Director, Quality Controls & Compliance - Cybersecurity (Hybrid based in Dallas, TX)

Tenet Healthcare Corporation (NYSE: THC) is a diversified healthcare services company headquartered in Dallas with more than 100,000 employees. Through an expansive care network that includes United Surgical Partners International, we operate 60 hospitals and approximately 460 other healthcare facilities, including surgical hospitals, ambulatory surgery centers and imaging centers and other care sites and clinics. We also operate Conifer Health Solutions, which provides revenue cycle management and value-based care services to hospitals, health systems, physician practices, employers and other clients. Across the Tenet enterprise, we are united by our mission to deliver quality, compassionate care in the communities we serve. For more information, please visit www.tenethealth.com.

Are you a leader who is ready to lead the charge in transforming the way we ensure effectiveness of and compliance with our IT and Sarbanes-Oxley (SOX) audits? This role will lead second line of defense for IT and SOX audits across Tenet, USPI and Conifer business functions and work closely with IT and application control owners (first line of defense), management action plan owners, and Internal and External Audit.

We are seeking an experienced Quality Controls & Compliance (QCC) Director to lead and manage second line of defense activities within our Cybersecurity organization, to monitor and provide guidance to first line risk management activities and implements second line controls including user access reviews such as full scope, termination as well as other critical IT audit reviews. This role will work with the Tenet leadership to protect the confidentiality, integrity and availability of patient, employee, and business information in compliance with organization policies and procedures. We are a highly regulated, publicly traded healthcare company, and this role is critical in monitoring our sensitive data and continuously mitigating risks. The director will collaborate with IT, Security, Business, end users, HR, Compliance and external and internal audit teams to design, implement and maintain user access governance, controls and frameworks. 

A primary focus for this role will be working across Tenet and its business lines to evaluate whether IT and SOX risks to the organization are identified and minimized, acceptable internal controls and procedures are followed, resources are used efficiently and economically, and the organization's objectives are effectively achieved. This is an active, hands-on role, responsible for end-end management, planning, design, process optimization and efficiencies, leadership and communication and collaboration with our Internal Audit and External Audit teams. 

REPORTING STRUCTURE & WORK SETTING

Position reports directly to the Senior Director, Identity Access and Application Security, as part of the Enterprise Cybersecurity function led by Chief Information Security Officer. Position will be officed in our Dallas, Texas Corporate office, or may be eligible for remote work for the right candidates. 

OTHER REPRESENTATIVE DUTIES

• This position will be expected to be familiar with and able to perform the following audit tasks in line with existing Tenet Policy:
  • User Access Reviews (All layers)
  • Termination Testing (All layers)
  • Full Access Reviews
  • Privileged Access Reviews
  • Password Reviews (System Parameter/Configuration Settings)
  • Generic Account Reviews
  • Change Management Reviews
• Evaluates IT general controls (ITGC) including user access, information security, systems development life cycle (SDLC), change management, data center / physical security, data backup and recovery, business continuity, and associated risk exposures.
• Completes Financial Reporting Control (SOX) test work and documentation.
• Performs current state assessment and develops plan and roadmap for future state including process optimization and transformation of the program.
• This role will participate in Annual Budget planning and developing business cases.
• Develops Audit Management Action Plans and makes sure they are followed through on time and in budget.
• Creates automated dashboard to measure the effectiveness of the program and reporting to executives.
• Collaborates with Internal Audit team to understand their processes and ensure testing results and proofs.
• Communicates with External Auditors and become a single point of leadership from Tenet
• Assists in maintaining documentation of deliverables, current procedures, and internal system-specific knowledge and develops KPIs and metrics to measure the progress
• Be the point person for the technology and business teams and escalation point
• Be effective people leader who can guide, coach, and motivate team members and develop career path and guidance for the team. Help solve conflicts within team.
• Will be responsible for performance management of the direct reports.

EDUCATION AND WORK EXPERIENCE

• 12+ years of work experience
• Bachelors/Masters’ Degree or related technology degree
• Certifications preferred – PMP, ITIL, Identity Certifications
• CISSP, CISA, CISM, and/or International Information System Security Certification Consortium certification is a plus.

SPECIALIZED KNOWLEDGE, SKILLS & ABILITIES:

• The ability to identify/assess business process and IT risks, design appropriate audit steps and plan, execute and wrap up audits
• Good working knowledge of SOX, HIPAA principles, concepts, and practices
• Strong interpersonal skills and excellent organizational skills 
• Can work with Managed Services Partner onshore and offshore
• Self-motivated, able to work in a team and independently 
• Detail oriented, able to multitask and meet deadlines 
• Advanced knowledge of PowerPoint and Excel and Visio
• Familiarity with audit tools would be considered an asset 
• Experience working in cross-departmental teams and leading efforts through collaboration and influence.

Tenet Healthcare/USPI complies with federal, state, and/or local laws regarding mandatory vaccination of its workforce.  If you are offered this position and must be vaccinated under any applicable law, you will be required to show proof of full vaccination or obtain an approval of a religious or medical exemption prior to your start date.  If you receive an exemption from the vaccination requirement, you will be required to submit to regular testing in accordance with the law.    

#LI-NO1