Principal Risk Analyst: Privacy - Third-Party Risk Management

WHY MAYO CLINIC

Mayo Clinic is top-ranked in more specialties than any other care provider according to U.S. News & World Report. As we work together to put the needs of the patient first, we are also dedicated to our employees, investing in competitive compensation and comprehensive benefit plans - to take care of you and your family, now and in the future. With continuing education and advancement opportunities at every turn, you can build a long, successful career with Mayo Clinic.

ABOUT THE ROLE

The Principal Risk Analyst will lead risk business operations, special projects, investigations, legal litigation, mitigation development, non-employee access and end user awareness/education. The incumbent will provide guidance to the Risk & Data (RD) unit for day-to-day operational support, including project management, and will demonstrate leadership and represent the RD on project teams, committees, strike teams, and workgroups.

DEPARTMENT: Information Security
LOCATION: Rochester, MN
REMOTE: No
JOB TYPE: Full-time

KEY RESPONSIBILITIES

- Supports and develops RD initiatives; responsible for the design of enterprise business operations, including operational growth and development.
- Leads multi-disciplinary workgroups and projects.
- Responsible for development of policies and procedures to support the organization's risk tolerance.
- Gathers and organizes information from a cross-functional investigative team.
- Works directly with Legal and Human Resources on high risk internal and external investigations.
- Works directly with Legal and External Counsel on policy, regulatory and/or litigation matters (using eDiscovery protocols).
- Completes documentation to support findings including legal reports, SBARs, and executive summaries.
- Responsible for peer review of work unit documentation.
- Develops and presents Risk training(s) geared towards Mayo Clinic leadership.
- Has extensive experience in regulatory compliance and investigations, including:
  - Deep subject matter expertise in relevant compliance laws and regulations such as privacy compliance, investigations, revenue cycle compliance, device manufacturing compliance, general compliance, and conflict of interest.
  - Understanding of and ability to apply the Seven Elements of an Effective Compliance Program.
  - Ability to carry out audits, assessments, and investigations.
  - Ability to use relevant compliance tools including GRC software, monitoring tools, and issue management software.
- Ability to follow and apply legal holds and execute proper preservation of evidence and chain of custody protocols.
- Must have technical and nontechnical communication skills (verbal and written), analytical aptitude, and project management skills.
- Demonstrates high level integrity and ability to use discretion and maintain confidential information.
- Some travel may be required.

QUALIFICATIONS

Minimum Qualifications:
- Bachelor's degree and 7 years' experience in business analysis, compliance, privacy, insider threat, information security, human resources, risk management, information science, business administration, law enforcement, health or science-related fields; OR
- Master's degree and 5 years' experience in the above fields.

Preferred Qualifications:
- Masters of Healthcare Administration, Business Administration, or Science preferred.
- Certified Fraud Examiner (CFE), Certification in Healthcare Compliance (CHC), or Healthcare Privacy Compliance (CHPC) preferred.
- JD or Master's degree preferred, or certified as CHC, CHPC, CCEP, CISSP, CISM, CITPM, or relevant equivalent certification (or will obtain within 2 years of hire).
- Professional leadership skills; ability to maintain highest level of confidentiality.
- Advanced analytical and problem-solving skills; investigation and audit experience.
- Ability to work with limited management involvement; effective training and presentation skills.
- Knowledge of operational risk best practices, effectiveness evaluations, and resources.
- Demonstrated ability to set priorities and respond to changing demands from multiple sources.
- Ability to follow-through, meet regulatory deadlines, anticipate requirements, and build relationships.
- Ability to communicate effectively with diverse groups including attorneys, physicians, patients, allied health staff, researchers, and vendors.
- Ability to work collaboratively in a team environment with minimal supervision.
- Advanced Microsoft Office skills including Excel, Word, Visio, and PowerPoint.
- Some roles require specialized skills (e.g., forensic accounting, forensic tools, insider threat, data loss prevention).
- Incumbent must be able to obtain government security clearances.

COMPENSATION

Salary: $116,043.20 - $168,292.80 per year
Organization: Mayo Clinic
Department: Information Security
Location: Rochester, MN