Principal Risk Analyst: Privacy - Third-Party Risk Management

WHY MAYO CLINIC

Mayo Clinic is top-ranked in more specialties than any other care provider according to U.S. News & World Report. As we work together to put the needs of the patient first, we are also dedicated to our employees, investing in competitive compensation and comprehensive benefit plans

• to take care of you and your family, now and in the future.

With continuing education and advancement opportunities at every turn, you can build a long, successful career with Mayo Clinic.

ABOUT THE ROLE

The Principal Risk Analyst will lead risk business operations, special projects, investigations, legal litigation, mitigation development, non-employee access and end user awareness/education. The incumbent will provide guidance to the Risk & Data (RD) unit for day-to-day operational support, including project management, and will demonstrate leadership and represent the RD on project teams, committees, strike teams, and workgroups.

DEPARTMENT

Information Security

LOCATION

Rochester, MN REMOTE:

No

JOB TYPE

Full-time

KEY RESPONSIBILITIES

• Supports and develops RD initiatives; responsible for the design of enterprise business operations, including operational growth and development.
• Leads multi-disciplinary workgroups and projects.
• Responsible for development of policies and procedures to support the organization's risk tolerance.
• Gathers and organizes information from a cross-functional investigative team.
• Works directly with Legal and Human Resources on high risk internal and external investigations.
• Works directly with Legal and External Counsel on policy, regulatory and/or litigation matters (using eDiscovery protocols).
• Completes documentation to support findings including legal reports, SBARs, and executive summaries.
• Responsible for peer review of work unit documentation.
• Develops and presents Risk training(s) geared towards Mayo Clinic leadership.
• Has extensive experience in regulatory compliance and investigations, including:
• Deep subject matter expertise in relevant compliance laws and regulations such as privacy compliance, investigations, revenue cycle compliance, device manufacturing compliance, general compliance, and conflict of interest.
• Understanding of and ability to apply the Seven Elements of an Effective Compliance Program.
• Ability to carry out audits, assessments, and investigations.
• Ability to use relevant compliance tools including GRC software, monitoring tools, and issue management software.
• Ability to follow and apply legal holds and execute proper preservation of evidence and chain of custody protocols.
• Must have technical and nontechnical communication skills (verbal and written), analytical aptitude, and project management skills.
• Demonstrates high level integrity and ability to use discretion and maintain confidential information.
• Some travel may be required.

QUALIFICATIONS

Minimum Qualifications:

• Bachelor's degree and 7 years' experience in business analysis, compliance, privacy, insider threat, information security, human resources, risk management, information science, business administration, law enforcement, health or science-related fields; OR
• Master's degree and 5 years' experience in the above fields.

Preferred Qualifications:

• Masters of Healthcare Administration, Business Administration, or Science preferred.
• Certified Fraud Examiner (CFE), Certification in Healthcare Compliance (CHC), or Healthcare Privacy Compliance (CHPC) preferred.
• JD or Master's degree preferred, or certified as CHC, CHPC, CCEP, CISSP, CISM, CITPM, or relevant equivalent certification (or will obtain within 2 years of hire).
• Professional leadership skills; ability to maintain highest level of confidentiality.
• Advanced analytical and problem-solving skills; investigation and audit experience.
• Ability to work with limited management involvement; effective training and presentation skills.
• Knowledge of operational risk best practices, effectiveness evaluations, and resources.
• Demonstrated ability to set priorities and respond to changing demands from multiple sources.
• Ability to follow-through, meet regulatory deadlines, anticipate requirements, and build relationships.
• Ability to communicate effectively with diverse groups including attorneys, physicians, patients, allied health staff, researchers, and vendors.
• Ability to work collaboratively in a team environment with minimal supervision.
• Advanced Microsoft Office skills including Excel, Word, Visio, and PowerPoint.
• Some roles require specialized skills (e.g., forensic accounting, forensic tools, insider threat, data loss prevention).
• Incumbent must be able to obtain government security clearances.

COMPENSATION

Salary:

$116,043.20

• $168,292.

80 per year

Organization:

Mayo Clinic Department:

Information Security Location:

Rochester, MN