Director IT Compliance, Audit and Risk – CAR (Remote) in Portland, Maine

Join Martin’s Point Health Care – an innovative, not-for-profit health care organization offering care and coverage to the people of Maine and beyond. As a joined force of “people caring for people,” Martin’s Point employees are on a mission to transform our health care system while creating a healthier community. Martin’s Point employees enjoy an organizational culture of trust and respect, where our values – taking care of ourselves and others, continuous learning, helping each other, and having fun – are brought to life every day. Join us and find out for yourself why Martin’s Point has been certified as a “Great Place to Work” since 2015.

Position Summary

Martin’s Point Healthcare seeks a dynamic Director of IT Compliance, Audit, and Risk (CAR) to establish and drive IT leadership alongside business partners in the programmatic execution of multiple IT regulatory and compliance initiatives. This role will oversee the comprehensive management and oversight of compliance programs, particularly focusing on System Security Plans (SSP), NIST, MAR (Model Audit Rule), CMMC (Cybersecurity Maturity Model Certification), and MBOI (Maine Bureau of Insurance) initiatives.

The Director of IT CAR will report to the Chief Information and Digital Officer (CIDO) and will create partnerships with IT leadership, including the Senior Vice President of IT, Chief Information Security Officer (CISO), Vice President Chief Technology Officer (VP/CTO), other IT directors, business partners, and the legal and compliance team.

This position offers a remote work schedule. East coast time zone applicants are encouraged to apply. In compliance with MPHC’s Department of Defense government contract, any/all persons hired for this position will need to verify their US citizenship and complete the required employment eligibility verification upon hire. Come work for a nationally certified GREAT PLACE TO WORK and dynamic IT Team! Apply today for immediate consideration.

Job Description

Key Outcomes:

Leadership and Strategy:

• Establishes and drive IT compliance, audit, and risk mitigation programs to ensure adherence to regulatory requirements and organizational policies.

• Leads and advance Compliance, Audit, and Risk (CAR) governance structures and functions within IT while ensuring key business stakeholders are activated and engaged to drive compliance programs and mitigate risk.

• Creates and maintain partnerships across IT leadership and other IT directors, as well as business partners, legal, and compliance teams.

• Provides key input and assist in the preparation of IT-related submissions of audit and regulatory responses, ensuring accuracy and completeness in compliance with regulatory guidelines.

• Manages people and teams, including mentoring, developing, and overseeing performance.

  Regulatory Projects:

• Executes key projects across global technology services to deliver against regulatory commitments.

• Identifies and assess IT regulatory risks and propose appropriate mitigation strategies.

• Provides regulatory input to risk management activities, including risk assessments and risk mitigation plans.

  Compliance Program Management:

• Develops, implements, and maintains a comprehensive IT compliance governance model and program that includes performance auditing, monitoring, and reporting, all feeding into larger IT governance structures and functions.

• Creates and revise policies and procedures and develop and follow through on corrective action plans.

• Identifies potential IT-specific compliance risks and lead mitigation planning activities to support corrective action plans.

• Collaborates with Corporate Compliance & Legal on IT compliance, audit, and risk progress, and mitigation plans, and seek expert consultation.

  New Regulatory Guidance:

• Identifies, research, and disseminates new IT-specific regulatory guidance in collaboration with Legal & Compliance.

• Provides leadership across the IT department and business to evaluate new guidance, prepare gap analyses, and ensure timely implementation and alignment with IT and business departmental operations.

• Maintains comprehensive documentation (internal and external audit documentation) of activities for internal and external audits.

  Audits, Monitoring, and Reporting:

• Fosters an “audit-ready” culture within the IT department.

• Coordinates internal and external audit activities, as well as internal monitoring and reporting activities, with IT senior management, Corporate Compliance & Legal, and other business units.

• Creates and update audit IT-specific universes, review audit results, and ensure timely follow-up communication and corrective actions.

• Documents audit and performance improvement activities comprehensively.

  Organizational Interactions:

• Assists in developing IT compliance best practices and advise internal management and business partners on IT CAR program implementation and progress.

• Collaborates with cross-functional teams, especially the IT Security Team, to conduct various IT compliance reviews (e.g., NIST, IT Policy, IT Best Practice) to identify issues and areas for improvement in IT processes and systems.

• Facilitates timely remediation of issues and implementation of recommended improvements with various IT teams, including the IT PMO to help track and support key initiatives.

  Education/Experience:

• Bachelor’s degree in Information Systems, Cybersecurity or equivalent combination of education and experience; Master’s degree preferred.

• 10 years’ experience in a technical lead role in health care.

We are an equal opportunity/affirmative action employer.

Do you have a question about careers at Martin’s Point Health Care? Contact us at: jobinquiries@martinspoint.org

Martin’s Point Health Care is a progressive, not-for-profit organization providing care and coverage to the people of Maine and beyond. The organization operates six primary care health care centers in Maine and New Hampshire, accepting most major insurance plans. Martin’s Point also administers two health plans: Generations Advantage (Medicare Advantage plans available throughout Maine and New Hampshire), and the US Family Health Plan (TRICARE Prime® plan for active-duty and retired military families in northern New England, upstate New York, and western Pennsylvania). For more information, visit https://careers.martinspoint.org .