Kaiser Permanente's Technology Risk Management organization is seeking a Senior Manager to lead their vendor risk management group. The Senior Manager will be responsible for leading a group of technology risk professionals that interact with business units, IT project teams, IT compliance, information security, procurement and legal groups to identify technology or IT compliance related vendor risk and recommend assessment activities and remediation actions based on established risk profiling criteria. Initially, the Senior Manager will also be involved in the creation of vendor risk management processes and provide guidance to external consultants establishing the vendor risk management methodology. This individual will interact with leaders of the technology risk management group and vendor management stakeholders to identify, mitigate, monitor and report on vendor risk management activities. The Senior Manager will possess strong communication skills, leadership qualities, as well as a subject matter expertise in vendor risk management, information security and IT compliance.
- Manage, coach and provide guidance to vendor risk management team members as part of their ongoing risk profiling of vendor services.
- Provide periodic updates to the Director of Technology Risk Management Operations on the status of vendor risk management activities and ensure key performance metrics are incorporated into risk management dashboards.
- Provide quality control reviews of team member deliverables and ensure the vendor risk management methodology is consistently being followed in all phases of execution, i.e. inventory, risk profiling, ongoing assessments, and reporting.
- Provide feedback for creation and improvement of the vendor risk management methodology.
- Facilitate communication of vendor risk profiling and assessment results to business units, supporting IT project teams, procurement, legal and technology risk management leaders.
- Consult with and provide guidance to vendor risk management stakeholders on issues, conclusions and recommendations identified as part of vendor risk management profiling and assessments.
- Coordinate ongoing monitoring and assessment of vendors with IT compliance and information security groups once the initial profiling and vendor selection process has been completed.
- Assist in preparation of presentations on vendor risk management results to IT executive management.
- Participate in the ongoing performance evaluation and development of vendor risk management team members.
- Bachelor's degree in related field and/or 4 years of equivalent experience.
- A minimum of 10 years of IT related vendor risk management, technology risk management, IT compliance or audit experience
- A minimum of 10 years of experience managing individuals responsible for vendor risk management, IT compliance or other technology risk management areas.
- Demonstrated success in leading a functional group of individuals including personnel coaching and development
- Significant knowledge of information technology processes and controls and a deep understanding of risk and control frameworks (ISO, UCF, NIST, COBIT, HIPAA, PCI, etc.)
- Experience successfully communicating and presenting key project indicators, control issues and assessment conclusions to project team management, departmental and executive management.
- Proven success in working with business units and IT project team members to perform vendor technology risk profiling and assessments.
- Healthcare IT background
- Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or Project Management Professional (PMP) certifications
America’s leading not-for-profit health plan, Kaiser Permanente serves more than 9 million people from 37 hospitals and 611...