Compliance & Risk Analyst II
CHRISTUS System Office
CHRISTUS Information Mgmt-79100
919 Hidden Ridge
Irving, TX 75038
Share This Job On
Apply Now Compliance & Risk Analyst II Job in Irving
The Compliance and Risk Analyst is responsible for participating in efforts of measuring compliance and measuring risk throughout the Info'illation Management organization (IM). The Analyst must be familiar with and keep up-to-date with regulations, rules, and standards related to information and system control practices. The individual must understand strategic compliance goals in order to assist in the assessment and implementation of effective and efficient controls and processes. Such are designed to ensure compliance and mitigate risk throughout the IM organization. Detailed technical knowledge of healthcare industry applications in a multi-facility environment is critical in this position. The Analyst is also responsible for advising, training, and assisting customers in the analysis and development of internal controls of their systems. In addition, the Analyst is responsible for delivering quality and cost-effective solutions to all levels of users including support for both technical and functional processes. The Analyst is also responsible for supporting the business goals and objectives for the Department, the Information Management Organization, and the CHRISTUS Health organization as a whole.
- Internal and External Audit Liaison
- Works closely with both audit organizations.
- Supports IM counterparts to under control concerns and implement corrective action.
- Ensures that internal controls are represented in our guidelines/procedures and processes.
- Understands governing bodies including healthcare industry regulators/accreditors, Corporate guidelines, procedures and directives, and industry best practices (e.g., ITIL, COBIT, etc.).
- Remains current through formal and self-education efforts.
- Assists corporate and regional IM with compliance readiness and responses to audit requests (e.g., The Joint Commission, CMS, etc.).
- Disaster Recovery Planning (DRP)
- Participates in periodic review of Business Impact Assessments (BIAS).
- Facilitates the development, testing and implementation of DRP plans.
- Assesses plans on a periodic basis to ensure they are current and viable.
- IM Guidelines and Procedures
- Assists with efforts to assess compliance through scheduled periodic reviews.
- Reviews documents to ensure they are current and representative of current processes.
- Project Controls
- Participates in high priority projects to ensure proper control.
- Evaluates project plans to ensure the adequacy, effectiveness and proper completion of checkpoint controls (i.e., requirements, test result, approvals, etc.).
- Ensures that our project life cycle includes considerations for impact on DRP, guidelines and procedures, and regulatory/accreditor compliance.
- Reviews evidence supporting the project effort to ensure properly maintenance and retention for audit/compliance purposes and future reference.
- Asset Management
- Evaluates internal controls designed to assure properly accountability of assets in our financial and asset management systems.
- Due Diligence Reviews
- Performs periodic reviews to ensure compliance with established guidelines and procedures to ensure:
- Timely review and maintenance of IM guidelines and procedures.
- Proper maintenance of regulatory response materials (e.g., The Joint Commission, LabCap, etc.).
- Effective monitoring of internal and external audit deficiencies/observations ensuring that corrective action is timely, effective and sustainable.
- DRP plans are developed, current, properly maintained and tested periodically to assure plan viability and sustainability of the IM operations.
- Documents supporting SDLC efforts are properly prepared and retained in support of critical projects.
- Compliance with third-party preventive and remedial maintenance of clinical equipment (e.g., Crothall).
- Proper accountability of assets and proper destruction of assets in compliance with IM guidelines/procedures and third-party contractual terms (e.g., Arrow/Redemtech).
- Keeps abreast of developments, regulation, rules and standards associated with the healthcare industry.
- Participates in the development of processes and procedures to meet regulatory and technical control requirements.
- Communicates effectively with technical and functional representatives on risk and compliance concerns.
- Participates in meetings, identifies opportunities and makes recommendations to improve control related processes.
- Analyzes and recommends control standards and best practices to enhance the IM Compliance and Risk function.
- Manages personal workload related to open issues and requests for service to ensure requirements are met.
- Demonstrates strong communication, human relationship skills, while maintaining and demonstrating good teamwork through actions and job performance.
- Provides effective customer service by being courteous, polite and friendly at all times.
- Completes assigned training courses within HealthStream, other electronic tracking tools for educational related material or attend presentations as required.
- Ensures the services that he/she provides contribute to the successful accomplishment of the primary mission of the department.
- Bachelor degree in computer or audit or related field preferred or equivalent experience.
- Knowledge of healthcare standards related to regulation and accreditation.
- Project Management and life cycle controls.
- Strong verbal and written communication skills.
- Understanding and applying control concepts and terminology.
- Audit and investigative skills.
- Patience and strong customer service skills.
- Ability to multi-task.
- Effective time management.
- Works cooperatively with others.
- Five years of hands-on experience in info' nation systems audit/assurance, compliance and/or risk management.
- preferred Certified Information Systems Auditor, but not required.