Enterprise Risk and Compliance Senior Manager HIPAA Compliance

Profile

Best Buy

What does the Enterprise Risk and Compliance Senior Manager (HIPAA Compliance) Do?

The Enterprise Risk and Compliance Senior Manager will lead the team in activities focused on HIPAA Security Rule compliance. They will lead the development and implementation of consistent practices based on a defined framework and methodology to maintain HIPAA compliance requirements.

We are looking for someone to build a robust HIPAA Security Compliance strategy from the ground up to support our Best Buy Health Business. The Senior Manager will build cross-functional relationships and drive change through advocacy and influencing. Proven leadership, a strong risk management mindset, and a strong understanding of various HIPAA laws, the HITECH Act and foundational IT competencies will be crucial in the success of the Enterprise Risk and Compliance Senior Manager.

Key Responsibilities:

Develop, implement, and maintain HIPAA Security Compliance strategy that guides and informs risk-based decisions.

Develop, implement, and manage internal policies and controls supporting HIPAA Security Compliance.

Establish and lead the execution of an annual work plan and ongoing monitoring activities to ensure alignment with government regulations and internal policies and standards.

Lead HIPAA risk assessments and validation of effectiveness of relevant controls.

Report assessment results along with recommendations to close any gaps to various audiences, including executive leadership and Board of Directors.

Provide oversight to ensure HIPAA Security Compliance activities are documented and carried out to drive consistent processes.

Provide effective analysis, direction and advice to other teams and stakeholders on required controls for security of protected health information (PHI).

Maintain current knowledge of HIPAA privacy and data breach regulatory guidance and applicable state and federal privacy laws and monitor changes to ensure organizational awareness.

Provide expertise and leadership based current knowledge of HIPAA Security requirements and industry experience and knowledge to ensure Best Buy remains in compliance with applicable standards and regulations.

Drive the efficiency and maturity level of HIPAA Security compliance while quickly adapting to dynamic technology landscape of Best Buy Health business.

Communicate effectively across all levels of the organization; provide formal reports and presentations to senior executives as required.

Build cross-functional relationships and advocate for sound risk compliance programs and practices.

Basic Qualifications

6 years of work experience within Information Security, Risk and Compliance, or Information Technology, with at least 3 years in HIPAA Compliance and Security Rule framework

2 years of managing complex initiatives in areas of risk management and regulatory compliance.

4 years people leadership, including hiring the right talent, building a team, performance management and development.

2 years of experience with creating and documenting compliance processes and reporting on executive leadership level.

1 years of experience in Internal Controls design, development and assessment.

Excellent relationship building skills including across cross-functional teams

Exceptional written/oral communication skills

Preferred Qualifications

Bachelor's or advanced degree in Business, IT, Computer Science, Engineering, or related field or equivalent work experience

Experience using Archer or other Governance, Risk and Compliance (GRC) tools

Certifications CISSP/CISM/CRISC Certification

Solid knowledge of HIPAA, HITECH, HITRUST; general understanding of other governance frameworks, such as PCI, Sarbanes Oxley (SOX), COBIT, etc.

Company info

Best Buy
Website : http://www.bestbuy.com