Senior Risk and Compliance Analyst

Highmark Health
Seattle; Washington, US
On-site

Job Description

Company :

Highmark HealthJob Description :

JOB SUMMARY

This job works collaboratively to support of all risk and compliance assessment activities of Highmark Health across a broad range of frameworks including NIST, HITRUST, PCI, HIPAA, SOC, MAR, CMS, JCAHO, etc. The incumbent will partner with the organizational risk and business partners, the technology organization, and global delivery teams to meet Highmark Health’s mission requirements in a manner consistent with the enterprise risk appetite. This individual must have a proactive mindset and approach, and feel comfortable working in a highly matrixed environment.

ESSENTIAL RESPONSIBILITIES

  • Plan and conduct risk assessment activities according to the appropriate framework, including but not limited to NIST, HITRUST, PCI, HIPAA, SOC, MAR, CMS, JCAHO, in order to identify, assess, prioritize, evaluate and address financial, information security, privacy, and other areas of risk. Prepare draft reports and other management reporting deliverables. Review all work prepared by less experienced team members to ensure audit quality standards are consistently met in all forms of documentation.
  • Review and interpret inherent risk assessment results, engagement risks, and develop assurance plans (e.g., on-site audit, contract review, financials assessment, purchasing data analysis) to address relevant risk areas and to ensure proper controls are implemented. Accountable for the review and interpretation of authoritative guidance (including, but not limited to NIST, HITRUST, PCI, HIPAA, SOC, MAR, CMS, JCAHO reports) and performs qualitative and quantitative impact assessments based on physical, technical, and administrative safeguards as well as contractual requirements; conducts additional information gathering and risk assessments as-needed; documents and reports results.
  • Lead development of project plans to support risk assessment and decisioning in coordination with business owners and other stakeholders within task-based budgets. Collaborate and communicate with Information Security, Privacy, Procurement, Audit, Compliance, and other teams across the Enterprise to align risk management objectives, practices and procedures.
  • Interface with business areas, technical staff, project teams, and third parties to execute cross-functional risk assurance projects. Lead the communication of assessment results and findings with multiple stakeholder groups and provides consultation and direction throughout.
  • Interpret complex data flow/ information sharing activities, customer integrations, and information safeguards into simplified and high-level terminology and/or process/data flows. Maintains risk management reporting dashboards in RSA Archer applications in order to keep information complete, accurate, and current. Prepare and assist with the delivery of risk assurance reports to management.
  • Ensure risk questionnaires and other risk assessments are distributed and completed on-time and prepares initial impact assessments. Ensure compliance requirements are met across the Enterprise. Assist in training and mentoring team members on multi-faceted engagements, platform customer dependencies, and interpretation of complex contract agreements.
  • Collaborate with lead in providing input and consultation on risk and assurance reporting. Collaborate and consult with other areas (e.g., Procurement, Privacy, Information Security, Legal) throughout the engagement lifecycle Assist in providing timely feedback on interpretations regarding authoritative guidance.
  • Proactively reviews updates made to departmental desk-level procedures, risk assessment methodology, assessment procedures, questionnaires, training, etc. and is responsible for monitoring compliance with departmental metrics, internal control activities, contractual obligations, regulatory requirements, and responding to customer inquiries / audits.
  • Other duties as assigned or requested

EDUCATION

Required

  • Bachelor's Degree in Accounting, Finance, Business Administration/Management, Information Technology, Pre-Law, or related field

Substitutions

  • 6 years of related and progressive experience in lieu of Bachelor's degree

Preferred

  • Master's Degree in Accounting, Finance, Business Administration/Management, Information Technology, Pre-Law, or related field

EXPERIENCE

Required

  • 5 years in Audit and Compliance

To Include:

  • 3 years of Business Process Design
  • 3 years of Project Management

Preferred

  • None

LICENSES or CERTIFICATIONS

Required

  • None

Preferred (any of the following)

  • Certified Public Accountant (CPA)
  • Certified Information Systems Analyst (CISA)
  • Certified Information Privacy Professional (CIPP)

Certified Information Systems Security Professional (CISSP)

SKILLS

  • Demonstrate expert knowledge of business and technology processes, risk and control frameworks, and assessment methodologies, particularly as applied to healthcare (payer and provider) business proce

Skills & Requirements

Technical Skills

Risk assessmentComplianceNistHitrustPciHipaaSocMarCmsJcahoInformation securityPrivacyContractual requirementsData flowInformation sharingCustomer integrationsInformation safeguardsRisk managementReportingTrainingMentoringCommunicationLeadershipCertified public accountant (cpa)Certified information systems analyst (cisa)Certified information privacy professional (cipp)Certified information systems security professional (cissp)HealthcareRisk managementCompliance

Employment Type

FULL TIME

Level

senior

Posted

5/1/2026

Apply Now

You will be redirected to Highmark Health's application portal.

Sign in and we'll score your resume against this role.