Program Director, Enterprise Risk Management at UPMC — NeverHard

UPMC is hiring a a { text-decoration: none; color: #464feb; } tr th, tr td { border: 1px solid #e6e6e6; } tr th { background-color: #f5f5f5; } strategic and collaborative Program Director, Enterprise Risk Management. Apply today! This position will be based out of Pittsburgh, PA and will have the potential to work from home on a hybrid schedule which includes some days at home and some days in office per week. Responsibilities: Enterprise Risk Framework & Governance + Manage and continuously enhance the organization's ERM framework aligned with leading practices (e.g., COSO ERM, ISO 31000, ASHRM), tailored to healthcare, insurance, clinical, and commercial business models. + Support ERM governance structures, including executive risk committees and leadership-level reporting processes. + Coordinate alignment with other risk structures and functions across the organization. + Facilitate periodic review of risk appetite, risk tolerance, and key risk indicators in collaboration with executive leadership. Risk Identification & Assessment + Lead and facilitate enterprise-level and targeted risk assessments across clinical, operational, financial, regulatory, technology, cybersecurity, third-party, international, and emerging business areas. + Partner with leaders of international and startup commercial entities to identify growth, regulatory, market entry, and execution risks. + Identify interdependencies, concentrations, and enterprise-wide risk themes and escalate emerging risks as appropriate. Risk Response & Monitoring + Collaborate with risk owners to develop practical, well-defined risk response plans (mitigation, transfer, acceptance, or avoidance) with clear ownership and milestones. + Monitor progress against risk response plans and escalate overdue, ineffective, or misaligned actions. + Support scenario analysis and stress testing for high-impact strategic and emerging risks. Reporting & Executive Communication + Prepare concise, insightful ERM reporting for executive leadership, including dashboards, heat maps, trend analysis, and deep-dive risk profiles. + Translate complex risk information into clear, decision-oriented messaging tailored to senior leadership audiences. + Support regulatory, accreditation, and external stakeholder inquiries related to enterprise risk practices. Integration & Advisory Support + Integrate ERM into strategic planning, capital allocation, new initiatives, mergers and acquisitions, and international expansion activities. + Partner with Internal Audit to align ERM insights with audit planning and coverage, while preserving independence. + Serve as a trusted advisor to leadership on emerging risks, risk tradeoffs, and risk-informed decision-making. Culture & Capability Building + Promote a strong risk culture by reinforcing risk ownership, accountability, and shared responsibility across the organization. + Develop ERM tools, templates, training materials, and guidance to support consistent practices across diverse business units. + Mentor analysts, staff, or senior staff supporting ERM activities, as applicable. + Performs in accordance with system-wide competencies/behaviors. + Performs other duties as assigned. + Bachelor's degree in Healthcare Administration, Business, Finance, Accounting, Risk Management, Public Health, or a related field. + Eight years of progressive experience in ERM, Internal Audit, Compliance, Risk Management, Strategy, or a related discipline within healthcare, insurance, life sciences, or similarly regulated industries. + Demonstrated experience facilitating risk or strategic assessments and engaging senior leaders and cross-functional teams. + Strong understanding of healthcare regulatory environments, payer-provider models, data privacy, and third-party risk. + Professional certifications such as CRMA, CERM, PMP, PMO-CP, MPM, or equivalent. + Experience supporting clinical operations, health insurance programs, international operations, and/or early-stage or startup businesses. + Familiarity with technology, cybersecurity, and data governance risk concepts. + Strategic Thinking; Executive Presence; Analytical Rigor; Communication Excellence; Collaboration & Influence; Adaptability. + Quality, clarity, and usefulness of ERM reporting to executive leadership. + Timely identification and escalation of emerging and enterprise risks. + Effective execution and follow-through of risk response plans. + Increased integration of risk considerations into strategic and operational decisions. + Continued maturation of the ERM program and risk culture.