Location: Boston,MA, USA
**Why This Role is Important to Us:**
The Senior Vice President, Internal Audit & Enterprise Risk Management (Remote) will lead the company's Internal Audit Program and activities as well as the organization's Enterprise Risk Management (ERM) Program and activities. The Internal Audit Program will employ a risk-based approach in focusing audit resources on the highest risks while providing audit coverage across the organization and performing objective analyses of strategic, financial, operational, governance/compliance, clinical, technological, internal controls, and risk management processes by planning, executing, and reporting results for audits, corrective action plans, and control development/testing. The ERM Office and Program will need to be built/rebuilt from the ground up, and, while a separate and distinct office/program from Internal Audit, they will both need to be built, structured, operationalized, led, and administered in a highly complementary and mutually reinforcing manner. The ERM Program will account for all relevant COSO, ISO, and/or other industry standards and best practices, and it will also ensure strong compliance with, and adherence to, the Own Risk & Solvency Assessment (ORSA) framework, standards, and required set of activities. The ERM Program will be a highly effective, right-sized, and fit-for-purpose program and set of annual activities that facilitate the strong, clear, and effective identification, evaluation, monitoring, management, mitigation, and reporting of relevant enterprise risks in a structured, coordinated, and consistent manner across the enterprise. Both Internal Audit and ERM will be designed, built, implemented, operationalized, led, and administered in a strategic, business-minded and -enabling, consultative, and collaborative manner that supports and facilitates the organizational objectives, strategy, and business success while simultaneously safeguarding and adhering to the substantive independence that both functions require.
**What You'll Be Doing:**
+ Sets a vision and strategy for Internal Audit, internal controls, and Sarbanes-Oxley (SOX) compliance in alignment with CCA's priorities and business objectives while supporting a robust and broader risk management framework.
+ Establish and manage an effective Internal Audit program, and utilize findings to make recommendations and provide guidance for building robust internal controls that will:
+ Reduce risk for the organization;
+ Ensure effective internal controls are in place to mitigate risk;Improve effectiveness and efficiency of operations; andEstablish reliability of financial reporting and controls.
+ Build and lead Enterprise Risk Management (ERM) Office, Program, activities, and assessments to effectively identify, evaluate, manage, mitigate, monitor, and report on enterprise risks in a manner that helps to inform the annual Internal Audit plan and activities, and that supports and facilitates organizational strategy, business objectives, and effective financial, operational, compliance and governance controls.
+ Designs, builds, implements, operationalizes, leads, and administers highly effective and efficient enterprise risk assessments (ERAs), enterprise risk registers and matrices, ERM risk appetite statements (e.g., risk target, limit, and tolerance criteria and thresholds, etc.), enterprise risk tracking/monitoring and reporting, enterprise risk scorecards and dashboards, ERM Office senior leadership and Board/Audit Committee materials and reports, ORSA and other regulatory reports/submissions (e.g., Form F, climate change risk surveys, Corporate Governance Annual Disclosures, etc.), and any and all other ERM-related programs, protocols, processes, activities, reports, updates, and responsibilities.
+ Performs annual enterprise (and audit) risk assessments, and develops annual internal audit plans for the organization.
+ Builds and leads all cross-organizational NAIC and state-driven Own Risk & Solvency Assessment (ORSA)-related activities, as well as the compilation and submission of the company's annual ORSA Summary Report to relevant regulators.
+ Develops, builds, and executes a risk-based operational audit plan that clearly defines the objective and scope of each review.
+ Displays teamwork, integrity and leadership. Works collaboratively and develops strong relationships with business units and operational areas, builds respect for the Internal Audit and ERM functions, and develops the organization's appreciation for a strong internal control environment.
+ Maintains proactive involvement in business activities related to new products/services, systems development, systems conversions, emerging risks, and process reengineering to ensure that control and ERM considerations are evaluated in the early stages. Coordinates with operational functions to identify and assess both enterprise and internal control risks.
+ Establishes objectives and scopes for audits, oversees and executes the procedures, discusses observations with CCA management, and prepares/reviews reports.
+ Ensures audits are executed and reported on within agreed-upon timetables and budgets.
+ Reviews business processes/procedures and evaluates controls in the health plan and clinical operations of CCA.
+ Provides executable recommendations that improve operations, controls, and how the business is managed. Facilitates the sharing of relevant information and best practices across the organization.
+ Interacts with external auditors to coordinate audit response for regulatory and financial audits.
+ Effectively communicates audit observations, internal control deficiencies, and recommendations, including discussions with executives and forging alignment and consensus. Prepares clear and concise written audit reports, ERM reports, and Audit Committee meeting presentations.
+ Sources, implements, operationalizes, and uses relevant GRC tools and software to support and accomplish Internal Audit and ERM programs and activities.
