|GEHA is an Equal Opportunity Employer with five locations in the Kansas City metropolitan area. Our company's corporate headquarters is located in Lee's Summit near Douglas Rd and I-470. The claims processing office and call center is located in Independence near Little Blue Parkway and I-70. All offices are easily accessible by freeway from anywhere in the Kansas City metro area.
Open Positions: 1
Location: Lee’s Summit, MO (201 Building)
Contributes to the Enterprise Risk Management department’s vision, mission and purpose, to effectively manage risks, drive strategy, maximize opportunities and adequately manage threats. Assists in building a risk-aware and control-conscious culture by contributing to the development, implementation and administration of a strategic, comprehensive and holistic governance framework, enterprise risk management program, business continuity management program and crisis management program. Assists the Manager, Enterprise Risk Management with managing and administering a holistic enterprise risk management framework focused on continuously identifying, analyzing, evaluating, monitoring and managing strategic, financial, legal, regulatory, continuity and operational risks in the best interest of GEHA’s overarching mission, goals and objectives.
• Promotes a risk-aware and control-conscious culture.
• Assists with managing, administering and continually improving GEHA’s governance, enterprise risk management, vulnerability and threat management, business continuity management, crisis management and incident response programs.
• Assists with designing, developing, managing and administering the enterprise risk metric and key risk indicator (KRI) framework.
• Assists with designing, developing, managing and administering the enterprise risk appetite and risk tolerance framework.
• Assists with managing the GEHA Enterprise Risk Committee (ERC)
• Assists with developing a macro-level view of risk across the enterprise.
• Assists with developing a holistic, top-down and bottom-up approach to enterprise risk management.
• Assists with managing and administering the Archer Governance, Risk and Compliance (GRC) solution.
• Provides research-based input on risk mitigation, risk/reward relationship and tolerance setting.
• Facilitates and conducts risk assessments and maturity assessments of programs, business processes, services and supporting information technology.
• Facilitates and conducts business impact analysis and risk assessment activities in support of GEHA’s business continuity, disaster recovery programs.
• Evaluates GEHA’s programs, processes, risks and controls against globally established governance, risk, security, assurance and control frameworks such as COSO, OCEG Redbook, COBIT, NIST CSF, NIST 800-53, ISO 31000, ISO 27001, ISO 22301 and ITIL.
Requires a Bachelor’s degree in Accounting, Finance, Insurance, Risk Management, Computer Science, Information Systems, or related discipline. Additional years of professional experience may be considered in lieu of formal education and certification requirements. Requires one or more of the following certifications: CPA, CIA, ASA, CISSP, CISM, CRISC, CISA, CGEIT, GIAC or related risk management certifications. Additional certifications focused on governance, risk management, compliance, audit, assurance, security and insurance may be considered.
Requires 5 years of governance, risk management, audit, assurance, compliance, business continuity and/or information security experience. Must have a fundamental understanding of governance, risk, compliance and security frameworks (e.g., COSO, COBIT, NIST 800-53, ISO 31000, etc.). RSA Archer GRC solution experience preferred. Ability to work collaboratively with team members across multiple divisions and departments. Ability to lead and direct cross-functional teams in support of GEHA’s Governance, ERM, BCM, VTMT, Crisis Management and Incident Response programs. Ability to design, develop, prepare and present governance, security and risk management related material to the Board of Directors, Executive Management and Senior Management. Must have thorough knowledge of Microsoft Office applications and effective verbal and written communication skills to communicate with and make presentations to the Board of Directors, Executive Management and Senior Management.