The Compliance and Risk Director is responsible for managing all requirements related to Information Management Regulatory/Compliance. This position manages all activities related to the development, communication and management of policies, controls and practices supporting IT compliance, regulatory and risk objectives. Tracks, tests, and reports on audit and assurance practices for Information Management to identify points of vulnerabilities and recommend quality measurement and improvement strategies to meet regulatory requirements
Audit management and facilitation – Facilitate internal and external IT audits and certifying agency activities, insuring timely response. This includes supporting discovery and testing phases, creating compliance maps of current practices/policies to standards, and coordinating responsibility of follow through for remediation activities. Maintains monthly management level status reporting of progress. Maintain a schedule of testing for critical risk areas.
Compliance/Risk management- Develop and maintain necessary guidelines, standards and procedures in support of the information security and regulatory compliance such as HIPAA, E-Discovery, Security Assurance, and JCAHO. Provide oversight and expert consultation to Associates seeking guidance on application of compliance and information security standards. Maintain a risk register with up to date research on changing regulatory requirements and insures information distributed with IM management with relevant areas of impact identified.
Disaster Recovery / Business Continuity – Manages the execution of the Disaster Recovery program insuring program goals are met within approved parameters. Insures appropriate documentation is maintained and retained for appropriate time periods.
Compliance and Security Controls – Manages the quality assurance processes and audits to insure appropriate access controls are in place, providing recommendations and feedback to the Security team.
Vision and Strategy – Provide input into the Quality and Risk Program vision and strategy of the organization, supporting the IM strategic plan and continuous improvement plan.
Program Leadership - Develops and initiates specialized education and development of materials to support Regional HIPAA Security Officers.
Budget & Financial Administration - Develop and manage detailed budgets, tracking all capital and operational expenditures and regularly reporting the budgetary status of all assigned project budgets including hardware, software and support components.
Project Management - Plans, prioritizes, manages and schedules multiple large, complex projects, often overseeing multiple efforts and coordinating activities of other project managers. Assigns technical, supervisory, administrative and financial resources to meet approved corporate and regional project schedules and goals.
Communication – Provide effective oral and written communications to staff to facilitate understanding, ownership and accomplishment of project goals and objectives. Demonstrate strong interpersonal skills, possess good negotiating skills and promote teamwork among subordinates.
Standards –Provide expert consultations and lead in the development and documentation of procedures and standards that ensure accurate evaluation of the IM Audit and Risk standards required for support of clinical, business and technical processes.
Contract Negotiations – Assist in the negotiation of contracts for the acquisition of relevant program related services, including software, hardware and support services, following established processes.
Reporting –Prepares quarterly risk reports with appropriate risk register, risk awareness alerts, audit indices and trends for IM Leadership review.
Support - Interface with IM management to understand their business and service needs and develop processes for IM implementation to accommodate them.
Teamwork – Maintain and demonstrate good teamwork on assigned projects through actions and job performance.
Other – Perform other duties and special projects as assigned by the Director
CHRISTUS HEALTH is an international Catholic, faith-based, not-for-profit health system comprised of almost more than 600 services and facilities, including more than 60 hospitals and long-term care facilities, 350 clinics and outpatient centers, and dozens of other health ministries and ventures. CHRISTUS operates in 6 U.S. states, Colombia, Chile and 6 states in Mexico. To support our health care ministry, CHRISTUS Health employs approximately 45,000 Associates and has more than 15,000 physicians on medical staffs who provide care and support for patients. CHRISTUS Health is listed among the top ten largest Catholic health systems in the United States.