Information Risk and Governance Practitioner

CDPHP and its family of companies are mission-driven organizations that support the health and well-being of our customers and the communities we are proud to serve. CDPHP was founded in Albany in 1984 as a physician-guided not-for-profit, and currently offers health plans in 29 counties in New York state. The company values integrity, diversity, and innovation, and its corporate culture supports those values wholeheartedly. At CDPHP, the employees have a voice and are encouraged to make an impact at both the company and community levels through engagement and volunteer opportunities. CDPHP invests in employees who share these values and invites you to be a part of that experience.

The Information Risk and Governance Practitioner is a mid-level position reporting to the Information Risk and Governance Manager. The role is responsible for supporting all elements of the Information Risk and Governance program including 3rd party vendor reviews, information security policies and procedures, risk assessments, training and awareness, external/internal IT audit support, management and facilitation of control issues to ensure remediation, regulatory compliance, management reporting, and communication of risk. The practitioner will contribute to compliance of the program (HIPAA Security, DFS Cyber Security regulation, etc.) by providing recommendations to management based on risk and the cost/benefit to the corporation.

QUALIFICATIONS:

• Associates degree required. Two (2) years relevant experience may be substituted for degree.
• CISSP, CRISC, CISA, CISM, or other information security related certifications are a plus but not a requirement. Individual must be willing to obtain such certifications as directed by management.
• A minimum of three (3) to seven (7) years, information security, information risk management, information risk assessment, business continuity, or IT auditing required.
• Familiarity with State and Federal compliance regulations including HIPAA/HITECH, NYS DFS Cybersecurity Regulation required.
• Knowledgeable on generally accepted security practices, including Information security principles, procedures, and controls required.
• Working knowledge of information technology and the risks associated with these technologies required.
• Excellent verbal and written communications skills are required.
• Demonstrated ability to assess risk and make solid recommendations required.
• Demonstrated ability to work collaboratively in the team environment is required.
• Ability to work independently required.
• Knowledge and understanding of IT Controls, COBIT, risk management, IT auditing preferred .
• Experience working with or supporting a Governance, Risk and Compliance tool is preferred.
• Experience working in the healthcare or insurance industry is a preferred.
• Experience working on system implementations and projects preferred.

As an Equal Opportunity / Affirmative Action Employer, CDPHP does not discriminate in employment practices on the basis of race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, transgender status, age, national origin, marital status, citizenship, disability, criminal record, genetic information, predisposition or carrier status, status with respect to receiving public assistance, domestic violence victim status, protected veterans status, or any other characteristics protected under applicable law. To that end, all qualified applicants will receive consideration for employment without regard to any such protected status.

CDPHP and its family of companies include subsidiaries Acuitas Health LLC, Strategic Solutions Management Consultants (SSMC), Practice Support Services (PSS), and ConnectRX Services, LLC.