Risk Partner

Company
Highmark Inc.
Job Description
JOB SUMMARY
This job is responsible for implementing, executing and maintaining the Compliance Program and its related policies to ensure the businesses act within the parameters of federal and state laws, regulations, and regulatory guidance. The incumbent is also responsible for the administration, interpretation, and enforcement of the Compliance Program including auditing/monitoring operational processes, conducting or overseeing compliance investigations, and ensuring that adequate training takes place under the Compliance Program. In this capacity, the individual is responsible for the collaborative and iterative execution of the risk and compliance plan for these entities across all areas in the enterprise risk taxonomy. Through matrixed leadership with Risk Operations and with support from Risk Enablement, the incumbent monitors and tracks the delivery of risk activities, including but not limited to, internal and external audit progress, recurring risk and compliance reporting, mandated training, investigations, and the impacts of new and changing laws, regulations, and contractual relationships. The incumbent must have extensive knowledge of the applicable federal and state rules as well as a solid working knowledge of managed care operations, compliance program structures, information security and audit methodologies. The incumbent must also have a foundational understanding of privacy regulations, including in-depth knowledge of HIPAA and possess the ability to perform a privacy risk assessment. The incumbent must have the highest level of integrity and ethics and demonstrate professional representation of the company.
ESSENTIAL RESPONSIBILITIES

Provides thought leadership and acts as an advisor to business leaders to ensure business decisions are made in alignment with the enterprise risk strategy / framework. Participates in and understands the business operations and strategy. Serves as a single point of contact for the business’ risks, compliance, privacy and security needs, and partners closely with legal counsel on all efforts.
Works with Risk Operations and the Strategic Risk Partner to implement and maintain an effective compliance and risk management program for the supported entities. This includes, but is not limited to education and training requirements, reporting and intake protocols, monitoring and implementation of new or changing regulatory requirements, risk assessment and audit execution, risk treatment plans, policy and procedure maintenance, response and investigation procedures and compliance expectations.
Provide proactive guidance, education, and information to senior management, so that business leaders remain informed and aware of risks, requirements, mitigation strategies, and management’s responsibilities. Participates in discussions or presentations to existing Compliance or Risk Committees. Gathers data and prepares reports for senior management and Board of Directors as needed. Ensure reporting obligations are met. Participates on various risk committees and may represent their entity when appropriate.
Informs business entity of risk related activity, ensures awareness and monitors execution. Tracks, monitors and reports on Risk Operations activities for the assigned business entity using the standard metrics and reporting created by Risk Enablement.
Proactively identifies and addresses risk in partnership with Risk Operations, Legal, and business entity leaders by thoroughly understanding strategy and functional operation of the business entity. Serves as a single point of contact to respond and intake risk from the senior leadership team, and follows protocol to triage.
Respond to reports of potential or real instances of non-compliance including recommendations for resolution, risk treatment and corrective action plans. Work with legal counsel and Internal Investigations Unit to ensure timely notice or disclosure of incidents or issues as appropriate/required. Ensure all reported matters are addressed in a timely and responsible manner in compliance with corporate policy, state and federal law and best practices.
Liaise with external regulators or enforcement bodies interacting with the assigned business entity per defined communication and legal protocols. Serve as the single point of contact for regulators.
Ensure completion of all education and training initiatives and requirements and identify priorities for focus for the accountable entities.
Participate in the implementation of the enterprise’s risk strategy for effective risk and compliance program governance; intended to strategically and proactively mitigate risk, and promptly detect and correct instances of non-compliance. This includes but is not limited to formal risk assessment processes and the implementation of an annual audit plan.
Maintain a strong working knowledge of the regulatory, security, and privacy landscape.
Other duties as assigned or requested.
EDUCATION
Required

Bachelor's Degree in Business, Finance, Health Administration, Public Health, Public Administration, Legal, Accounting or related field, or relevant experience and/or education as determined by the company in lieu of bachelor's degree
Preferred

Master's Degree in Business, Finance, Health Administration, Public Health, Public Administration, Legal, Accounting or related field
EXPERIENCE
Required

5 years in compliance, privacy, government affairs, healthcare operations, risk, audit, or legal functions
3 years in a leadership or management role
Preferred

7 years in compliance, privacy, government affairs, healthcare operations, risk, audit, or legal functions
3 years experience in Healthcare Compliance or Privacy
LICENSES or CERTIFICATIONS
Required

None
Preferred
(Any of the following)

Certified Public Accountant (CPA)
Certified Internal Auditor (CIA)
Certified Fraud Examiner (CFE)
Certified in Healthcare Compliance (CHC)
Certified Compliance & Ethics Professional (CCEP)
SKILLS

Broad-based business knowledge as well as in-depth knowledge of the insurance industry, strategic compliance planning, regulatory concerns, compliance requirements, and corporate integrity principles
Excellent oral, written, and presentation skills, as well as conceptual and analytic skills in order to review and articulate corporate objectives and regulations across all relevant audiences
High-level of skill in leading interdepartmental and cross-functional strategy development
Experience with managed care, Medicare and federal and/or state regulations, quality improvement and compliance oversight
The ability to comprehend and interpret regulatory, legislative, and contractual mandates
Experience managing multiple projects and managing professional staff on numerous projects to ensure corporate deadlines and objectives are met
The utmost integrity in the discreet and confidential handling of confidential materials is necessary
Language (Other Than English)
None
Travel Requirement
0% - 25%
PHYSICAL, MENTAL DEMANDS and WORKING CONDITIONS
Position Type
Office-based
Teaches / trains others regularly
Occasionally
Travel regularly from the office to various work sites or from site-to-site
Frequently
Works primarily out-of-the office selling products/services (sales employees)
Never
Physical work site required
Yes
Lifting up to 10 pounds
Constantly
Lifting 10 to 25 pounds
Occasionally
Lifting 25 to 50 pounds
Rarely
Disclaimer The job description has been designed to indicate the general nature and essential duties and responsibilities of work performed by employees within this job title. It may not contain a comprehensive inventory of all duties, responsibilities, and qualifications required of employees to do this job.
Compliance Requirement This job adheres to the ethical and legal standards and behavioral expectations as set forth in the code of business conduct and company policies.
As a component of job responsibilities, employees may have access to covered information, cardholder data, or other confidential customer information that must be protected at all times. In connection with this, all employees must comply with both the Health Insurance Portability Accountability Act of 1996 (HIPAA) as described in the Notice of Privacy Practices and Privacy Policies and Procedures as well as all data security guidelines established within the Company’s Handbook of Privacy Policies and Practices and Information Security Policy.
Furthermore, it is every employee’s responsibility to comply with the company’s Code of Business Conduct. This includes but is not limited to adherence to applicable federal and state laws, rules, and regulations as well as company policies and training requirements.
Highmark Health and its affiliates prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities and prohibit discrimination against all individuals based on any category protected by applicable federal, state, or local law.
We endeavor to make this site accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact the email below.
For accommodation requests, please contact HR Services Online at HRServices@highmarkhealth.org
California Consumer Privacy Act Employees, Contractors, and Applicants Notice