Website Blue Cross Blue Shield Association
Conducts and leads activities and cross-functional project teams in completing activities related to the strategy, development, implementation of IT audits of Plans and Vendors for administration of and adherence to the organization’s processes, policies and procedures covering the protection of and access to member Protected Health information (PHI) in compliance with the Office of Personal Management, federal and state laws and, the organization’s information security practices; and other assigned audit activities and generally handling issues of greater complexity/impact to the organization. Contributes to the promotion, enhancement of Program integrity by acting as resource and consultant to others on information security and IT audit related activities/issues, by implementing and recommending policies, training, and procedures designed to protect the integrity of Plans/vendor IT systems with inefficient internal controls.
- Serves as a consultant to management on risk mitigation factors in all FEP related technology areas and serves as a key interface on technology risk related issues. Performs follow-up reviews and assessments to ensure identified risks and issues are appropriately mitigated and resolved.
- Works with Legal, IT, Business Areas, and Plans, to build and maintain effective relationships regarding the ongoing compliance monitoring of all trading partners and Business Associates, to ensure all IT related risks, issues and concerns are mitigated and addressed without delay.
- Assists with the implementation, administration and maintenance of the organization’s information privacy and security process, policies and procedures in coordination with the Business Protection Services, legal counsel, business owners and other information technology areas within FEP.
- Develops and executes audit programs for the purpose of auditing and assessing controls for IT assets, systems and/or processes related to the FEP Program, including developing criteria, reviewing and analyzing evidence; identifying and defining issues; documenting work papers in compliance with auditing standards; making sound recommendations to institute changes as necessary to comply with changes in the law, regulations, corporate requirements, professional ethics, and OPM requirements and as necessary due to changes in the technical and systems environment, Business Operations, Plan Initiatives and the overall IT related privacy and security climate.
- Evaluates the adequacy, effectiveness and efficiency of specified Software Development Life Cycle (SDLC) processes and procedures and IT controls; and identifies weaknesses across the FEP Program. Demonstrates the ability to effectively discuss IT audit issues with management and develop business focused recommendations to strengthen controls. Demonstrates ability to effectively develop business focused recommendations to strengthen controls. Prepares reports of audit findings recommending ways to improve Plan/Vendor FEP operations.
- Strong interpersonal and organizational skills.
- Minimum 5 to 7 years of technology audit and compliance experience.
- Strong internal audit and project management skills.
- Ability to take complex IT and privacy and data security issues and seek resolution.
- Intermediate knowledge of HIPAA/HITECH/Omnibus privacy and security legislative mandates requiring the protection of health information.
- Experience in health care or government-contracting environment
- Bachelor’s degree in information technology, business, or related field, or equivalent experience.
- CISA, CIA, CPA, HIPPAP, CHC, CHP or similar Privacy and Data Security certification.
- Blues Plan experience a plus.
- Demonstrated leadership, analytical, and problem solving skills.
Company: Blue Cross Blue Shield Association
Vacancy Type: Full Time
Job Location: Greensboro, NC, US
Application Deadline: N/A