Program Manager IT Compliance, Audit and Risk (Remote)

Join Martin's Point Health Care - an innovative, not-for-profit health care organization offering care and coverage to the people of Maine and beyond. As a joined force of "people caring for people," Martin's Point employees are on a mission to transform our health care system while creating a healthier community. Martin's Point employees enjoy an organizational culture of trust and respect, where our values - taking care of ourselves and others, continuous learning, helping each other, and having fun - are brought to life every day. Join us and find out for yourself why Martin's Point has been certified as a "Great Place to Work" since 2015.
 

Position Summary
 The Program Manager for IT CAR is responsible for the comprehensive management and oversight of compliance programs, particularly focusing on System Security Plans (SSP), NIST, MAR (Model Audit Rule), CMMC (Cybersecurity Maturity Model Certification), and MBOI (Maine Bureau of Insurance) initiatives.
This role involves the development, implementation, and ongoing maintenance of various IT compliance programs with an emphasis on both tracking, prioritization, and operationalizing initiatives within IT and across the business to ensure adherence to regulatory requirements and organizational policies. The Program Manager will partner with key IT and business resources to drive self-audits, operational implementations, and continuous process improvements to ensure compliance across IT and the broader organization for many years to come.
This position does offer a remote work schedule and East Coast applicants are encouraged to apply. Also, in compliance with MPHC’s Department of Defense government contract, any/all persons hired for this position will need to verify their US citizenship and complete the required employment eligibility verification upon hire.
Job Description

Key Outcomes:

Compliance Program Management:

• Develops, implements, and maintains a comprehensive compliance program that includes performance auditing, monitoring, and reporting, all of which feed into a larger IT governance structure and function.
• Creates and revise policies and procedures, develop and follow through on corrective action plans.
• Identifies potential IT-specific compliance risks, report them to the larger IT governance structure, and lead mitigation planning activities to support corrective action plans.
• Collaborates with Corporate Compliance & Legal on IT compliance, audit, and risk progress, mitigation plans, along with seeking expert consultation.

New Regulatory Guidance:

• Identifies, researches, and disseminates new IT-specific regulatory guidance in collaboration with Legal & Compliance.
• Provides formal and informal leadership across the IT department and business to help evaluate new guidance, prepare gap analyses, and ensure timely implementation and alignment with IT and business departmental operations.
• Maintains comprehensive documentation (internal and external audit documentation) of activities to produce on-demand for internal and external audits.

Audits, Monitoring, and Reporting:

• Fosters an "audit-ready" culture within the IT department.
• Coordinates internal and external audit activities, as well as internal monitoring and reporting activities, with IT department senior management, Corporate Compliance & Legal, and other business units and departments.
• Creates and update audit IT-specific universes, review audit results, and ensure timely follow-up communication and corrective actions.
• Documents audit and performance improvement activities comprehensively.

Leadership and Management:

• Leads large cross-department initiatives, informally. 
• Leads and represents the IT department in cross-functional and interdepartmental IT-CAR meetings.

Organizational Interactions:

• Assists in developing IT compliance best practices and advise internal management and business partners on IT CAR program implementation and progress.
• Collaborates with cross-functional teams (especially IT Security Team) to conduct various IT compliance reviews (e.g., NIST, IT Policy, IT Best Practice) to identify issues and areas for improvement in IT processes and systems.

• Facilitates timely remediation of issues and implementation of recommended improvements with various IT teams, including the IT PMO to help track and support key initiatives. 

Education/Experience:

• Bachelor’s degree in Information Systems, Cybersecurity or equivalent combination of education and experience; Master’s degree preferred.
• 5+ years’ experience in a technical lead role in health care.

We are an equal opportunity/affirmative action employer.

Do you have a question about careers at Martin’s Point Health Care? Contact us at: [email protected]