Risk Management Lead Jobs in Pennsylvania

INTRODUCTION

Bring your drive for excellence, team orientation, and customer commitment to Independence; help us renew and reimagine our business and shape the future of health care.

ROLE AND RESPONSIBILITIES

The Lead Privacy Compliance Analyst serves as a senior individual contributor within the Privacy Office, leading key privacy compliance activities across the organization. Acts as a subject-matter expert on HIPAA privacy requirements, privacy risk management, and regulatory compliance. Independently manages the complex member rights processes and escalated privacy inquiries. Ensures timely, accurate, and risk-based resolution of privacy inquiries. Prepares and analyzes privacy metrics and trend reports to support leadership oversight and continuous improvement. Responds to inquiries from internal stakeholders, members, employer groups, and regulators. Partners with Legal, Security, Compliance, and business leaders to strengthen enterprise privacy governance, incident prevention, and regulatory readiness.

Works collaboratively with business leaders and Legal and Security teams involved with the release/transmission of Protected Health Information (“PHI”), to ensure compliance with organizational policies and applicable state and federal laws.

Independently plans and conducts privacy audits and targeted reviews, documents findings and risk ratings, facilitates corrective action plans, and escalates issues to Privacy leadership as appropriate. Acts as Privacy contact for business and group requests involving the release, storage, transmission, destruction, security, sharing, and any other use of Personally Identifiable Information (“PII”) and/or Protected Health Information (“PHI”), to ensure full coordination and cooperation under the organization's policies and procedures as well as state and federal law. Leads privacy-related vendor management activities, including supporting the review and analysis of vendor privacy and security assessments, Business Associate Agreements (BAAs), and confidentiality agreements; evaluates vendor risk, documents mitigation strategies, and supports remediation of identified gaps.

Responsibilities:

• Leads and provides expert guidance on HIPAA privacy inquiries and the member rights process, including the authorization, personal representative, and confidential communications processes.
• Designs and delivers enterprise-wide privacy and incident response training; promotes a culture of privacy awareness. Supports privacy incident investigations, root cause analysis, and corrective action planning in coordination with Legal and Security.
• Leads proactive and strategic initiatives of the Privacy Office, including enterprise-wide privacy and incident response training, data oversight process implementation, and the tracking of privacy trends to ensure loss prevention and privacy incident avoidance.
• Assists with vendor management activities, including the distribution and analysis of vendor privacy and security assessments, analysis of vendor Business Associate Agreements, evaluating requests for deviations from our standard terms against applicable policies, and assisting with the development of corrective action plans in cases of potential vendor non-compliance.
• Responsible for the review and processing of confidentiality agreements and member data requests to release data to external recipients.
• Assists with group requests involving the release, storage, transmission, destruction, security, sharing, and any other use of Personally Identifiable Information (“PII”) and/or Protected Health Information (“PHI”), to ensure full coordination and cooperation under the organization's policies and procedures as well as state and federal law.
• Leads the annual privacy risk assessment and supports remediation planning and process improvements.
• Assists with responses to requests for proposals from employer groups.
• Independently conducts an annual privacy risk assessment, provides feedback to the Manager, and participates in the development of business area process improvements related to the assessment findings.
• Responsible for independently conducting privacy office audits, facilitating corrective action plans (if necessary), compiling audit summaries, and escalating compliance issues to the Manager. Responsible for tracking business associate files and performing audits of those files to ensure accuracy.
• Responsible for the annual offshore subcontractor audit, audit summary, and assists with the development of corrective action plans (if necessary).
• Responsible for the annual review and revision of the privacy office desk procedures.
• Responsible for maintaining department documentation in accordance with the records retention policy.
• Other duties as assigned.

BASIC QUALIFICATIONS

• Undergraduate degree preferred, although commensurate work experience will be considered.
• Minimum 3-5 years progressive related experience in a managed care setting, preferably in a privacy regulatory compliance environment.
• Experience independently leading audits, risk assessments, or compliance reviews strongly preferred.
• Experience reviewing and analyzing contracts preferred.
• Must be able to work with a team on multiple, simultaneous projects and demonstrate strong leadership skills.
• Strong writing skills required.
• Demonstrated ability to define business solutions, make decisions, identify problems, coordinate resources, and implement changes.
• Proven effective communication and analytical skills required to lead, convey complex ideas and concepts internally and across appropriate cross-functional entities.
• Knowledge of process improvement, project management, and system testing methods, best practices, and analysis.
• Effective facilitation and presentation skills necessary to demonstrate business solutions in a clear and concise manner.
• Must be detail-oriented, able to multitask, and understand corporate objectives. Ability to follow through on the project life cycle while maintaining target deadlines.
• Must be able to work independently on projects.
• Proficiency in Microsoft Office (including Excel) and collaboration tools such as Copilot; experience developing reports, tracking metrics, and managing documentation preferred.

LOCATION

Independence has implemented a “Hybrid” model which consists of Associates working in the office 3 days a week (Tuesday, Wednesday & Thursday) and remotely 2 days a week (Monday & Friday). This role is designated as a role that fits into the “Hybrid” model. While associates may work remotely on our designated remote days, the work must be performed in the Tri-State Area of Delaware, New Jersey, or Pennsylvania.

IBX is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to their age, race, color, religion, sex, national origin, sexual orientation, protected veteran status, or disability.

Must have an Android or iOS device which is compatible with the free Microsoft Authenticator app.