Director - IT Risk Management
Navigating the Hiring Process
We're here to support you!
Having trouble with your account or have questions on the hiring process?
Please visit the FAQ page on our website for assistance.
Need help with your computer and browser settings?
Please visit the Technical Information page for assistance or reach out to the web manager at kp-hires@kp.org.
Do you need a reasonable accommodation due to a disability?
A reasonable accommodation is any modification or adjustment that enables you to fully participate in completing the following:
- Online Submissions
- Pre-Hire Assessments
- Interview Process
Please submit your accommodation request and an HR Representative will contact you.
This leadership position within the Risk Assessment Services team is charged with providing risk assessment functions for HIPAA and PCI projects within Kaiser Permanente. This leadership function works with project teams to provide risk alignment with control frameworks for both avoiding HIPAA and PCI compliance failures and ensuring that KP activities promote consistent and predictable control environments at all times. The successful candidate will have multiple years of experience leading a team of risk assessment professionals on time sensitive assessments leveraging an internal NIST 800 based control framework as well as external control frameworks as necessary. The ideal candidate will be comfortable managing teams across multiple time zones and representing team findings at the executive level.
This managing level position contributes to the overall ITRM strategy for the assessment operations unit by working collaboratively with senior leadership to align assessment efforts with organizational strategy, as well as driving and overseeing the design and implementation of approrpriate controls. This includes defining the categories of key risk metrics, and utilizes metrics to drive strategic initiatives within the organization. In addition, this position implements the governance framework within the department and ensures that the framework is effectively implemented within the organization. This role is also responsible for overseeing delivery of large-scale ITRM service delivery and engagements and the allocation of resources, including budget.
Essential Responsibilities:
- Directs the operation of multiple units and/or departments by identifying customer and operational needs; analyzing resources, costs, and forecasts and incorporating them into business plans; gaining cross-functional support for business plans and priorities; translating business strategy into actionable business requirements; obtaining and distributing resources; setting standards and measuring progress; removing obstacles that impact performance; guiding performance and developing contingency plans accordingly; and ensuring products and/or services meet customer requirements and expectations while aligning with organizational strategies.
- Demonstrates continuous learning and maintains a highly skilled and engaged workforce by aligning resource plans with business objectives; overseeing the recruitment, selection, and development of talent; motivating teams; preparing individuals for growth opportunities and advancement; staying current with industry trends, benchmarks, and best practices; providing guidance when difficult decisions need to be made; and ensuring performance management guidelines and expectations drive business objectives and results.
- Oversees and takes accountability for the development, implementation and maintenance of assigned ITRM process and/or service portfolio by working collaboratively with leadership to develop the ITRM strategy; defining goals, objectives, deliverables, and guardrails within the governance framework to ensure the development and implementation of efficient, effective, measurable, and sustainable ITRM processes and controls; overseeing the development and selection of appropriate performance measurement tools; and performing organization wide analytics and interpretation of metrics.
- Contributes to the overall strategy for ITRM compliance assessments and consulting projects by performing second tier quality control and review of project deliverables; managing and driving intake, planning and coordination activities for new or revisions to technology systems or services; and driving and overseeing the design and implementation of appropriate controls through the sustainment phase.
- Oversees the delivery of ITRM service delivery and engagements for large-scale programs from planning to completion by directing multiple workstreams, including stakeholder communications and team mentorship; managing and monitoring financials of large and complex ITRM service delivery and engagements; and overseeing the allocation of resources, schedules, and task assignments.
- Minimum three (3) years supervisory experience.
- Minimum two (2) years managing operating budgets and/or project financials.
- Bachelors Degree in MIS, Information Security, Accounting, Finance, Audit, or related field and Minimum eight (8) years experience in IT risk management, compliance, auditing, or information security, including Minimum four (4) years managing audit and/or compliance projects. Additional equivalent work experience in a directly related field may be substituted for the degree requirement.
- Five (5) years experience working with IT general controls (e.g., IT change management, access controls, security controls, etc.).
- Five (5) years experience working with database and security technologies.
- Four (4) years experience in the development and delivery of ITRM metrics and reporting.
- CISA or comparable certification.
- QSA or ISA certification.
- Four (4) years of work experience in a role requiring interaction with executive leadership (e.g., Vice President level and above)
- Four (4) years experience reviewing ITRM documentation and assessment reports.
- Four (4) years experience in a leadership role of a large matrixed organization.
Kaiser Permanente is an equal opportunity employer committed to a diverse and inclusive workforce. Applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), age, sexual orientation, national origin, marital status, parental status, ancestry, disability, gender identity, veteran status, genetic information, other distinguishing characteristics of diversity and inclusion, or any other protected status. Submit Interest
