and environmental.
- Experience managing a risk program in the healthcare industry.
- Experience managing information security risks.
- Experience using software tools such as Analytica.
Posted 30+ Days Ago Full time REQ319
Surescripts was founded in 2001 when the pharmacy industry and other collaborators set out to replace paper prescriptions with electronic. Today, we’re the nation’s largest health information network, connecting pharmacies, care providers, benefit managers and technology partners to get the right information to the right place at the right time. We offer industry-leading solutions that digitize manual workflows and use our unparalleled breadth of data to vastly improve healthcare connectivity, patient safety and provider efficiency.
Click here to apply.