GRC Technology Architect

JOB SUMMARY

Within area of expertise (application, solution, information, technology, business), designs, develops, implements, supports, and enables Governance, Risk and Compliance (GRC) architecture and technology solutions to meet business capabilities and needs.  Ensures completeness of GRC solutions architecture by adequately addressing all the pertinent concerns of its stakeholders.  Ensures integrity of GRC solutions architecture by connecting various views of stakeholders, reconciling conflicting concerns, and showing the trade-offs made in so doing.  Considers practicality and fitness for purpose in determining GRC architecture to develop and/or improve upon.  Leverages industry, business, technology, risk, and compliance knowledge to enable and/or improve business processes, practices, organizations, and systems. Supports collaboration with others across the enterprise to provide solutions and recommendations in order to consolidate data repositories, information, GRC tools and other technology resources by centralizing them under common GRC solutions. Adheres to service levels, prepares reporting and other customer communications. Adheres to quality standards, configuration practices and procedures, and supports the realization of measurable business benefits.  Works independently and in cross-functional team environments while also assisting with special assignments, as needed.

ESSENTIAL RESPONSIBILITIES

EDUCATION

• Defines, designs, and continuously improves business processes, risk and compliance functions through the use of technology. Develops and configures the enterprise risk, governance, compliance and business solutions that combine knowledge of particular business processes and issues, general technological options, compliance and regulatory requirements, and process facilitation techniques. Collaborates with company customers, staff, IT colleagues, and other stakeholders in identifying customer requirements, assessing impacts to other areas, considering available options, comparing costs and benefits, and recommending solutions.  Takes initiative, demonstrates a proactive mindset and is comfortable working in a highly matrixed environment.  
• Specifies and designs GRC technology systems, solutions, networks, infrastructure elements, and processes. Assists with selection of appropriate design standards, methods and tools and ensures that they are applied effectively. Evaluates and undertakes impact analysis on solution design and implementation options. Develops approach and consults with others to ensures that the system architecture balances functional, service quality and systems management requirements.  Tests and validates system configurations. Collaborates with customers and other stakeholders in order to maintain and to improve data quality.
• Works with customers to establish, conceptualize, and align expectations with a focus on GRC process automation; facilitates requirements evaluation/rationalization activities; translates customer expectations into written artifacts. Assists with preparation and monitoring of project plans, task-based budgets and milestones.  Develops, maintains and communicates project status reports to business and technical stakeholders as well as senior leadership, as needed.  Executes data access governance processes, procedures, and related review activities including user profile and provisioning process updates. 
• Performs detailed component requirements gathering and analysis, collection of customer and technology and translates these into detailed solutions/designs for implementation using selected products. Documents technical aspects of system development, configuration, testing, integration (including requests for changes, deviations from specifications, etc.), process transformation, and project management artifacts using standard templates.  Assists with upgrades, testing and other solution validation activities. 
• Communicates effectively with multiple levels of organization, assists with managing expectations of customers, partners and management. Performs customer walkthroughs, timelines and plans; design and technical walk-throughs; training; problem resolution and decision making activities.
• Maintains an in-depth and current knowledge of multiple technical aspects in area of expertise and assists with providing advice regarding GRC technology and process solutions. Assists with commercialization opportunities for future growth, as needed.
• Researches, creates, and implements novel approaches to training and education on GRC process automation, digital transformation and technology enablement.  Applies relevant technical and business strategies, policies, standards and practices to multiple work products.  Contributes to knowledge management repositories and other communities of practice.
• Other duties as assigned or requested.

Required

• Bachelor's Degree in Computer Science, Information Technology or related degree

Substitutions

• 6 years of related and progressive experience in lieu of Bachelor's degree

Preferred

• Master's Degree in Computer Science, Information Technology or related degree

EXPERIENCE

Required

• 3 years with Governance, Risk, and Compliance Technology, preferably with Healthcare or a Healthcare related industry
• 1 year of IT discipline, Process Improvement, and System Architecture

Preferred (any of the following)

• 1 year with Archer Governance Risk and Compliance suite
• 1 year with SailPoint Access and Data Governance solutions
• 1 year of API Development
• 1 year of Java/Web Development
• 1 year as an Enterprise Architect (SCEA)

LICENSES or CERTIFICATIONS

Required

• None

Preferred (any of the following)

• Certified Information System Auditor (CISA)
• Certified Information Systems Security Professional (CISSP)
• Archer Certified Professional (ACP) 
• Governance of Enterprise IT (CEGIT)

SKILLS

• Experience with project management tools, methodologies, and working practices (e.g., Agile, Waterfall).
• Knowledge of business and technology processes, risk and control frameworks, and assessment methodologies, particularly as applied to healthcare (payer and provider) business processes.
• Knowledge of how to leverage technologies to drive efficient and effective GRC processes across payor/provider industries. 
• Experienced with resource and project planning capabilities, decision making skills, history of results-oriented delivery, and participation in team building across a global and diverse team of staff.
• Strong written and verbal communication skills for diverse audiences (senior management, board, peer, and team).
• Strong relationship building skills and ability to influence with and without authority in a matrixed organization.
• High capacity to think analytically, interpret information / observations, apply judgment and to assist with making effective, strategic decisions.

Language (Other than English):

None

Travel Requirement:

0% - 25%

PHYSICAL, MENTAL DEMANDS and WORKING CONDITIONS

Position Type

Office-based

Teaches / trains others regularly

Occasionally

Travel regularly from the office to various work sites or from site-to-site

Rarely

Works primarily out-of-the office selling products/services (sales employees)

Never

Physical work site required

Yes

Lifting: up to 10 pounds

Constantly

Lifting: 10 to 25 pounds

Occasionally

Lifting: 25 to 50 pounds

Rarely

Disclaimer: The job description has been designed to indicate the general nature and essential duties and responsibilities of work performed by employees within this job title. It may not contain a comprehensive inventory of all duties, responsibilities, and qualifications required of employees to do this job.
Compliance Requirement: This job adheres to the ethical and legal standards and behavioral expectations as set forth in the code of business conduct and company policies.
As a component of job responsibilities, employees may have access to covered information, cardholder data, or other confidential customer information that must be protected at all times.  In connection with this, all employees must comply with both the Health Insurance Portability Accountability Act of 1996 (HIPAA) as described in the Notice of Privacy Practices and Privacy Policies and Procedures as well as all data security guidelines established within the Company’s Handbook of Privacy Policies and Practices and Information Security Policy. 
Furthermore, it is every employee’s responsibility to comply with the company’s Code of Business Conduct. This includes but is not limited to adherence to applicable federal and state laws, rules, and regulations as well as company policies and training requirements.

Pay Range Minimum:

Pay Range Maximum:

Base pay is determined by a variety of factors including a candidate’s qualifications, experience, and expected contributions, as well as internal peer equity, market, and business considerations.  The displayed salary range does not reflect any geographic differential Highmark may apply for certain locations based upon comparative markets.

Highmark Health and its affiliates prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities and prohibit discrimination against all individuals based on any category protected by applicable federal, state, or local law.

We endeavor to make this site accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact the email below.

For accommodation requests, please contact HR Services Online at [email protected]

California Consumer Privacy Act Employees, Contractors, and Applicants Notice