+ Develops, tracks, monitors, and reports on all relevant Internal Audit and ERM metrics, KPIs, KRIs, etc.
+ Builds and leads high-performance Internal Audit and ERM programs, teams, and staffs to accomplish results through effective recruitment, selection, training, development, performance management, and recognition.
+ Other duties as assigned.
**What We're Looking For:**
Required Education:
+ Bachelor's degree in a business, health care or related area of study
+ CPA and/or CIA certifications, and/or prior relevant work experience in the role
Desired Education:
+ An advanced degree is preferred (e.g., JD, MBA, or Masters in Business/Finance/Accounting)
+ CISA or other relevant professional certifications
Required Experience:
+ 15+ years of Internal Audit, ERM, internal controls and assurance, financial, accounting, and/or relevant business operations experience, with a minimum of 8 years in a senior-level Internal Audit and/or ERM management/leadership role.
+ 8+ years of experience in healthcare industry with strong preference for health insurance, health plan, payer, managed care, and government programs (e.g., Medicare, Medicaid, MMP, Duals, SNP, LTSS, and behavioral health) focus.
+ 10+ years of managerial and people leadership experience.
+ Demonstrated experience in managing a portfolio of audits, concurrent oversight and execution of multiple projects, and evaluating controls associated with complex business processes.
+ Experience in managing integrated audits that address a combination of financial, operational, governance/compliance, clinical, and technology/systems objectives.
+ Demonstrated experience in designing, building, implementing, operationalizing, and leading all aspects of a high-performing, full-service, and wide-ranging ERM Program, with hands-on ORSA experience and knowledge strongly preferred.
+ Experience in executing internal corporate investigations and reviews.
+ Demonstrated experience, skills, and knowledge of/with IIA Professional Practices and Standards.
+ Demonstrated experience, skills, and knowledge of/with COSO, ISO, and all relevant ERM frameworks, standards and best practices.
Knowledge, Skills & Abilities:
+ Strong experience and expertise in the compilation of multi-stakeholder executive-level reporting, including but not limited to the Board, relevant Board Committees (e.g., Finance, Risk, Audit, and Compliance Committees), and executive leadership.
+ Strong acumen and understanding of healthcare, health insurance, health plan, and managed health care organizations required, with a strong preference for government programs (e.g., Medicare, Medicaid, MMP, Duals, SNP, LTSS, and behavioral health).
+ Excellent organizational, analytical and problem-solving skills, as well as oral, listening and written communication skills, required.
+ Strong computer and IT skills required, including highly advanced Microsoft Office, Excel, PowerPoint, Word, Visio and Project Management expertise, among other relevant programs.
+ Strong ability and comfort in operating in a matrixed, complex, integrated, fast-paced and entrepreneurial environment, and within a cross-organizational and departmental setting wherein key stakeholders don't necessarily report to you.
+ Excellent interpersonal, collaboration, communication (verbal and written), and presentation (formal written and verbal) skills.
+ Extremely strong emotional intelligence (EQ) and ability to build sustainable working relationships, partnerships, consensus and coalitions with all stakeholders across the organization.
+ Open, transparent, collaborative, consultative, and communicative, and strong ability to navigate through disagreement, strike the optimal balance, and utilize sound judgment and discretion. Strong mentor and role model for staff and company personnel.
+ Proven ability to function independently and exercise strong judgment and leadership in accordance with relevant legal/regulatory/contractual/industry standards and requirements as well as the organization's strategic/business/operational objectives within a dynamic and fast-paced entrepreneurial environment. Strong and proven ability to optimally balance Internal Audit and ERM objectives with the organizational strategic and business objectives in a mutually reinforcing manner.
+ Strong and demonstrated strategic thought leadership, emotional intelligence, and executive polish, presence and communication skills, including the ability to effectively influence various stakeholders across the organization.
+ Demonstrated ability to work effectively under tight deadlines and changing needs.
+ Self-starter with the ability to define, coordinate, and direct assignments with strong attention to detail without losing sight of the broader and more macro strategic objectives and environment. Highly organized, logical, linear, and process-oriented in both approach/planning and execution.
+ Strong moral compass and commitment to organizational integrity, ethics, and values-based decision-making.
Language(s):
+ English
EEO is The Law
Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled
Please note employment with CCA is contingent upon acceptable professional references, a background check (including Mass CORI, employment, education, criminal check, and driving record, (if applicable)), an OIG Report and verification of a valid MA/RN license (if applicable). Commonwealth Care Alliance is an equal opportunity employer. Applicants are considered for positions without regard to veteran status, uniformed service member status, race, color, religion, sex, national origin, age, physical or mental disability, genetic information or any other category protected by applicable federal, state or local laws.