Enterprise Risk Manager- Healthcare

We are seeking a Senior Enterprise Risk Manager with a specialized focus on healthcare risk management, IT security, and third-party risk oversight. This role is critical in ensuring strong governance, compliance, and risk mitigation strategies within the healthcare sector, particularly in home health, assisted living, and healthcare technology environments.

As part of the Enterprise Risk Management team, you will work closely with business leaders, IT teams, compliance officers, and external stakeholders to assess, manage, and mitigate risks associated with healthcare services, data security, and third-party partnerships. The ideal candidate has deep expertise in healthcare regulatory requirements (e.g., HIPAA, HITECH, CMS regulations) and a strong background in IT security and compliance frameworks.

Key Responsibilities:

Healthcare Risk Management

• Assess and manage enterprise-wide risks in home health, assisted living, and healthcare services.
• Oversee regulatory compliance related to healthcare data security, patient information, and third-party vendors.
• Ensure risk assessment and mitigation strategies align with CMS, HIPAA, HITECH, and other healthcare regulations.
• Develop strategies to minimize fraud, abuse, and compliance risks within healthcare operations.

IT & Information Security Risk

• Conduct risk assessments and ensure cybersecurity best practices are in place for healthcare data and IT systems.
• Maintain a risk framework based on NIST SP 800-53, ISO 2700x, COBIT, or similar security standards.
• Partner with IT and security teams to enhance data protection, secure patient records, and prevent breaches.
• Ensure cloud security, encryption, and identity management align with healthcare compliance mandates.

Third-Party & Vendor Risk Management

• Oversee third-party risk assessments to ensure healthcare vendors and partners comply with regulatory and security requirements.
• Monitor vendor contracts, risk exposure, and service-level agreements to mitigate risks associated with external partnerships.
• Establish risk reporting dashboards for senior management and board-level oversight of vendor-related risks.

Governance & Compliance

• Maintain comprehensive risk and control inventories, ensuring alignment with healthcare industry best practices.
• Integrate regulatory reporting requirements into enterprise-wide risk assessments.
• Develop and present risk reports, heat maps, and mitigation strategies to executive leadership, auditors, and regulators.
• Work closely with compliance, audit, and legal teams to maintain a proactive risk management strategy.

What You Bring

• Bachelor’s degree in Healthcare Administration, Information Technology, Business, or a related field (or equivalent experience).
• 10 years of experience in risk management, compliance, or healthcare operations.
• 6 years of experience in healthcare risk management, with expertise in home health, assisted living, or healthcare technology.
• In-depth knowledge of HIPAA, HITECH, CMS regulations, and other healthcare compliance requirements.
• Experience working with healthcare IT risk management frameworks (e.g., ISO 2700x, NIST SP 800-53, HITRUST).
• Current risk or security certification (e.g., CRISC, CISSP, CISA, GIAC).
• Strong ability to analyze, report, and communicate risk findings to executives, auditors, and regulatory agencies.
• Experience monitoring third-party risk exposure in healthcare vendor partnerships.
• Ability to work cross-functionally with IT, legal, compliance, and operational teams.

Nice to Have

• Experience conducting information security and business impact assessments.
• Knowledge of quantitative risk analysis methodologies.
• Strong negotiation and leadership skills to manage risk across diverse business cultures.
• Familiarity with fraud prevention, billing compliance, and healthcare operational risks.