Description

The ITRM CAAS Consultant IV role is an individual contributor position within the Controls Assessment Services (CAS) team, part of KP-s Technology Risk Office. This role is responsible for evaluating the design of information security controls across complex technology and business environments. This position conducts control design testing, gap analysis, and risk assessments to ensure alignment with internal information security controls and external regulatory requirements, including HIPAA and PCI DSS. The role partners closely with KP-s business information security officers, security architecture, cloud security, and technology owners to validate that controls are appropriately designed and implemented. Findings and recommendations are documented to support risk remediation, compliance objectives, and continuous improvement of the organization-s security posture.

Job Summary:

This individual contributor role executes and/or assists in the planning and execution of ITRM compliance assessment and consulting projects, as well as driving and coordinating the design and implementation of appropriate controls. Additionally, this role manages medium-size ITRM service delivery and engagements, and components of larger initiatives. This role also develops ITRM processes and/or methodology for designated ITRM initiatives by documenting process and/or methodology requirements and acceptance criteria from process owners and key stakeholders and collects and reports performance metrics using company software/reporting tools.

Essential Responsibilities:

• Completes work assignments and supports business-specific projects by applying expertise in subject area; supporting the development of work plans to meet business priorities and deadlines; ensuring team follows all procedures and policies; coordinating and assigning resources to accomplish priorities and deadlines; collaborating cross-functionally to make effective business decisions; solving complex problems; escalating high priority issues or risks, as appropriate; and recognizing and capitalizing on improvement opportunities.
• Practices self-development and promotes learning in others by proactively providing information, resources, advice, and expertise with coworkers and customers; building relationships with cross-functional stakeholders; influencing others through technical explanations and examples; adapting to competing demands and new responsibilities; listening and responding to, seeking, and addressing performance feedback; providing feedback to others and managers; creating and executing plans to capitalize on strengths and develop weaknesses; supporting team collaboration; and adapting to and learning from change, difficulties, and feedback.
• Develops ITRM processes and/or methodology for designated ITRM initiatives by documenting process and/or methodology requirements and acceptance criteria from process owners and key stakeholders; and collecting and reporting performance metrics using company software and reporting tools.
• Executes and/or assists in the planning of ITRM compliance assessments and consulting projects by conducting intake, planning and coordination activities for new or revisions to technology systems or services; and driving and coordinating the design and implementation of appropriate controls through the sustainment phase.
• Manages ITRM service delivery and engagements of medium size or complexity, or components of larger initiatives by managing multiple workstreams, including stakeholder communications and team mentorship; and managing financials for assigned initiatives.

Knowledge, Skills and Abilities: (Core)

• Ambiguity/Uncertainty Management
• Attention to Detail
• Business Knowledge
• Communication
• Critical Thinking
• Cross-Group Collaboration
• Decision Making
• Dependability
• Diversity, Equity, and Inclusion Support
• Drives Results
• Facilitation Skills
• Health Care Industry
• Influencing Others
• Integrity
• Learning Agility
• Organizational Savvy
• Problem Solving
• Short- and Long-term Learning & Recall
• Teamwork
• Topic-Specific Communication

Knowledge, Skills and Abilities: (Functional)

• Applied Data Analysis
• Business Operations
• Conflict Resolution
• IT Compliance
• IT Governance
• IT Quality Assurance
• IT Standards, Procedures & Policies
• Information Security Audits
• Managing Diverse Relationships
• Mentoring and Coaching
• Negotiation
• Organizational Skills
• Service Focus
• System and Technology Integration
• Technical Documentation

Minimum Qualifications:

• Bachelors Degree in MIS, Information Security, Accounting, Finance, Audit, or related field and Minimum six (6) years experience in IT risk management, compliance, auditing, or information security. Additional equivalent work experience in a directly related field may be substituted for the degree requirement.

Preferred Qualifications:

• Two (2) years in an informal leadership role working with business or technical teams.
• Two (2) years of work experience in a role requiring interaction with senior leadership (e.g., Director level and above)
• Three (3) years experience writing ITRM documentation and assessment reports.
• One (1) year developing IT compliance frameworks or ITRM methodologies.
• Three (3) years experience working in a large matrixed organization.
• CISSP or comparable certification.
• CISM or comparable certification.
• CISA or comparable certification.
• QSA or ISA certification.
• PMP certification.
• ITIL certification.
• DBMS certification.
• Master's Degree in MIS, Information Security, Accounting, Finance, Audit, or related field.
• Three (3) years experience working with IT general controls (e.g., IT change management, access controls, security controls, etc.).
• Three (3) years experience working with database and security technologies.

Primary Location: Georgia,Atlanta,Pershing Point Plaza IT

Additional Locations:

• Portland
• Denver
• Greenwood Village
• Hyattsville
• Renton

Scheduled Weekly Hours: 40
Shift: Day
Workdays: Mon, Tue, Wed, Thu, Fri
Working Hours Start: 08:01 AM
Working Hours End: 05:01 PM
Job Schedule: Full-time
Job Type: Standard Worker Location: Flexible
Employee Status: Regular
Employee Group/Union Affiliation: NUE-IT-01|NUE|Non Union Employee
Job Level: Individual Contributor
Department: KPIT ADMIN - CRisk AssessConsult - 9601
Pay Range: $128700 - $166430 / year Kaiser Permanente is committed to pay equity and transparency. The posted pay range is based on possible base salaries for the role and does not include the value of our total rewards package. Actual pay determined at offer will be based on years of relevant work experience, education, certifications, skills and geographic location along with a review of current employees in similar roles to ensure that pay equity is achieved and maintained across Kaiser Permanente. Travel: Yes, 10 % of the Time Flexible: Work location is on-site at a KP location, with the flexibility to work from home. Worker location must align with Kaiser Permanente's Authorized States policy. Kaiser Permanente is an equal opportunity employer committed to fair, respectful, and inclusive workplaces. Applicants will be considered for employment without regard to race, religion, sex, age, national origin, disability, veteran status, or any other protected characteristic or status.
Requisition #: 1416354

bx2d9wfr1